Privacy Policy

Parent Account and Registration Data:

When you create a Helmit account, we collect personal data about you, the parent or guardian. This includes your name, email address, and phone number provided during registration. This information is necessary to set up your account, identify you as the account holder, and communicate with you.

Child Profile Data:

You can create a profile for each child you are monitoring. We record which social media platforms (e.g. WhatsApp, Instagram, Discord, Snapchat, YouTube, TikTok, etc.) you have connected for each child and the connection status (e.g. connected or not connected).

Social Media and Communications Data (Monitored Content):

Once you connect a child's social media or messaging accounts through Helmit, the app will retrieve content from those accounts for monitoring purposes. This can include the text of messages and chat conversations, images, videos, or other media shared, audio recordings or voice notes, and files or links sent or received.

Local mode (Desktop App): All raw social media content is stored in the local database on the parent's device and is not transmitted to Helmit's servers. Analysis runs entirely on your device.

Cloud mode (Mobile App): If you enable cloud-based analysis in the mobile app, your child's social media content is transmitted to Helmit's servers for analysis. Helmit does not sell or share this content with third parties for their own use. Content processed in cloud mode is stored on Helmit's servers and is subject to the retention rules described in the Data Retention section.

Analysis and Alert Data:

Helmit uses artificial intelligence (AI) models to analyse your child's monitored communications and detect potential dangers such as cyberbullying, hate speech, online grooming, explicit or inappropriate content, self-harm or mental health risks, and other threats. In local mode, this analysis runs entirely on the parent's device and alerts are stored locally. In cloud mode, analysis runs on Helmit's servers and alert records (including the triggering content category, severity, and a summary) are stored in Helmit's cloud database and associated with the child's profile.

App Usage and Analytics Data:

In order to improve the Helmit App and ensure it is working properly, we collect certain usage analytics and technical information. This includes event logs and metrics about how you use the app. We also collect basic device information such as your device's operating system. These data help us provide technical support and understand the context of any issues. Analytics data is focused on app performance and feature usage; it does not include the content of your child's messages.

Child Profile Data:

For each child you add to Helmit, we store a child profile including the name or nickname you provide, date of birth, and an optional profile picture (stored in a private cloud storage bucket). We also record which social media platforms you have connected for monitoring and their connection status. On the desktop app, this profile is used to organise monitoring results locally; on the mobile app, the profile and associated settings are stored on Helmit's cloud backend.

Sources of Data:

The parent account data is provided directly by you during registration. Usage data is collected automatically by the app's analytics component. If you provide feedback or contact support, we may also collect any additional information you choose to share at that time (such as screenshots or descriptions of a problem).

Child Device Information (Mobile App — Parental Controls):

When the Helmit Mobile App is installed on the child's device, we collect technical information about that device including the device name, operating system (iOS or Android), app version, real-time battery level and charging status, and network type (Wi-Fi, mobile data). We also register a Firebase Cloud Messaging (FCM) device token on the child's device in order to deliver push notifications. This data is stored on Helmit's cloud backend and is used to display device status to the parent.

GPS Location and Geofence Data (Mobile App — Parental Controls):

The mobile app continuously collects the GPS location of the child's device (latitude, longitude, accuracy in metres, and timestamp) and transmits it to Helmit's cloud backend in real time. A history of past locations is stored to allow parents to review movement over time. Parents may define geofences (virtual zones with a name, centre coordinates, and radius); the app records whenever the child's device enters or leaves a geofence, storing the event type, timestamp, and location. Android requires the ACCESS_BACKGROUND_LOCATION permission; iOS uses the NSLocationAlwaysAndWhenInUseUsageDescription entitlement.

Screen Time and App Usage Data (Mobile App — Parental Controls):

The mobile app records the time the child spends in each application on their device, broken down by day. This includes the app name, package identifier (Android) or application token (iOS), and total seconds used per day. Weekly usage patterns are aggregated and stored on Helmit's cloud backend. Android requires the PACKAGE_USAGE_STATS (usage access) permission; iOS uses the DeviceActivity framework via Apple Family Controls. Parents can set daily screen time limits per day of the week, and those configured limits are also stored server-side.

Installed Applications (Mobile App — Parental Controls):

The mobile app periodically reads the full list of applications installed on the child's device and stores it on Helmit's cloud backend. For each app we store the package name, app name, category, whether it is a system app, and an app icon. This information is used to present the parent with an app management view from which they can configure blocking rules and usage limits.

Web Browsing Activity (Mobile App — Parental Controls):

The mobile app uses a device-level VPN service (Android) or content filter (iOS) to intercept DNS requests and web traffic on the child's device. Visited URLs, whether they were blocked or allowed, the timestamp of access, and the filter rule that triggered a block are logged and stored on Helmit's cloud backend. Safe Search can be enforced by the parent. Blocked categories (e.g. adult content, gambling, violence) are configured by the parent and stored server-side.

