Privacy Policy - HelmOS

Last Updated: October 8, 2025

1. Introduction

HelmOS ("we", "our", or "us") provides a maritime business automation platform that processes emails, documents, and business communications to help shipbrokers and maritime professionals manage their operations.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use HelmOS.

2. Multi-Tenant Architecture & Data Isolation

2.1 Organization Isolation

  • Each organization using HelmOS operates in a completely isolated environment
  • Your organization's data is never shared with or visible to other organizations
  • Database-level row-level security (RLS) ensures technical isolation
  • No cross-tenant data matching or aggregation occurs

2.2 Contact Data Handling

  • If the same person interacts with multiple organizations using HelmOS, each organization maintains separate, independent records
  • We do not match, merge, or link contacts across organizations
  • Your contacts remain private to your organization

3. Data We Collect

3.1 Account Information

  • Name, email address, phone number
  • Organization name and domain
  • Job title and role
  • Authentication credentials (OAuth tokens)

3.2 Email Data (with your explicit consent)

  • Email content: Subject lines, body text, sender/recipient information
  • Email metadata: Timestamps, folder locations, read/unread status
  • Email attachments: Documents, PDFs, images (for TCD extraction)
  • Email signatures: Contact information parsed from signatures

You control email access: You can revoke Microsoft Graph permissions at any time through your Microsoft account settings.

4. Your Rights (GDPR & Data Protection)

  • Access: View all data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Delete your account and all associated data
  • Portability: Download your data for migration to another service
  • Objection: Object to processing of your data for specific purposes
  • Restriction: Request temporary restriction of processing

To exercise these rights: Contact privacy@helm-os.com

5. Data Security

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access controls: Role-based access with multi-factor authentication
  • Row-level security: Database-level isolation between organizations
  • Audit logs: All data access logged with timestamps
  • OAuth tokens: Securely stored with automatic refresh
  • Backups: Daily encrypted backups with 30-day retention

6. Contact Us

Data Protection Officer: privacy@helm-os.com

General Inquiries: support@helm-os.com

Mailing Address:
HelmOS Ltd
[Your Address]
[City, Postal Code]
[Country]

Version: 1.0

Last Updated: October 8, 2025

For the complete Privacy Policy, please contact legal@helm-os.com