Privacy Policy
Effective Date: December 1, 2025 · Last Updated: December 12, 2025
Contents
- Introduction
- Information We Collect
- How We Use Your Information
- What We Do Not Do
- How We Share Your Information
- Data Security
- Data Retention
- Your Rights
- Cookies and Tracking
- Third-Party Integrations
- Children's Privacy
- Changes to This Policy
- Contact Us
1.Introduction
Helcyon, Inc. ("Helcyon," "we," "us," or "our") respects your privacy and is committed to protecting the personal and financial information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and financial monitoring services (collectively, the "Service").
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
This Privacy Policy applies to all users of the Service, including business owners, authorized employees, and any individual who accesses or uses the Service on behalf of a business entity.
2.Information We Collect
We collect information in several ways:
2.1 Information You Provide Directly
When you register for an account or use the Service, you may provide:
- Account Information: Name, email address, phone number, business name, business address, and job title
- Billing Information: Payment card details, billing address (processed by our third-party payment processor; we do not store full payment card numbers)
- Communications: Messages, support requests, and feedback you send to us
2.2 Financial Information from Third-Party Integrations
When you connect your accounting software (such as QuickBooks, Xero, or similar platforms) to Helcyon, we receive read-only access to certain financial data, including:
- Transaction history
- Account balances
- Invoices and bills
- Vendor and customer information
- Chart of accounts
- Financial reports and summaries
Critical Disclosure: Read-Only Access Only
Helcyon connects to your accounting software exclusively through read-only API access. We cannot and do not:
- Move, transfer, or touch any funds
- Create, modify, or delete transactions
- Access your banking credentials or passwords
- Initiate payments or transfers
- Take any action on your behalf within your financial accounts
Read-only permissions are enforced at the API level by your accounting software provider. Helcyon cannot request or receive elevated permissions.
2.3 Information Collected Automatically
When you access the Service, we automatically collect:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages viewed, features used, time spent on the Service, referring URLs
- Log Data: Server logs, error reports, and diagnostic information
- Cookies and Similar Technologies: See Section 9 for details
2.4 Information from Third Parties
We may receive information from:
- Accounting Software Providers: Data accessed through authorized integrations
- Payment Processors: Confirmation of successful payments
- Analytics Providers: Aggregated usage statistics
3.How We Use Your Information
We use your information for the following purposes:
To Provide the Service
- Generate financial diagnostics and reports
- Monitor your business vital signs (Cash Pulse, Revenue Blood Pressure, Customer Heartbeat, Margin Temperature, Growth Oxygen)
- Detect anomalies and potential fraud indicators
- Send alerts and notifications
- Provide customer support
To Improve the Service
- Analyze usage patterns to enhance features
- Debug and fix technical issues
- Develop new products and services
To Communicate with You
- Send service-related emails (alerts, reports, updates)
- Respond to inquiries and support requests
- Send marketing communications (with your consent, where required)
To Process Payments
- Process subscription fees
- Manage billing and invoicing
To Comply with Legal Obligations
- Respond to legal process (subpoenas, court orders)
- Cooperate with law enforcement
- Enforce our Terms of Service
4.What We Do Not Do with Your Information
Our Commitments
- No Sale. We do not sell your personal or financial information to any third party, for any reason, ever.
- No Sharing for Marketing. We do not share your information with third parties for their marketing purposes.
- No AI Training. We do not use your financial data to train artificial intelligence or machine learning models.
- No Aggregation for Resale. We do not aggregate your data with other customers' data and sell it to investors, researchers, or data brokers.
- No Unauthorized Access. We do not access your data without a legitimate business purpose and proper authorization.
6.Data Security
We implement administrative, technical, and physical safeguards designed to protect your information:
Encryption
- At Rest: All data is encrypted using 256-bit AES encryption
- In Transit: All data transmissions use TLS 1.3 encryption
- Backups: All database backups are encrypted
Infrastructure
- Hosted on Amazon Web Services (AWS) in US-based data centers
- SOC 2 Type II certification in progress
- Real-time threat monitoring and intrusion detection
- DDoS protection
- Automated daily backups with 30-day retention
Access Controls
- Role-based access controls
- Multi-factor authentication available
- Principle of least privilege for all Helcyon personnel
- Background checks for all employees with data access
- Complete audit trail of all data access
Incident Response
If a security incident occurs that affects your data, we will notify affected users within 72 hours of discovery with a clear explanation of what happened, what data was affected, and the steps we are taking.
7.Data Retention
7.1 Active Accounts
We retain your information for as long as your account is active and as needed to provide the Service.
7.2 After Cancellation
When you cancel your account:
- Your data will be permanently deleted within 30 days
- You may request immediate deletion at any time
- We will confirm deletion within 7 business days of your request
7.3 Legal Requirements
We may retain certain information longer if required by law or for legitimate business purposes such as fraud prevention.
8.Your Rights
8.1 All Users
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request your data in a portable format
- Restrict Processing: Request that we limit how we use your data
- Withdraw Consent: Withdraw consent for optional data processing
- Opt-Out of Marketing: Unsubscribe from marketing communications
To exercise these rights, contact us at support@helcyon.ai.
8.2 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about what personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information. Helcyon does not sell personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To submit a CCPA request, email support@helcyon.ai with the subject line "CCPA Request."
8.3 European Economic Area Residents (GDPR)
If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR). We process your data based on contract performance, legitimate interests, consent, and legal obligation. Your data may be transferred to the United States using Standard Contractual Clauses. You have the right to lodge a complaint with a supervisory authority.
9.Cookies and Tracking Technologies
9.1 What We Use
We use cookies and similar technologies to:
- Essential Cookies: Enable core functionality (authentication, security)
- Analytics Cookies: Understand how users interact with the Service
- Preference Cookies: Remember your settings and preferences
9.2 Your Choices
You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.
10.Third-Party Integrations
When you connect third-party services (such as QuickBooks or Xero) to Helcyon:
- The connection is authorized by you
- Data is accessed according to the permissions you grant
- Third-party services are subject to their own privacy policies
- You may disconnect integrations at any time through your account settings
- Helcyon is not responsible for the privacy practices of third-party services
11.Children's Privacy
The Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@helcyon.ai.
12.Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will notify you by email at least 30 days before the changes take effect
- We will update the "Last Updated" date at the top of this policy
- We will post a prominent notice on our website
Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
13.Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Helcyon, Inc.
Support: support@helcyon.ai