Parental Control Configuration (Mobile App):

All parental control settings configured by the parent are stored on Helmit's cloud backend and pushed to the child's device. This includes app blocking and allowlisting rules, per-app daily time limits, web filter category blocklists, Safe Search settings, activity mode schedules (Study, Free Time, Sleep), and automated routines (days, start time, end time). These settings are associated with the child's profile in the cloud database.

Emergency and Safety Events (Mobile App):

If the child activates the SOS / panic button in the app, we store a panic event record on Helmit's cloud backend containing the trigger timestamp and the child's GPS coordinates at the time. When a parent resolves the event, the resolver and resolution timestamp are also stored. We also record tamper detection events (attempts to disable or bypass parental control restrictions), storing the event type, relevant device information, and timestamp.

Payment Data:

If you purchase a Helmit subscription or lifetime access, we store a Stripe customer identifier (stripeCustomerId) associated with your account. Payment card details, bank information, and other financial data are handled exclusively by Stripe, our PCI-DSS-compliant payment processor, and are not stored on Helmit's servers.

App Usage and Analytics Data:

In order to improve Helmit and ensure it is working properly, we collect certain usage analytics. This includes event logs (e.g. features used, errors encountered, navigation flows) and basic device information such as operating system and app version. Analytics data is focused on app performance and does not include the content of your child's messages or location history. We use PostHog (EU-hosted) for product analytics; Customer.io is used for email and push notification delivery (see "Third Parties" below).

Providing and Improving the Service:

First and foremost, we process all categories of data listed above to operate Helmit and deliver its features to you. This includes using parent account data to create and authenticate your account, and using child profile and social media data to perform the monitoring and alert functions as described. The legal basis for these processing activities is the performance of a contract – when you accept our Terms of Service and use Helmit, we enter into a contract to provide you with the parental control service, and we must process certain data to fulfill that contract (Art. 6(1)(b) GDPR). We also process data to maintain and improve the Service – this may be based on our legitimate interests (Art. 6(1)(f) GDPR) in ensuring our app is effective, safe, and user-friendly.

Threat Detection and Alerts:

A core purpose of Helmit is to detect potential dangers to your child and notify you. We use the child's social media communications data to algorithmically determine if any content is harmful or falls into risk categories (cyberbullying, etc.), and we generate alert notifications for the parent based on this analysis. The purpose is to empower you to protect your child from online harms. Under GDPR, this processing of the child's data is based on the parent's legitimate interest in safeguarding the child's welfare, combined with the parent's capacity as legal guardian to consent on the child's behalf where consent is required.

Account Management and User Communications:

We use your account data (name, email, phone) to manage our relationship with you as a customer. This includes sending administrative emails or messages related to your use of Helmit, such as verification emails, password resets, service updates, and important security or privacy notices. We may also use your contact information to respond to support requests or inquiries you send us. The legal basis for these communications is performance of contract (to keep you informed about the service you are using) or compliance with legal obligations.

Notifications (Email/SMS Alerts):

If you enable email or SMS notifications for alerts, we will use your provided email address and/or phone number to send you alert summaries when a high-severity issue is detected. This processing (sending you alerts) is part of delivering the service you signed up for (contractual necessity) and/or based on your consent/choice since you choose whether to enable such notifications. If you prefer not to receive notifications through a certain channel, you can disable them in the app settings at any time.

Analytics and Improvement:

We use the app usage and analytics data to understand how Helmit is used and to improve performance and features. For instance, we analyze which features are most popular or where users encounter difficulties, so we can enhance the user experience. This processing is based on our legitimate interest in improving our product and ensuring a high-quality user experience (Art. 6(1)(f) GDPR).

Security and Fraud Prevention:

We may process certain data as necessary to maintain the security of the Helmit App and our users. This can include using log information and identifiers to detect and prevent malicious activity, securing accounts (e.g., multi-factor authentication using your email or phone), and enforcing our Terms of Service. This processing is based on legitimate interests (protecting the service and our users) and compliance with legal obligations related to data security.

Screen Time and App Access Management:

We process screen time usage data, installed app lists, and parental control settings to enforce the limits and restrictions configured by the parent on the child's device. This includes blocking apps, enforcing daily usage caps, applying web filters, and activating mode-based restrictions. The legal basis is performance of contract (Art. 6(1)(b) GDPR) — these are core features of the Service the parent has contracted for — and legitimate interest in supporting child welfare (Art. 6(1)(f) GDPR).

Location Monitoring and Geofence Alerts:

We process GPS location data and geofence definitions to display the child's current and historical location to the parent and to generate zone-entry or zone-exit notifications. The legal basis is the parent's legitimate interest in knowing the whereabouts of their minor child for safety purposes (Art. 6(1)(f) GDPR), combined with the parent's authority as legal guardian to consent to this processing on the child's behalf.

