Privacy Policy
Effective Date: January 1, 2025 · Last Updated: January 1, 2025
HelmIQ, Inc. is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HelmIQ platform.
1. Information We Collect
Account and business information: business name, owner name, email, hashed password, billing info (via Stripe tokens only), and staff details.
Client data (entered by you): client names, email addresses, phone numbers, addresses, pet and vehicle profiles, appointment records, signed waivers, and payment records.
Usage data: pages and features accessed, API request logs, browser type, OS, device, IP address, and session identifiers.
Location data: GPS coordinates from the mobile app when Route Optimizer or fleet tracking features are active. Staff can disable GPS from app settings.
From third parties: payment status from Stripe, SMS delivery status from Twilio, and calendar events from Google (if you connect Google Calendar via OAuth).
2. How We Use Information
We use collected information to: provide and operate the Service; process payments and manage subscriptions; send appointment reminders on your behalf; provide AI-powered features; calculate routes and ETAs; prevent fraud and unauthorized access; comply with legal obligations; and send service announcements and (with your consent) marketing communications.
3. Legal Basis for Processing (GDPR)
For EEA, UK, and Switzerland users, we process personal data under: Performance of Contract (providing the Service); Legitimate Interests (fraud prevention, security, Service improvement); Legal Obligation (tax reporting, GDPR requests, court orders); and Consent (optional features like marketing emails and Google Calendar integration).
6. Data Retention
Account and client data is retained for the duration of your account plus 90 days post-cancellation. Payment records and audit logs are retained for 7 years per financial regulations. API and error logs are retained for 90 days. GPS location history is retained for 30 days on a rolling basis. Backups are retained for 30 days.
7. Data Security
All data in transit is encrypted with TLS 1.2+. All data at rest is encrypted with AES-256. PII fields are additionally encrypted at the application layer before storage. Passwords are hashed with Argon2id. Application secrets are stored in Azure Key Vault. Access to production systems is MFA-protected and role-limited. We will notify you of a qualifying breach within 72 hours of discovery.
8. International Data Transfers
HelmIQ is based in the United States. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework. All processors are contractually bound to protect your data.
9. Your Privacy Rights
GDPR rights (EEA/UK/Switzerland): Access, Rectification, Erasure, Restriction, Portability, Object, Withdraw Consent, and Lodge a Complaint with your local supervisory authority.
CCPA rights (California): Know, Delete, Correct, Opt Out of Sale or Sharing (we do not sell data), and Non-Discrimination. California residents may designate an authorized agent.
To exercise any right, email privacy@helmiq.app or use the Privacy Settings in your account. We respond within 30 days (GDPR) or 45 days (CCPA).
10. Children's Privacy (COPPA)
HelmIQ is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact privacy@helmiq.app and we will delete it promptly.
11. Data Deletion Requests
When you close your account, Customer Content is retained for 90 days then permanently deleted. For GDPR Article 17 erasure requests for individual client records, use Settings → GDPR → Submit Erasure Request in the app. PII fields are anonymized within 30 minutes. Appointment history is retained with anonymized identifiers for financial record purposes.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.
13. Contact Information
Privacy requests: privacy@helmiq.app
General contact: hello@helmiq.app
Data Protection Officer (EU/UK): dpo@helmiq.app
Mailing address: HelmIQ, Inc., [Address TBD], United States
This Privacy Policy was last updated on January 1, 2025. For privacy inquiries, email privacy@helmiq.app.
Terms of Service →