We Guard Your Numbers
Like They're Our Own.

Helcyon was built by someone who managed hundreds of millions across five continents. The same financial discipline that protected billions now protects your business.

SOC 2 Type II In Progress

Security Isn't a Feature. It's the Foundation.

Your financial data is the nervous system of your business. It reveals everything — cash position, customer behavior, vendor relationships, operational health. In the wrong hands, it's a weapon. In careless hands, it's a liability.

Helcyon was designed with one non-negotiable principle: we see your data to help you. We never touch it, move it, share it, or use it for anything else.

This isn't a setting. It's the architecture.

We Read. We Never Touch.

Helcyon connects to your accounting software with read-only API access. We can analyze your transactions, interpret your financial patterns, and detect anomalies.

Move, transfer, or touch any funds

Create, modify, or delete transactions

Access your banking credentials

Take any action on your behalf

Store payment or login credentials

Read-only permissions are enforced at the API level by your accounting provider (QuickBooks, Xero, etc.). Helcyon cannot request or receive elevated permissions.

Your Data. Your Rights. No Exceptions.

What You Can Do

Access — Request a complete export of your data at any time
Delete — Request immediate deletion; we comply within 7 business days
Audit — Request a record of who accessed your data and when
Restrict — Limit processing to specific entities or time periods
Leave — Cancel anytime; all data permanently deleted within 30 days

What We Commit To

No sale. — Your data is never sold to any third party, for any reason, ever.
No sharing. — Your data is never shared with other customers or external parties.
No training. — Your data is never used to train AI models, improve algorithms, or benchmark performance.
No surprises. — If anything about our data practices changes, you'll be notified in advance with a clear explanation.

Bank-Level Protection. Enterprise-Grade Infrastructure.

All data is encrypted at rest and in transit using 256-bit AES encryption with TLS 1.3 — the same standard used by banks, government agencies, and Fortune 500 companies.

Encryption

256-bit AES encryption at rest
TLS 1.3 encryption in transit
Encrypted database backups
Hardware security modules for key management

Infrastructure

Amazon Web Services (US-based data centers)
Automated daily backups with 30-day retention
Real-time threat monitoring and intrusion detection
DDoS protection
99.9% uptime target

Who Sees Your Data — And Who Doesn't

Your Access

Role-based permissions (owner, admin, viewer)
Multi-factor authentication available
Session timeout after inactivity
Complete audit trail of all access

Our Access

Employees cannot view data under normal operations
Access only with your explicit written permission
For documented support reasons you've requested
Full logging of what was accessed and when
All personnel pass background checks

We operate on the principle of least privilege. The majority of our team has zero access to customer data — and never needs it.

If Something Goes Wrong, You'll Know.

No system is invulnerable. What matters is how quickly problems are detected, contained, and communicated.

✓

Detection — Continuous automated monitoring for anomalies, unauthorized access, and potential breaches

✓

Response — Documented incident response protocol with designated security team

✓

Notification — If your data is affected, you'll be notified within 72 hours with a clear explanation

✓

Remediation — Root cause analysis and preventive measures for every incident

Compliance

Our infrastructure and controls are built to meet enterprise security standards. We're actively completing third-party certifications to formalize what's already in place.

SOC 2 Type II

Security & availability audit

In Progress

GDPR

EU data protection

Compliant

CCPA

California privacy compliance

Compliant

For enterprise customers requiring BAAs, DPAs, or custom compliance documentation — contact us directly.

"I've managed financial operations across five continents — chemicals in Asia, payments in Latin America, food service in the US. Every operation had one thing in common: financial data was the most sensitive asset we handled. Helcyon was built with the same security discipline that protected billions. Because the businesses we serve deserve nothing less."

Lukas Swid

Founder & CEO

Security Questions

Can Helcyon employees see my financial data?

Only with your explicit permission, for a documented support reason, with full access logging. Routine operations require zero access to customer data.

What happens to my data if I cancel?

All data is permanently deleted within 30 days. You can request immediate deletion, and we'll confirm completion within 7 business days.

Do you use my data to train AI models?

No. Your data is never used for training, benchmarking, or any purpose beyond providing your diagnostics.

What if there's a security breach?

If your data is affected, you'll be notified within 72 hours with a full explanation of what happened, what was affected, and what we're doing about it.

Do you have a Data Processing Agreement?

Yes. Contact us for DPA, BAA, or other compliance documentation.

Questions About Security?

We're happy to discuss our practices in detail.

Contact Security Team

Helcyon

How It Works Vital Signs About Contact Pricing

Request Early Access

We Guard Your Numbers
Like They're Our Own.

Helcyon was built by someone who managed hundreds of millions across five continents. The same financial discipline that protected billions now protects your business.

SOC 2 Type II In Progress

Security Isn't a Feature. It's the Foundation.