Device and Tamper Security Monitoring:

We process tamper detection events and device status information to alert parents when a child attempts to disable, circumvent, or uninstall parental control restrictions, and to maintain the integrity of the Service on the child's device. The legal basis is legitimate interest in protecting the operation and integrity of the Service (Art. 6(1)(f) GDPR).

Emergency and SOS Response:

We process SOS panic event data (including the child's GPS location at the time of the event) to deliver an emergency alert to the parent immediately. The legal basis is the vital interest of the child (Art. 6(1)(d) GDPR) and the parent's legitimate interest in their child's physical safety (Art. 6(1)(f) GDPR).

Payment Processing:

We process Stripe customer identifiers and subscription status data to manage paid subscriptions and lifetime access entitlements, and to fulfil contractual obligations to subscribers. The legal basis is performance of contract (Art. 6(1)(b) GDPR).

Legal Compliance:

Where required, we will process and/or disclose personal data to comply with legal obligations, law enforcement requests, or court orders. For example, if we are obliged to retain certain information for tax or accounting purposes, or if we must respond to a lawful request by authorities, we will do so. Such processing is based on Art. 6(1)(c) GDPR (legal obligation). We will notify you of any such disclosure when permitted by law.

Analytics Provider (PostHog):

We use PostHog, a product analytics service, to collect and analyze app usage data. Our PostHog instance is hosted in the European Union (https://eu.i.posthog.com), meaning usage data is sent to EU-based servers for processing, for GDPR compliance. PostHog acts as our data processor, and we have an agreement in place to ensure they protect the data.

SMS Notification Service (Infobip):

We integrate with Infobip to send SMS text messages to parents who opt to receive alerts via SMS. Infobip will receive the parent's phone number and the content of the alert notification (which, as described, contains a short alert summary). Infobip uses this information solely to transmit the SMS to you. If you disable SMS notifications, we stop sending your data to Infobip.

Email Delivery Services (Resend and Customer.io):

We use two services for outbound email. Resend handles transactional emails such as alert notifications, verification emails, and password resets. Customer.io handles lifecycle and marketing emails such as onboarding sequences and feature announcements. Both services receive your email address and the content of the emails they are asked to send on our behalf. They act as data processors and do not use your information for any purpose other than delivery. Data processing agreements are in place with both providers.

Cloud Database (Google Cloud SQL):

Helmit's backend database runs on Google Cloud SQL, a managed relational database service hosted on Google Cloud infrastructure. All parental control data stored server-side — including location history, app usage logs, device status, web activity, SOS events, child profiles, and parental control settings — resides in this database. Google acts as a data processor under our data processing agreement. Data is stored in the EU; transfers are governed by Google Cloud's EU Standard Contractual Clauses.

Advertising Platforms (Google Customer Match / Meta Custom Audiences):

We may upload hashed lists of customer email addresses to Google Ads (via the Customer Match feature) and to Meta Ads (via the Custom Audiences feature) for advertising purposes. This allows us to show targeted advertisements to existing users or to create lookalike audiences of new potential users on Google Search, YouTube, Gmail, Facebook, and Instagram.

Before uploading, email addresses are hashed using SHA-256 so that they are not transmitted in plain text. Google and Meta act as independent data controllers for the data they receive. The legal basis for this processing is our legitimate interest in promoting our service to relevant audiences (Art. 6(1)(f) GDPR). You have the right to object to this processing at any time by contacting us at privacy@helmit.org. You may also opt out directly via Google's ad settings or Meta's ad preferences.

Push Notification Service — Firebase Cloud Messaging (Google):

The Helmit Mobile App uses Firebase Cloud Messaging (FCM) by Google to deliver push notifications to both parent and child devices. To enable this, FCM device tokens from registered devices are transmitted to Google's FCM infrastructure. Google acts as a data processor under our data processing agreement. FCM data may be processed in the United States; transfers are safeguarded via EU Standard Contractual Clauses.

Event-Based Notifications and Marketing (Customer.io):

We use Customer.io to send event-triggered push notifications and marketing messages to parents (e.g. onboarding flows, feature announcements). We share basic user identifiers (such as a hashed user ID and event names like "alert triggered" or "geofence entered") with Customer.io. Customer.io acts as our data processor. We have a data processing agreement in place; data is processed subject to Customer.io's privacy safeguards and our instructions.

Payment Processing (Stripe):

We use Stripe, Inc. to process payments for Helmit subscriptions and lifetime access. When you make a purchase, you interact directly with Stripe's payment form; Helmit only stores the Stripe customer identifier (stripeCustomerId) and subscription status — not your payment card details. Stripe is PCI-DSS Level 1 certified. Stripe acts as an independent data controller for the financial data it collects. Their privacy policy governs how Stripe handles your payment information.

