HelmsbyJoin the Waitlist

Helmsby — Privacy Policy

Last updated: 7 February 2026

This Privacy Policy explains how Helmsby ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website, sign up for updates, or interact with our pre-launch and early-access services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and all applicable UK data laws.

By using our website, you agree to this Privacy Policy.

1. Who We Are

Helmsby is a software product under development in the United Kingdom. Once incorporated, the registered company will become the official data controller.

Contact email: hello@helmsby.ai

Website: helmsby.ai

2. What Personal Data We Collect

We only collect the data necessary to operate or improve the Service.

2.1 Data You Provide Directly

  • Email address (e.g., when joining the waitlist or newsletter)
  • Name (optional)
  • Company (optional)
  • Role (optional)
  • Messages or support inquiries

2.2 Automatically Collected Data

We use Vercel Analytics, a privacy-friendly analytics service that does not use cookies or collect personal data. It automatically collects:

  • Page views and navigation patterns (anonymised)
  • Device type (desktop, mobile, tablet)
  • Browser type
  • Country/region (derived from IP address, but IP is not stored)
  • Referrer information (where you came from)

Important: Vercel Analytics is GDPR-compliant, does not track individual users, and does not store IP addresses. All data is aggregated and anonymised.

2.3 Cookies & Tracking

We use minimal cookies for:

  • Essential site functionality (authentication via Clerk)
  • Remembering your preferences

We do not use tracking cookies or third-party advertising cookies. Vercel Analytics operates without cookies.

3. How We Use Your Data

We use your data only for the following purposes:

3.1 Providing and improving the Service

  • Operating the website
  • Sending early-access invitations
  • Analysing usage to improve features
  • Developing new tools and capabilities

3.2 Communication

  • Waitlist updates
  • Product announcements
  • Invitations to early access or beta testing
  • Support responses

3.3 Legal or Security Purposes

  • Detecting misuse or security issues
  • Complying with legal requirements

We do not sell your data.

4. Our Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Consent — joining the waitlist, newsletter
  • Legitimate interests — improving the service, analytics
  • Contractual necessity — if you create an account or subscribe to the service
  • Legal obligation — when required by law

5. How We Store and Protect Your Data

We take appropriate technical and organisational measures to secure your data, including:

  • Encrypted storage where possible
  • Secure access controls
  • Limiting data to what's necessary
  • Data stored primarily in EU/UK data centers via Vercel's infrastructure
  • Using reputable UK/EU/EEA-compliant service providers

International Data Transfers: Some of our service providers (Vercel Inc. and Clerk Inc.) are headquartered in the United States. When data is transferred outside the UK/EU, it is protected using Standard Contractual Clauses and both companies maintain GDPR-compliant practices with appropriate security measures.

Data Breach Notification: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.

6. How Long We Keep Your Data

We keep data only as long as necessary:

  • Waitlist / newsletter emails: until you unsubscribe
  • Account data (if applicable): until you close the account
  • Analytics: typically anonymised or deleted within 12–24 months
  • Support emails: up to 24 months
  • Legal records: as required by law

You can request deletion at any time (see section 8).

7. Sharing Your Data

We may share data with third parties only when necessary:

  • Vercel Inc. (hosting and analytics) — Privacy-friendly, GDPR-compliant analytics without cookies
  • Clerk Inc. (authentication services) — Handles user authentication and session management
  • Email service providers (when we implement waitlist notifications)
  • Payment processors (once subscription features are added)

These providers act as "data processors" under UK GDPR and may only use your data according to our instructions. Both Vercel and Clerk are GDPR-compliant and maintain appropriate security measures.

We do not sell or trade your personal data.

8. Your Rights Under UK GDPR

You have the following rights:

  • Access — request the data we hold about you
  • Correction — fix inaccurate information
  • Deletion ("Right to be Forgotten")
  • Restriction of processing
  • Data portability
  • Object to processing
  • Withdraw consent (e.g., unsubscribe at any time)

To exercise your rights, email: hello@helmsby.ai

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): https://ico.org.uk

9. Children's Privacy

Helmsby is not intended for individuals under 18. We do not knowingly collect children's data.

10. Links to Other Websites

Our website may contain links to external sites. We are not responsible for their content or privacy practices.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page will indicate changes.

For material changes that affect your rights, we will notify you via email if you're on our waitlist or have an account. Continued use of the site after changes indicates acceptance.

12. Automated Decision Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Our AI-powered features are designed to assist product managers with data analysis and insight generation. These tools synthesize information and identify patterns, but they do not make automated decisions about individuals. All AI-generated insights are reviewed and acted upon by human users.

13. Contact Us

For privacy questions or requests: hello@helmsby.ai