Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

For any privacy-related inquiries or to exercise your data protection rights, please contact us at the above address.

2. Data We Collect

2.1 Account Information

When you create an account, we collect your email address for authentication purposes. We use a secure authentication process: new users must first confirm that they are located in Switzerland and are not residents of the EU or EEA before any personal data is stored. After this confirmation, new users (and existing users without a passkey) receive a verification code by email, then passkey setup or verification; existing users with a passkey sign in directly with their passkey (biometrics via your device). We store:

• Your email address (used for authentication and account recovery)
• A unique internal identifier (UUID) generated automatically
• Passkey credentials (public key and metadata for authentication)
• Encryption passkey parameters (PRF salt values for deriving encryption keys, for Helvety Tasks and Helvety Contacts which use end-to-end encryption)
• Geo-confirmation metadata (confirmation that you are located in Switzerland, and the timestamp of that confirmation)

Your email address is used solely for authentication (verification codes for new users, passkey for returning users) and important account notifications. We do not share your email with third parties for marketing purposes.

2.2 Order and Transaction Data

When you make a purchase, we collect:

• Purchase history and order details
• Shipping address (if and when physical products are offered)
• Billing information (processed by Stripe; we do not store complete payment card details)

2.3 Technical and Usage Data

We automatically collect certain information when you use the Services:

• IP address
• Browser type and version
• Device information
• Pages visited and features used
• Date and time of access
• Referring website

2.4 Communication Data

If you contact us, we collect the information you provide in your communication, including your email address and message content.

2.5 License Validation Data

For enterprise products (such as SharePoint extensions), our software may validate licenses by sending your organization's tenant identifier (e.g., "contoso" from contoso.sharepoint.com) to our servers at helvety.com/store. This data:

• Does not include personal data, only your organization's tenant identifier
• Is used solely to verify your subscription status
• Is processed in accordance with this Privacy Policy
• Is cached locally to minimize API calls and ensure offline reliability

2.6 Data Provision Requirements

We inform you about whether providing personal data is a statutory or contractual requirement:

• Account Creation: Creating an account requires your email address (for verification codes when signing up or recovering access) and passkey setup using your device's biometrics (Face ID, fingerprint, or PIN). Your email is necessary for account verification and recovery. A unique identifier is generated automatically.
• Purchases: When you make a purchase, payment and billing information (including email, name, and address) is collected directly by our payment processor, Stripe. This information is required to process your order and is subject to Stripe's privacy policy. Helvety does not collect or store this information directly.
• License Validation: For enterprise products, sending your organization's tenant identifier is necessary for license validation. Without this, the software cannot verify your subscription status.
• Communication: Providing contact information when you reach out to us is voluntary but necessary if you wish to receive a response.

2.7 Encryption Data

Helvety Tasks and Helvety Contacts use end-to-end encryption to protect your data. For these services, we store:

• PRF parameters (Pseudo-Random Function extension data) used to derive encryption keys from your passkey
• Encrypted data fields (where applicable)

Important: Encryption keys are derived client-side in your browser using the WebAuthn PRF extension. We do not have access to your actual encryption keys. This zero-knowledge architecture means that even if our servers were compromised, your encrypted data is designed to remain protected. Additionally, encryption uses Additional Authenticated Data (AAD) to bind each ciphertext to its specific database record, preventing encrypted data from being moved or replayed in a different context.

Browser Requirements: End-to-end encryption requires a modern browser with WebAuthn PRF support (Chrome 128+, Edge 128+, Safari 18+, Firefox 139+ desktop only). Firefox for Android does not support the PRF extension.

2.8 Data Processing by Service

The Helvety ecosystem consists of several services, each with distinct data processing characteristics:

• helvety.com (Main Website): No personal data collection beyond authentication session cookies. Only essential cookies, anonymous Vercel Analytics, and Vercel Speed Insights performance monitoring.
• Helvety Auth (helvety.com/auth): Email address, passkey credentials, PRF encryption parameters, geo-confirmation status (confirmation that you are located in Switzerland and the timestamp of that confirmation), IP address (for rate limiting), and user agent (for device detection). All data is used strictly for authentication and security purposes.
• Helvety PDF (helvety.com/pdf): All file processing is performed entirely client-side in your browser. Your files are not uploaded to, stored on, or transmitted to our servers. No login or account is required, and no server-side processing or checks occur. Helvety PDF is a free tool with a maximum file size of 100MB per file.
• Helvety Store (helvety.com/store): User profile (email), Stripe customer ID, subscription and purchase history, licensed tenant IDs (for enterprise products), and IP address (for checkout consent audit trail and rate limiting). Payment data (card details, billing address) is handled exclusively by Stripe.
• Helvety Tasks (helvety.com/tasks): Task content is end-to-end encrypted client-side before storage. Encrypted fields include: titles, descriptions, start/end dates, stage names, label names, and file attachments (both file content and file metadata such as filename, type, and size). Our servers store only ciphertext for these fields. Encryption keys are derived from your passkey and do not leave your device. Record identifiers for encrypted data are generated on your device and bound to the ciphertext via Additional Authenticated Data (AAD). Our architecture is designed so that we cannot read your task content. Non-encrypted structural metadata is stored in plaintext to enable application functionality: record identifiers, timestamps, priority levels, display preferences (colors, icons, sort orders), entity relationships (e.g., which stage, label, or space an item belongs to), and file operation audit logs (IP addresses, file sizes, storage paths).
• Helvety Contacts (helvety.com/contacts): Contact content is end-to-end encrypted client-side before storage. Encrypted fields include: first and last names, description, email, phone, birthday, notes, and category names. Our servers store only ciphertext for these fields. Encryption keys are derived from your passkey and do not leave your device. Record identifiers for encrypted data are generated on your device and bound to the ciphertext via Additional Authenticated Data (AAD). Our architecture is designed so that we cannot read your contact content. Non-encrypted structural metadata is stored in plaintext to enable application functionality: record identifiers, timestamps, display preferences (colors, icons, sort orders), and category assignments.

3. Legal Basis for Processing

We process your personal data in accordance with the principles set out in Art. 6 nDSG: lawfulness, proportionality, purpose limitation, transparency, accuracy, and data security. Our processing is based on the following grounds:

• Contract performance: Processing necessary to fulfill our contractual obligations to you, including processing orders, managing subscriptions, and providing the Services.
• Legal obligations: Processing required to comply with applicable Swiss law, such as tax and accounting requirements (e.g., Art. 958f Swiss Code of Obligations).
• Legitimate interests: Processing for our legitimate business interests, such as fraud prevention, security, and improving our Services, where such interests are not overridden by your rights.
• Consent: Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

We use your personal data for the following purposes:

• To create and manage your account
• To process and fulfill your orders
• To manage subscriptions and billing
• To send transactional emails (order confirmations, receipts, etc.)
• To provide customer support
• To detect and prevent fraud and security incidents
• To comply with legal obligations
• To improve and optimize the Services
• To enforce our Terms of Service
• To respond to valid legal requests from Swiss law enforcement and judicial authorities

4.1 Marketing Communications

We will only send you marketing communications (such as newsletters, promotional offers, or product announcements) if you have given us your explicit consent to do so.

Opt-Out: You can withdraw your consent and unsubscribe from marketing communications at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email
• Contacting us at contact@helvety.com

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications (such as order confirmations, account notifications, or important service updates) as necessary to provide the Services.

4.2 Law Enforcement and Legal Disclosures

We may disclose your non-encrypted personal data to Swiss law enforcement or judicial authorities when required by a valid Swiss court order or binding legal request issued in accordance with applicable Swiss law. We will cooperate with any lawful surveillance order directed at us, including under the Swiss Federal Act on the Surveillance of Post and Telecommunications (BÜPF) to the extent it applies to our services.

The types of data we may disclose in response to valid legal requests include:

• Account information (email address, account creation date, internal identifiers)
• IP addresses and timestamps associated with account activity, including file uploads and downloads
• File operation metadata (upload timestamps, encrypted file sizes, storage paths)
• Subscription and billing metadata
• Non-encrypted structural metadata from Helvety Tasks and Helvety Contacts (priority levels, display preferences such as colors and icons, sort orders, entity relationships, and category assignments)

We cannot and will not decrypt end-to-end encrypted content, even in response to a court order. Our zero-knowledge architecture means we do not possess the encryption keys necessary to decrypt your data. Only non-encrypted metadata as described above can be provided.

Where legally permitted, we will notify affected users of legal requests concerning their accounts. We may be prohibited from providing such notice where it would compromise an ongoing investigation or where notification is otherwise prohibited by law.

5. Third-Party Service Providers

We share your personal data with the following third-party service providers who process data on our behalf:

Stripe: Stripe, which maintains PCI DSS Level 1 certification, handles all payment card information. We do not have access to or store your complete card details. Stripe may perform automated fraud analysis on payment data as part of its processing services; for details, see Stripe's Privacy Policy.