Helcyon was designed with one non-negotiable principle: we see your data to help you. We never touch it, move it, share it, or use it for anything else.

This isn't a setting. It's the architecture.

We Read. We Never Touch.

Helcyon connects to your accounting software with read-only API access. We can analyze your transactions, interpret your financial patterns, and detect anomalies.

Move, transfer, or touch any funds

Create, modify, or delete transactions

Access your banking credentials

Take any action on your behalf

Store payment or login credentials

Read-only permissions are enforced at the API level by your accounting provider (QuickBooks, Xero, etc.). Helcyon cannot request or receive elevated permissions.

Your Data. Your Rights. No Exceptions.

What You Can Do

Access — Request a complete export of your data at any time
Delete — Request immediate deletion; we comply within 7 business days
Audit — Request a record of who accessed your data and when
Restrict — Limit processing to specific entities or time periods
Leave — Cancel anytime; all data permanently deleted within 30 days

What We Commit To

No sale. — Your data is never sold to any third party, for any reason, ever.
No sharing. — Your data is never shared with other customers or external parties.
No training. — Your data is never used to train AI models, improve algorithms, or benchmark performance.
No surprises. — If anything about our data practices changes, you'll be notified in advance with a clear explanation.

Bank-Level Protection. Enterprise-Grade Infrastructure.

All data is encrypted at rest and in transit using 256-bit AES encryption with TLS 1.3 — the same standard used by banks, government agencies, and Fortune 500 companies.

Encryption

256-bit AES encryption at rest
TLS 1.3 encryption in transit
Encrypted database backups
Hardware security modules for key management

Infrastructure

Amazon Web Services (US-based data centers)
Automated daily backups with 30-day retention
Real-time threat monitoring and intrusion detection
DDoS protection
99.9% uptime target

Who Sees Your Data — And Who Doesn't

Your Access

Role-based permissions (owner, admin, viewer)
Multi-factor authentication available
Session timeout after inactivity
Complete audit trail of all access

Our Access

Employees cannot view data under normal operations
Access only with your explicit written permission
For documented support reasons you've requested
Full logging of what was accessed and when
All personnel pass background checks

We operate on the principle of least privilege. The majority of our team has zero access to customer data — and never needs it.

If Something Goes Wrong, You'll Know.

No system is invulnerable. What matters is how quickly problems are detected, contained, and communicated.

✓

Detection — Continuous automated monitoring for anomalies, unauthorized access, and potential breaches

✓

Response — Documented incident response protocol with designated security team

✓

Notification — If your data is affected, you'll be notified within 72 hours with a clear explanation

✓

Remediation — Root cause analysis and preventive measures for every incident

Compliance

Our infrastructure and controls are built to meet enterprise security standards. We're actively completing third-party certifications to formalize what's already in place.

SOC 2 Type II

Security & availability audit

In Progress

GDPR

EU data protection

Compliant

CCPA

California privacy compliance

Compliant

For enterprise customers requiring BAAs, DPAs, or custom compliance documentation — contact us directly.

"I've managed financial operations across five continents — chemicals in Asia, payments in Latin America, food service in the US. Every operation had one thing in common: financial data was the most sensitive asset we handled. Helcyon was built with the same security discipline that protected billions. Because the businesses we serve deserve nothing less."

Lukas Swid

Founder & CEO

Security Questions

Can Helcyon employees see my financial data?

Only with your explicit permission, for a documented support reason, with full access logging. Routine operations require zero access to customer data.

What happens to my data if I cancel?

All data is permanently deleted within 30 days. You can request immediate deletion, and we'll confirm completion within 7 business days.

Do you use my data to train AI models?

No. Your data is never used for training, benchmarking, or any purpose beyond providing your diagnostics.

What if there's a security breach?

If your data is affected, you'll be notified within 72 hours with a full explanation of what happened, what was affected, and what we're doing about it.

Do you have a Data Processing Agreement?

Yes. Contact us for DPA, BAA, or other compliance documentation.

Questions About Security?

We're happy to discuss our practices in detail.

Contact Security Team

We Guard Your NumbersLike They're Our Own.

Security Isn't a Feature. It's the Foundation.

We Read. We Never Touch.

Your Data. Your Rights. No Exceptions.

Bank-Level Protection. Enterprise-Grade Infrastructure.

Who Sees Your Data — And Who Doesn't

If Something Goes Wrong, You'll Know.

Compliance

Security Questions

Questions About Security?

We Guard Your NumbersLike They're Our Own.

Security Isn't a Feature. It's the Foundation.

We Read. We Never Touch.

Your Data. Your Rights. No Exceptions.

Bank-Level Protection. Enterprise-Grade Infrastructure.

Who Sees Your Data — And Who Doesn't

If Something Goes Wrong, You'll Know.

Compliance

Security Questions

Questions About Security?

We Guard Your Numbers
Like They're Our Own.

We Guard Your Numbers
Like They're Our Own.