Privacy Policy

1. What We Collect

HELIX collects minimal data:

• Email address and payment information for paid accounts (via Stripe)
• Audit metadata (provider, model, timestamp) for paid accounts with history enabled
• Audit content (prompts and responses) only when explicitly saved by the user

In BYOK mode with no account, we collect no personal information.

2. API Keys

In browser-only BYOK mode, your API keys are used client-side only and are not stored on HELIX servers. They exist only in your browser session memory.

If you choose an account-bound custom provider feature, the provider credential is transmitted to HELIX solely to run audits for your account and is stored until you delete that provider or close your account.

3. How We Use Your Data

• To provide and improve the HELIX service
• To process payments via Stripe
• To respond to support requests

We do not sell personal information. We do not use audit content to train AI models.

4. Third-Party Services

• Stripe — payment processing (their privacy policy applies to payment data)
• Cloudflare — infrastructure and CDN (edge logs retained per Cloudflare policy)
• AI Providers (Anthropic, OpenAI, Google) — when you use built-in keys, their privacy policies apply

5. Your Rights (Law 25 / Quebec)

You have the right to access, correct, and request deletion of your personal information. To exercise these rights, contact us at the address below.

6. Data Retention

Account data is retained for the duration of your subscription plus 30 days. Audit history is deleted on account deletion. Payment records are retained as required by Canadian tax law.

7. Contact

Privacy inquiries: governance@pharos-ai.ca
Martin Lepage, PHAROS AI, Quebec, Canada

This document is a draft stub. Counsel review required before accepting payments.