Maps SDK (Apple Maps / Google Maps):

The mobile app uses the device's native maps SDK (Google Maps on Android, Apple Maps on iOS) to render geofences and the child's location on a map for the parent. Map tile rendering may involve the SDK transmitting anonymous technical requests to Google or Apple. We do not transmit individually identifiable location data to these providers beyond what their SDKs inherently require for tile rendering. Standard SDK data processing terms of Google and Apple apply.

Legal and Safety Disclosures:

We may disclose certain data to third parties outside of our service providers if necessary to comply with a legal obligation, to protect our rights or the safety of users, or to enforce our terms. For instance, if we are compelled by a valid legal order to produce information (and such order is applicable to us), we will comply after verifying its legitimacy.

Data Storage — Two-Tier Model:

Helmit uses a hybrid storage model that differs between the desktop and mobile apps:

Desktop App (Social Media Monitoring): Chat content retrieved from your child's social media accounts, AI-generated alerts, and message history are stored locally on the parent's device in the Helmit desktop application database. This data is not uploaded to Helmit's servers. You have full control over it: it resides entirely on your machine and is removed when you delete the child profile or uninstall the app.

Mobile App (Parental Controls): All parental control data — including GPS location history, device status, app usage logs, installed application lists, web browsing activity, screen time statistics, SOS events, tamper detection events, geofence definitions, and parental control settings — is transmitted from the child's device and stored on Helmit's cloud backend servers. Parents access this data through their own mobile app, which reads from the cloud backend in real time. On-device, the mobile app stores authentication tokens using the OS secure enclave (expo-secure-store) and caches family data locally for offline functionality.

Security Measures:

Helmit takes the security of your data seriously. We have implemented a variety of technical and organizational measures to protect personal data against unauthorized access, alteration, loss, or misuse. These measures include access controls, encryption in transit, and secure coding practices:

• Helmit is SOC 2 compliant. Our security controls covering data confidentiality, availability, and integrity have been independently audited against the AICPA SOC 2 Trust Services Criteria.
• All communication between the Helmit App and any external service is encrypted via HTTPS/TLS.
• The local database is protected by the security of your device's user account.
• Access to server-side data is restricted to authorized Helmit personnel with a documented need to know.
• Our cloud infrastructure and third-party services employ industry-standard security practices including firewalls, encryption at rest, and continuous monitoring.

Breach Notification:

In the unlikely event of a data breach affecting your personal data, we will act promptly to contain and investigate the issue. We will also notify you and the relevant authorities as required by law. If your email is on file, we will notify you electronically without undue delay, providing information on the nature of the breach and steps we are taking.

Retention Periods:

We will retain personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law. Because Helmit operates two distinct data models, retention works differently for each:

Desktop App (local data): Chat content, alerts, and related data reside on your device indefinitely until you choose to delete them — for example by removing individual alerts, deleting a child profile, or uninstalling the app. Helmit has no server-side copy of this data.

Mobile App (cloud data): Parental control data stored on our backend — location history, app usage logs, device status, web activity logs, SOS events — is retained while your Helmit account is active. There is currently no automatic time-based pruning of historical records; data accumulates until the account is deleted. Upon account deletion, we delete all server-side data associated with your account and child profiles within 30 days, except where retention is legally mandated.

Account Data:

We retain your account information while your Helmit account is active. If you choose to delete your Helmit account, we will delete your personal account data (name, email, phone) from our active databases. Generally, if you cancel your account, we aim to remove or anonymize your personal data from our systems within 30 days, except where retention is legally mandated.

Child Social Media Monitoring Data (Local Mode — Desktop App):

All message content and related data collected via the Helmit Desktop App is stored locally on your device and not on Helmit's servers. We do not have a server-side retention policy for this data — it remains entirely under your control. Please note that if you uninstall the desktop app without first deleting child profiles, data files on your device may remain on the system.

Child Social Media Monitoring Data (Cloud Mode — Mobile App):

If you use cloud-based analysis, the social media content transmitted to and processed on Helmit's servers is retained while your account and associated child profiles are active. Deleting a child profile removes the associated cloud-stored content. Full account deletion removes all remaining server-side data within 30 days.

Child Parental Control Data (Mobile App):

Location history, app usage logs, web activity, device status records, SOS events, and all other parental control data stored on Helmit's cloud backend are retained for as long as your account and associated child profiles exist. You can delete individual child profiles in the app at any time, which will remove the associated cloud data. Full account deletion removes all remaining server-side data within 30 days.

Your Deletion Rights:

You have the right to request deletion of your personal data (see "Your Rights" below). If you request that we delete data we hold on our servers (like your account information), we will do so (except to the extent we are required to keep it, as explained).