← Back to home

Privacy Policy

Last updated: May 7, 2026

1. Introduction

Helm (“we”, “our”, “us”) is a marketing automation platform for indie founders. This Privacy Policy explains how we collect, use, and protect your information when you use Helm at trythelm.com.

2. Information We Collect

2.1 Information you provide

  • Account information: email, name, password (hashed)
  • Project information: brand bibles, content, scheduled posts
  • Integration credentials: OAuth tokens for connected services (encrypted at rest with AES-256-GCM)

2.2 Information from third-party services

When you connect Meta (Facebook + Instagram), we receive:

  • Your Facebook Page name and ID
  • Your Instagram Business account username and ID
  • A Page Access Token, encrypted at rest, used solely to publish content you create through Helm

We do not access your personal Facebook profile, friends list, or private messages.

2.3 Automatically collected

  • Usage data: pages visited, features used, timestamps
  • Technical data: browser type, device type, IP address

3. How We Use Your Information

  • To provide and maintain the Helm service
  • To publish content to your connected social accounts on your behalf
  • To analyze your existing content for brand bible auto-generation
  • To improve our AI models (anonymized data only)
  • To communicate with you about your account

4. How We Share Your Information

We do not sell your personal information. We share data only with:

  • Service providers: Anthropic (AI), fal.ai (image generation), Vercel (hosting), Supabase (database)
  • Connected platforms: Meta, when you authorize posting
  • Legal compliance: when required by law

5. Data Security

  • OAuth tokens encrypted with AES-256-GCM at rest
  • HTTPS/TLS for all data in transit
  • Database access restricted to authorized personnel
  • Regular security audits

6. Your Rights

  • Access: view all data we have about you
  • Delete: request deletion of your account and data
  • Disconnect: revoke any third-party integration at any time
  • Export: download your data in JSON format

Contact us at privacy@trythelm.com to exercise these rights.

7. Meta Platform Compliance

If you connect Meta (Facebook / Instagram):

  • We only access data necessary for the auto-posting feature
  • We do not store your Meta personal profile data
  • Page Access Tokens are encrypted and used solely for publishing content you create
  • You can disconnect at any time from Settings → Integrations
  • Disconnecting deletes all stored Meta credentials within 24 hours

To revoke Helm's access from Meta directly, visit Facebook Settings → Business Integrations.

8. Data Retention

  • Account data: retained while your account is active
  • Deleted accounts: data removed within 30 days
  • OAuth tokens: revoked and deleted upon disconnection

9. Children's Privacy

Helm is not intended for users under 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified via email at least 30 days before taking effect.

11. Contact Us

For privacy questions, contact:

Privacy Policy — Helm