Privacy Policy

Effective: 2026-05-01 · Jurisdiction: Quebec, Canada (Law 25 / Act respecting the protection of personal information in the private sector)

1. What We Collect

HELIX collects minimal data:

Email address and payment information for paid accounts (via Stripe)
Audit metadata (provider, model, timestamp) for paid accounts with history enabled
Audit content (prompts and responses) only when explicitly saved by the user

In BYOK mode with no account, we collect no personal information.

2. API Keys

Your API keys are used client-side only and are never transmitted to or stored on HELIX servers. They exist only in your browser session memory.

3. How We Use Your Data

To provide and improve the HELIX service
To process payments via Stripe
To respond to support requests

We do not sell personal information. We do not use audit content to train AI models.

4. Third-Party Services

Stripe — payment processing (their privacy policy applies to payment data)
Cloudflare — infrastructure and CDN (edge logs retained per Cloudflare policy)
AI Providers (Anthropic, OpenAI, Google) — when you use built-in keys, their privacy policies apply

5. Your Rights (Law 25 / Quebec)

You have the right to access, correct, and request deletion of your personal information. To exercise these rights, contact us at the address below.

6. Data Retention

Account data is retained for the duration of your subscription plus 30 days. Audit history is deleted on account deletion. Payment records are retained as required by Canadian tax law.

7. Contact

Privacy inquiries: governance@pharos-ai.ca
Martin Lepage, PHAROS AI, Quebec, Canada

This document is a draft stub. Counsel review required before accepting payments.