Skip to content
← Trust center

Last updated:

Reviewer note: This is the structural-shell privacy policy. Counsel review is required before launch. The structure follows GDPR Articles 13/14 disclosure requirements + CCPA + Australian Privacy Principles.

1. Who we are

Helios Works (the “Company,” “we,” “us”) is the publisher of Helios, an AI-native Work OS. Our principal place of business is to be determined; the data controller for European users is Helios Works.

Contact for privacy matters: privacy@heliosworks.com.

2. The data we collect

We collect three classes of data:

  • Account data — name, email, profile photo, organization membership, role, authentication factors.
  • Operational data — the content you create in Helios (deals, tasks, employees, invoices, etc.).
  • Telemetry — pages viewed, actions invoked, errors encountered. Aggregated for product improvement.

We do not sell personal data. We do not run ad networks.

3. Why we process it

PurposeLegal basis (GDPR)
Provide the serviceContract
Authenticate usersLegitimate interest + Contract
Send transactional emailContract
Improve product qualityLegitimate interest
Comply with lawLegal obligation

4. Sub-processors

We rely on third-party services to deliver Helios. The full list, with the country of processing and the data shared, is at /sub-processors.

5. Your rights

Under GDPR (and similar regimes), you have the right to:

  • Access — request a copy of your data.
  • Rectification — fix inaccurate data.
  • Erasure — request deletion (with limited exceptions for legal-retention purposes).
  • Portability — export your data in a machine-readable format.
  • Object — opt out of certain processing.
  • Restrict — limit processing while a dispute is resolved.

To exercise any of these, email privacy@heliosworks.com. We respond within 30 days.

6. Retention

  • Account data: kept while the account is active + 30 days post-deletion.
  • Operational data: kept while your subscription is active; exportable any time; deleted 30 days after subscription end.
  • Audit logs: kept per the retention schedule at /security#audit.
  • Telemetry: aggregated; raw events purged after 90 days.

7. Security

See /security for the full description.

8. Children’s data

Helios is not intended for users under 16. If you believe we hold data of someone under 16, contact privacy@heliosworks.com and we will delete it.

9. Changes to this policy

Changes are published at this URL and announced in the changelog 30 days before they take effect.

10. How to contact us

Subscribe to our changelog.

One email every ~2 weeks. Honest product notes, no marketing pitches.

We email you only when there's something honest to say. Unsubscribe in one click.