Resend: Resend operates as a sub-processor of Supabase for email delivery. Email addresses and transactional email content (such as verification codes) transit through Resend's infrastructure.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside Switzerland, particularly the United States, where our service providers are located.

For transfers to the USA, we rely on one or more of the following safeguards in accordance with nDSG Art. 16 and Art. 17:

• Swiss-US Data Privacy Framework: The Swiss Federal Data Protection and Information Commissioner (FDPIC) has recognized the Swiss-US Data Privacy Framework (effective September 15, 2024) as providing adequate protection for data transfers to certified US organizations. Where applicable, our US-based providers may be certified under this framework.
• Standard Contractual Clauses (SCCs): Where available, we rely on Standard Contractual Clauses offered by service providers as contractual safeguards for an adequate level of data protection.
• Contract necessity: Certain transfers are necessary for the performance of a contract with you (e.g., payment processing via Stripe to fulfill a purchase) in accordance with nDSG Art. 17(1)(b).

By using the Services, you acknowledge that your data may be transferred internationally as described above. You can obtain further information about the specific safeguards in place for each provider by contacting us at contact@helvety.com.

7. Data Retention

We retain data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: Your account consists of your email address, an internal identifier (UUID), and passkey credentials. This data is retained while your account is active and for up to 2 years after account deletion for legal compliance.
• Transaction data: Subscription and purchase records (linked to your account ID and Stripe customer ID) are retained for 10 years as required by Art. 958f Swiss Code of Obligations (accounting and tax retention). Note that your email and billing details are stored by Stripe, not by Helvety.
• Consent audit records: When you accept the Terms of Service and Privacy Policy during checkout, we record a consent event including your IP address, timestamp, and the versions of the documents you accepted. This data is retained for 10 years alongside transaction data as legally required proof of consent (Art. 958f Swiss Code of Obligations).
• Communication records: Retained for up to 3 years after last contact.
• Technical logs: Retained for up to 90 days for security purposes.
• Rate limiting data: IP-based identifiers used for rate limiting are stored temporarily in Redis (Upstash) and automatically expire within 1 to 5 minutes depending on the endpoint.
• File operation metadata (Helvety Tasks): Non-encrypted metadata associated with file uploads, downloads, and deletions -- including timestamps, file sizes (of encrypted blobs), storage paths, IP addresses, and user identifiers -- is retained for up to 6 months for service security and legal compliance purposes. This metadata does not include the content of your files, which is end-to-end encrypted and inaccessible to us.
• Subscription data: Retained for the duration of your subscription plus 10 years for tax and accounting compliance (Art. 958f Swiss Code of Obligations). Subscription history (plan changes, upgrades, downgrades, cancellations) is retained as part of transaction records.

8. Your Rights

Under the nDSG and other applicable Swiss law, you have the following rights regarding your personal data:

• Right of Access (Art. 25 nDSG): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Art. 32(1) nDSG and Art. 6(5) nDSG): You have the right to request correction of inaccurate or incomplete data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention requirements.
• Right to Data Portability (Art. 28 nDSG): You have the right to receive your data in a structured, commonly used format.
• Right to Object (Art. 30(2)(b) nDSG): You have the right to object to the disclosure of your data to third parties in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Self-Service Account Deletion: You can request deletion of your account directly from your account settings at helvety.com/store/account. Upon confirmation, your account and personal data will be permanently deleted across all Helvety services, including authentication credentials, subscription records, task data, contact data, and file attachments. This action is immediate and cannot be undone. We recommend exporting your data before proceeding. Transaction records required for legal compliance (Art. 958f Swiss Code of Obligations) will be retained in anonymized form for 10 years.

Self-Service Data Export: You can export your personal data from your account settings. The export includes your profile information, subscription history, and tenant registrations in JSON format. For Helvety Tasks and Helvety Contacts (end-to-end encrypted data), you can initiate an export from within the app while authenticated with your passkey; the data is decrypted client-side and exported locally. Server-side exports of encrypted data are available only in encrypted form.

To exercise any of these rights, you may also contact us at contact@helvety.com with the subject line "Data Export Request," "Account Deletion Request," or a description of the right you wish to exercise. We will verify your identity and respond to your request within 30 days.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss supervisory authority (Art. 19 nDSG): Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), Feldeggweg 1, 3003 Bern, Switzerland, https://www.edoeb.admin.ch.

