POLICIES

Privacy Policy

Last updated: 2026-04-18

This Privacy Policy describes how Helm ("we," "us," or "our") collects, uses, and protects information when you visit our site or purchase Helm products. By using the site, you agree to this Policy.

Helm is operated by Helm LLC, a company based in the State of California, United States.

1. Information we collect

We collect information in three categories.

Information you provide directly

  • Contact information (name, email address, shipping address) when you place an order or submit a contact-form message
  • Payment information, processed by our third-party payment processor — we do not store full card numbers on our servers
  • Communications you send to us (email, support messages)

Information collected automatically

  • An anonymous visitor ID assigned via cookie for site functionality
  • Pages viewed, links clicked, and interactions with the site
  • Device and browser information — browser type, operating system, screen size
  • Referral source and UTM campaign parameters when you arrive via email or external link
  • IP address, used for fraud prevention and aggregated traffic analysis

Information from cookies

See Section 5 for the full list of cookies we use.

2. How we use your information

We use collected information to:

  • Fulfill orders, process payments, and ship products
  • Respond to support inquiries and send order-related emails
  • Personalize content and test variations of the site (see Section 4)
  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations (tax, regulatory reporting)
  • Send transactional emails (order confirmations, shipping notifications, support replies)
  • Send marketing emails only if you opt in

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Legal basis for processing

We process personal information to perform our contract with you (shipping an order you've paid for), to comply with legal obligations (tax records), for legitimate business interests (fraud prevention, site analytics), and with your consent (marketing email).

4. Personalization and experimentation

Helm operates a first-party experimentation system to test variations of copy, layout, and product recommendations. This system:

  • Assigns an anonymous visitor ID via cookie
  • Records which variant of each experiment you were assigned
  • Tracks on-site actions (page views, clicks, cart activity) to measure variant performance

This data is stored on our own servers in a PostgreSQL database. We do not send it to third-party analytics services like Google Analytics, Facebook Pixel, Meta Ads, or PostHog. The data never leaves our infrastructure.

Agent systems that analyze this data to optimize the site operate entirely within our infrastructure and do not share visitor-level data with external providers.

5. Cookies

We use the following cookies:

CookiePurposeDuration
helm_visitor_idAnonymous visitor identifier for experiments and profiles1 year
helm_experimentsRecords which experiment variants you were assigned6 months
helm_utmTracks referral source for attribution30 days
Cart / session cookiesCart state, authenticated sessionSession or until cleared

You can disable cookies in your browser settings. Doing so may affect site functionality (your cart may not persist, and you may be re-assigned to different experiment variants between visits).

6. Third parties

We share information with service providers only as necessary to operate the site. Each is bound to use your data solely for the service they provide to us:

  • Payment processor — handles credit and debit card transactions. Bound by PCI-DSS standards.
  • BTCPay Server (self-hosted) — handles cryptocurrency transactions. We record only what is necessary to verify payment.
  • Shipping carriers (USPS, UPS) — receive your shipping address and recipient name to deliver orders.
  • Email service provider — sends transactional email (order confirmations, support replies, contact-form submissions).
  • Hosting provider — our site and database run on a virtual private server managed by our infrastructure provider.

We do not authorize any of these providers to use your information for their own marketing or sale to other parties.

7. Data retention

  • Order records — retained for 7 years to comply with tax and legal requirements
  • Support email and contact-form submissions — retained for 2 years
  • Anonymous analytics events — retained for 24 months
  • Visitor profiles stored in browser cookies — cleared when cookies expire or when you clear browser data

When retention periods end, records are either deleted or anonymized so they can no longer be tied to an individual.

8. Your rights (California residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:

  • Right to knowwhat personal information we've collected about you, including categories and specific pieces
  • Right to delete your personal information, subject to certain legal retention exceptions
  • Right to correct inaccurate personal information
  • Right to opt outof the "sale" or "sharing" of your personal information — Helm does not sell personal information, but you may still exercise this right
  • Right to limit use of sensitive personal information
  • Right to non-discrimination — we will not treat you differently for exercising these rights (no price changes, no denied service, no reduced quality)

To exercise any right, email support@helmresearch.comwith "CCPA Request" in the subject line. Include enough information for us to verify your identity (typically the email address on your order, or your order number). We respond within 45 days.

9. Children's privacy

Helm is intended for adults age 18 and older engaged in research. We do not knowingly collect personal information from anyone under the age of 13. If we learn we have collected information from a child under 13, we will delete it promptly. Contact support@helmresearch.com if you believe a minor has submitted information to us.

10. Security

We use standard security measures, including:

  • Encrypted connections (HTTPS/TLS) across the entire site
  • Encrypted database connections and access controls
  • Restricted employee access to customer data (need-to-know basis)
  • Regular security updates on our hosting infrastructure

No system is perfectly secure. We cannot guarantee absolute protection against unauthorized access, but we respond promptly to any suspected security incident and will notify affected customers when required by law.

11. International data transfers

Helm's servers are located in the United States. If you are accessing the site from outside the United States, your information is processed in the United States. Helm does not currently serve international customers, but site visits from outside the US are possible.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will be announced via email to customers with a current relationship with Helm. Continued use of the site after updates constitutes acceptance of the revised Policy.

13. Contact

Questions about this Privacy Policy or about the personal information we hold about you:

Email: support@helmresearch.com

Mail: [[LEGAL_MAILING_ADDRESS]]