Effective: June 15, 2026
We collect information you provide directly, such as your name, email address, and any content you create within Helm products (messages, images, check-in responses, recognitions, and other contributions). We also collect usage data automatically, including device type, browser, IP address, pages visited, and interactions with the service. If your organisation connects an HRIS provider, we receive employee directory data your administrator chooses to sync.
We use your information to: provide, maintain, and improve Helm products; deliver content you and your team create; send transactional emails such as board invitations and weekly digests; generate aggregated, anonymised analytics for features like Pulse dashboards; process payments; respond to support requests; and comply with legal obligations. We do not sell your personal information.
Some Helm products offer optional AI-assisted features, such as message drafting in Moonboard. When you use these features, your input may be sent to third-party AI providers for processing. AI inputs are not used to train third-party models. We recommend you avoid submitting sensitive personal information through AI features.
We share your information only in the following circumstances: with service providers who help us operate Helm (hosting, email delivery, payment processing, AI providers); with your workspace administrator, who may access workspace-level data; when required by law or to protect rights, safety, or property; or in connection with a merger, acquisition, or sale of assets, in which case we will notify affected users.
Pulse check-in responses are anonymised and aggregated before being shown to managers. Individual responses are never revealed. Aggregated data requires a minimum of three responses before results are displayed to prevent identification of individuals.
We retain your data for as long as your account is active or as needed to provide the service. Board content is retained until the board owner deletes it. When you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.
We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication, and regular security reviews. While no system is completely secure, we are committed to protecting your information and will notify affected users promptly in the unlikely event of a data breach.
We use essential cookies to keep you signed in and remember your preferences. We use analytics tools to understand how Helm is used so we can improve the product. We do not use third-party advertising trackers. You can manage cookie preferences through your browser settings.
Depending on your location, you may have the right to: access, correct, or delete your personal data; export your data in a portable format; object to or restrict certain processing; and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at hello@helm.company. We will respond within 30 days.
Helm is based in Australia. Your data may be processed in countries other than your own, including Australia and the United States (where our infrastructure providers operate). We ensure appropriate safeguards are in place for international transfers in accordance with applicable data protection laws.
Helm is designed for workplace use and is not intended for children under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of Helm after changes constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or how we handle your data, please contact us at hello@helm.company.