Helm

Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how Helm (“Helm”, “we”, operated by DarkMatter OS Limited) collects, uses, stores and discloses data when you use the Helm service (helmai.cc, the “Service”). By using the Service, you agree to this Policy.

1. Data We Collect

(a) Data you provide directly: account email, company details, receipts / invoices / documents you upload, and the content you enter in chat.

(b) Data obtained through the Google APIs (after your explicit authorisation):

  • Basic identity (openid, userinfo.email, userinfo.profile): used to identify you and sign you in.
  • Google Drive (drive.file): accesses only the specific files you open through Helm or that Helm creates (for example, invoices you place in a designated receipts folder). Helm does not access any other files in your Drive.

2. How We Use This Data

  • To provide and maintain Service features: receipt OCR bookkeeping, quotations and invoices, payment reminders, and tax filing assistance.
  • Processing may involve passing relevant content to our cloud and AI service providers (see Section 4) for real-time processing, solely to deliver the features above.
  • We do not use data obtained through the Google APIs for advertising, and do not use it to train generalised or third-party AI / machine-learning models.

3. Limited Use of Google User Data

Helm’s use and transfer of data obtained through the Google APIs comply with the Google API Services User Data Policy, including the Limited Use requirements.

Helm’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained from Google Drive is used solely to provide and improve user-facing features within Helm; is not transferred to third parties except as necessary to provide these features, for security purposes, or to comply with applicable law; is not used for advertising; and is not used to develop, improve, or train generalized or non-personalized AI/ML models.

4. Third-Party Service Providers (Sub-processors)

We disclose data to the following categories of service providers only as necessary to provide the Service, and subject to contractual confidentiality and data-protection terms:

  • Cloud infrastructure and database hosting (e.g. Google Cloud, Supabase, Vercel, Fly.io).
  • AI / text and document processing (e.g. Anthropic, OpenAI), for real-time processing only; providers do not use it to train models.
  • Payment processing (e.g. Stripe), handling subscriptions and billing only, with no access to your Google data.

5. Data Storage, Retention and Deletion

  • Data is stored in encrypted form, in databases with access controls (isolated per organisation).
  • You can disconnect your Google account at any time in Settings; once disconnected, we stop accessing it and delete the associated OAuth tokens.
  • You may request deletion of your account and associated data by emailing info@darkmatteros.com; we will process it within a reasonable time, except for data we are required by law to retain.

6. Your Rights

Subject to applicable law (including the Personal Data (Privacy) Ordinance of Hong Kong), you have the right to access, correct and request deletion of your personal data, and may withdraw Google authorisation at any time.

7. Data Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, internal access controls and audit logging. However, no system can guarantee absolute security.

8. Policy Updates

We may update this Policy from time to time. Material changes will be announced on this page and the “Last updated” date will be revised.

9. Contact Us

If you have any questions about this Policy, please email info@darkmatteros.com.