HELM
Request access

Privacy Policy

Effective June 1, 2026

This policy explains what data HELM (“HELM”, “we”, “us”) collects, how we use it, and the rights you have over it. We wrote this to be readable. If anything here is unclear, email support@helmkinetics.com and we’ll answer in plain English.

What we collect

Account data

When you create an account, we store your email address. Sign-in is by a one-time code (six digits) sent to your email; passwords are optional. We store the responses you provide during account onboarding.

Activity and health data

With your authorization, HELM ingests activity and health data from services you connect (wearables, watches, training apps) and from files you upload directly. You control which sources are connected and which data categories are shared, through your device’s permission controls and HELM’s Settings → Integrations. Disconnect any source at any time and HELM stops reading immediately.

We use this data to build your private athlete-state estimate. Every athlete sees only their own data. HELM is a personal analytics utility, not a social product. We do not sell your data, do not share it with advertisers, and do not use it to train third-party models without your separate, opt-in consent.

Operational data

We log the standard server-side metadata required to operate a service: request timestamps, IP addresses, user-agent strings, and error traces. These logs are retained for up to 90 days for security and reliability purposes.

We also collect privacy-friendly, cookieless product analytics — aggregate page views and real-user performance metrics (Core Web Vitals) — to understand usage and catch regressions. No advertising cookies and no cross-site tracking; page paths are recorded as route patterns (e.g. /athlete/activities/[id]), not the specific record identifiers you view.

How we use it

  • To compute your athlete state, training load, and tissue risk.
  • To show you the estimates and history that result from that.
  • To share your data with care providers (coaches, physical therapists) only when you explicitly grant them access.
  • To operate the service: authentication, billing, support, security, and abuse prevention.
  • To send transactional email (sign-in codes, account notifications) and product updates you have opted into.

Who we share it with

HELM runs on a small number of vetted infrastructure providers (cloud hosting, database, background workers, transactional email). Beyond that general infrastructure, the processors that touch user-facing content or that you actively authenticate against are:

  • Terra(data aggregation) connects HELM to the wearables, watches, and training apps you authorize, normalizing data formats across providers. Terra receives only what’s needed to deliver your authorized connections and does not use your data for advertising. See Terra’s privacy policy.
  • Anthropic(the LLM that powers chat-based onboarding and assistant features). When you use these features, relevant context is sent to Anthropic’s API. We disable model training on this data.
  • Connected providers (your watch, phone, or training-app accounts) when you authorize them. We receive data from them, not the other direction: HELM does not post to your social feeds or write back to your devices without a separate, explicit authorization for that specific feature.

For the full sub-processor list (including the infrastructure providers above), email support@helmkinetics.com.

We do not sell your data, do not share it with advertisers, and do not use it to train third-party models without your separate, opt-in consent.

Your rights

You can:

  • Accessthe data we hold about you. Email us and we’ll send you an export.
  • Correctanything that’s wrong. Most fields are editable in Settings; the rest, email us.
  • Delete your account and the data associated with it. Email support@helmkinetics.com from your account email and we will action the deletion within 30 days. Aggregated, fully anonymized statistics may be retained for product analytics.
  • Disconnectany third-party integration at any time in Settings → Integrations. This stops further reads but does not delete data already ingested. Use the deletion right above for that.
  • Opt out of non-transactional email at any time using the unsubscribe link in any such email.

If you are in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA / CPRA respectively. To exercise any of them, contact us at support@helmkinetics.com and we will respond within the applicable statutory timeline.

Security

We use industry-standard practices: TLS for data in transit, encryption at rest for the underlying database and object storage, row-level access control on every table, scoped third-party API tokens, and short-lived session cookies. No system is perfectly secure; if you believe there is a vulnerability, please disclose it responsibly to support@helmkinetics.com.

Children

HELM is not directed to children under 16. We do not knowingly collect data from anyone under that age. If you believe a child has signed up, contact us and we will delete the account.

Changes to this policy

We may update this policy over time. Material changes will be notified to you by email or via the app at least 14 days before they take effect. The “Effective” date above always reflects the current version.

Contact

For privacy questions or requests, email support@helmkinetics.com. For general support, see our support page.