Privacy Policy

Helm is operated from London, United Kingdom. We are the data controller for personal data collected through usehelm.host and the Helm platform.

You can contact us about privacy matters at: contact@usehelm.host

Account and contact data — When you enquire about or subscribe to Helm, we collect your name, email address, and business name. For website build projects, we may also collect your website URL and brief description of your requirements.

Billing data — Payment is processed by Stripe, a third-party payment processor. We do not store your card details. We retain records of transaction amounts, dates, and subscription status.

Dashboard usage data — When you use your Helm dashboard, we log activity such as content edits, publish actions, and logins. This is used to provide version history, the activity log in your dashboard, and to improve the service.

Your website content — Text, images, and other media you upload or edit through the dashboard is stored on our servers so it can be delivered to your live website.

Technical data — We may collect IP addresses and browser information in server logs for security and abuse prevention purposes. This data is not linked to your account for marketing purposes.

We use your data to:

• Set up and operate your Helm dashboard and provide the service
• Process your subscription payments and manage your billing
• Communicate with you about your account, support queries, and service updates
• Maintain version history and activity logs within your dashboard
• Comply with legal obligations
• Investigate and prevent security incidents or misuse of the service

We do not use your data for advertising, and we do not sell or share your personal data with third parties for their marketing purposes.

We process your personal data on the following legal bases:

• Contract — processing necessary to provide the service you have signed up for
• Legitimate interests — for security logging, abuse prevention, and service improvement
• Legal obligation — where we are required to process data by law

Your data is stored on servers located in Germany (European Union), operated by Hetzner Online GmbH. Transfers of personal data from the United Kingdom to the EU are covered by the UK government's adequacy regulations. We take the following measures to protect your data:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Access restricted to authorised personnel only
• Regular backups with secure off-site storage
• Password hashing using modern cryptographic standards

No method of transmission or storage is 100% secure. If we become aware of a data breach that affects your data, we will notify you as required by applicable law.

We retain your personal data for as long as your subscription is active. When your subscription ends, we retain your data for 30 days to allow you to request an export, after which it is securely and permanently deleted.

Billing records (transaction amounts and dates) may be retained for up to 7 years for accounting and legal compliance purposes. Card details are never stored by us.

Server security logs are retained for up to 90 days.

We work with a limited number of third-party services necessary to provide Helm:

• Stripe — payment processing. Your payment data is governed by Stripe's privacy policy.
• SMTP email provider — used to send transactional emails (account setup, support replies). Email content includes your name and account information.
• Cloudflare — used for DNS, website delivery, and bot protection (Turnstile). Cloudflare may process IP addresses and request metadata in accordance with their privacy policy.
• ipapi.co and ip-api.com — used to detect your approximate country when you visit usehelm.host, in order to display pricing in your local currency. Only your IP address is sent; no personal account data is shared. This request is made once per browser session.
• Hetzner Online GmbH — server infrastructure provider in Frankfurt, Germany, where your dashboard data is stored.

We do not use analytics, advertising, or tracking third parties on the Helm platform itself.

The Helm dashboard uses a session cookie to keep you logged in during your session. This cookie is strictly necessary for the service to function and does not track you across other websites.

The usehelm.host marketing website does not use advertising or analytics cookies. We may use a minimal session cookie if you interact with forms on the site.

The usehelm.host marketing website stores your detected currency preference (e.g. GBP, EUR, USD) in your browser's local storage so that prices are displayed consistently across visits. This preference is stored locally on your device only and is not sent to our servers. You can clear it at any time via your browser's storage settings.

Your browser settings allow you to block or delete cookies and local storage, though doing so will affect your ability to stay logged into the dashboard.

If you are based in the United Kingdom or European Economic Area, you have the following rights regarding your personal data:

• Access — you can request a copy of the personal data we hold about you
• Rectification — you can ask us to correct inaccurate data
• Erasure — you can ask us to delete your data (subject to legal obligations)
• Restriction — you can ask us to limit how we use your data in certain circumstances
• Portability — you can request your data in a structured, machine-readable format
• Objection — you can object to processing based on legitimate interests

To exercise any of these rights, email us at contact@usehelm.host. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Helm is a business service and is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email. The "Last updated" date at the top of this page reflects when the policy was last revised.

Your continued use of Helm after an update constitutes acceptance of the revised policy.