9. Cookies and Tracking

We use only essential cookies that are strictly necessary for the operation of the Services. These include:

• Authentication cookies: To keep you logged in during your session.
• Security cookies: To protect against security threats.
• Preference cookies: To remember your settings (e.g., theme preference).

We use Vercel Analytics, a privacy-focused analytics service, to understand how our Services are used. Vercel Analytics collects:

• Page view counts and navigation patterns
• Referrer URLs (how you arrived at our site)
• Browser and device type
• Country-level geographic location
• Performance metrics (via Vercel Speed Insights across all apps)

Vercel Analytics does not use cookies and does not track individual users across sessions. Data is aggregated and anonymized. You can learn more at Vercel's Analytics Privacy Policy.

We do not use any other analytics services, advertising trackers, or cross-site tracking technologies.

Essential cookies do not require consent under Swiss law as they are necessary for the Services to function. You can configure your browser to reject cookies, but this may affect your ability to use certain features.

9.1 Do Not Track (DNT)

"Do Not Track" (DNT) is a browser setting that requests websites not to track the user. We do not currently respond to DNT signals in a standardized manner, as there is no industry-wide standard for DNT. However, because we do not engage in cross-site tracking or sell your personal information, the practical effect is the same regardless of your DNT setting.

9.2 Automated Decision-Making

We do not use automated decision-making processes, including profiling, that produce legal effects concerning you or similarly significantly affect you. While we may use automated tools for fraud detection, spam filtering, or service optimization, these processes do not result in decisions that have legal or similarly significant effects on individuals. If this changes in the future, we will update this policy and, where required, provide you with notice and an opportunity to object.

Note: Our payment processor, Stripe, may perform automated fraud analysis on payment transactions as part of its processing services. Such analysis is conducted by Stripe as an independent controller and is subject to nDSG principles and Stripe's Privacy Policy.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Client-side end-to-end encryption using passkey-derived keys (for applicable services)
• Zero-knowledge architecture where encryption keys are not transmitted to or stored on our servers
• Secure authentication mechanisms
• Access controls and authentication for administrative access
• Rate limiting to protect against brute force attacks on authentication endpoints
• CSRF (Cross-Site Request Forgery) protection using secure token validation
• Automatic session timeout after periods of inactivity
• Security event logging for audit trails and incident response
• Regular security assessments
• Secure hosting infrastructure

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Swiss FDPIC (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter) as soon as possible after becoming aware of the breach, as required by Article 24 nDSG
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Document the breach, including its effects and the remedial actions taken

Our breach notification will include, where possible: a description of the nature of the breach, the likely consequences, the measures taken to address the breach, and contact information for further inquiries.

10.2 End-to-End Encryption

Helvety Tasks and Helvety Contacts implement end-to-end encryption to protect your content. Other Helvety services (helvety.com, Helvety Auth, Helvety PDF, Helvety Store) do not use end-to-end encryption. For Helvety Tasks and Helvety Contacts:

• Encryption keys are derived from your passkey using the WebAuthn PRF (Pseudo-Random Function) extension
• All encryption and decryption operations occur locally in your browser
• We store only PRF parameters (salt values) that allow your device to re-derive the same key
• We cannot decrypt your content as we do not possess your encryption key
• Your passkey (stored on your device) is the only way to access encrypted content
• Additional Authenticated Data (AAD) binds each ciphertext to a specific record, preventing encrypted data from being moved or replayed in a different context
• Record identifiers for encrypted data are generated on your device, not by our servers

Helvety Tasks encrypted fields: titles, descriptions, start/end dates, stage names, label names, and file attachments (both file content and file metadata such as filename, type, and size). Non-encrypted structural metadata: record identifiers, timestamps, priority levels, display preferences (colors, icons, sort orders), entity relationships (e.g., which stage, label, or space an item belongs to), and file operation audit logs (IP addresses, file sizes, storage paths).

Helvety Contacts encrypted fields: first and last names, description, email, phone, birthday, notes, and category names. Non-encrypted structural metadata: record identifiers, timestamps, display preferences (colors, icons, sort orders), and category assignments.

This approach is designed to protect your encrypted content even in the event of a data breach on our servers. Browser requirements for end-to-end encryption: Chrome 128+, Edge 128+, Safari 18+, Firefox 139+ (desktop only).

11. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@helvety.com. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email (if you have an account) or through a notice on the Services

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the revised policy.

13. Contact Information

For any questions about this Privacy Policy or our data practices, or to exercise your data protection rights, please contact us: