Privacy Policy

Helvety by Rubin ("we," "us," or "the Company") respects your privacy and takes the protection of your personal data seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Helvety services ("the Services"). This policy complies with the Swiss Federal Act on Data Protection (nDSG) and other applicable data protection laws.

Our services are primarily intended for customers located in Switzerland. New account creation includes a Switzerland location confirmation step, but access from outside Switzerland may still occur. This Privacy Policy is primarily based on the Swiss Federal Act on Data Protection (nDSG). Where mandatory law in another jurisdiction applies in a specific case, we comply with applicable legal obligations.

1. Data Controller

The data controller responsible for your personal data is:

For any privacy-related inquiries or to exercise your data protection rights, please contact us at the above address.

2. Data We Collect

2.1 Account Information

When you create an account, we collect your email address for authentication purposes. We use a secure authentication process: new users must first confirm that they are located in Switzerland and acknowledge that service availability may be restricted for EU/EEA users before a new account is created. Limited technical and security data (for example, anti-abuse/rate-limit data) may be processed before account creation. After this confirmation, new users (and existing users without a passkey) receive a verification code by email, then passkey setup or verification; existing users with a passkey sign in directly with their passkey (biometrics via your device). We store:

• Your email address (used for authentication and account recovery)
• A unique internal identifier (UUID) generated automatically
• Passkey credentials (public key and metadata for authentication)
• Encryption passkey parameters (PRF salt values for deriving encryption keys, for Helvety Tasks and Helvety Contacts which use end-to-end encryption)
• Geo-confirmation metadata (confirmation that you are located in Switzerland, and the timestamp of that confirmation)

Your email address is used primarily for authentication (verification codes for new users, passkey for returning users), account recovery, and important account notifications. We do not share your email with third parties for marketing purposes, except where required by law or described in this Privacy Policy.

2.2 Order and Transaction Data

When you make a purchase, we collect:

• Purchase history and order details
• Billing and invoicing address details (as provided in Stripe Checkout)
• Billing information (processed by Stripe; we do not store complete payment card details)

2.3 Technical and Usage Data

We automatically collect certain information when you use the Services:

• IP address
• Browser type and version
• Device information
• Pages visited and features used
• Date and time of access
• Referring website

2.4 Communication Data

If you contact us, we collect the information you provide in your communication, including your email address and message content.

2.5 License Validation Data

For enterprise products (such as SharePoint extensions), our software may validate licenses by sending your organization's tenant identifier (e.g., "contoso" from contoso.sharepoint.com) to our servers at helvety.com/store. This data:

• Typically includes your organization's tenant identifier and is generally treated as business-identifying data, though it may qualify as personal data depending on context
• Is used to verify your subscription status
• Is processed in accordance with this Privacy Policy
• Is cached locally to minimize API calls and ensure offline reliability

2.6 Data Provision Requirements

We inform you about whether providing personal data is a statutory or contractual requirement:

• Account Creation: Creating an account requires your email address (for verification codes when signing up or recovering access) and passkey setup using your device's biometrics (Face ID, fingerprint, or PIN). Your email is necessary for account verification and recovery. A unique identifier is generated automatically.
• Purchases: When you make a purchase, payment and billing information (including email, name, and address) is collected directly by our payment processor, Stripe. This information is required to process your order and is subject to Stripe's privacy policy. Helvety does not collect or store this information directly.
• License Validation: For enterprise products, sending your organization's tenant identifier is necessary for license validation. Without this, the software cannot verify your subscription status.
• Communication: Providing contact information when you reach out to us is voluntary but necessary if you wish to receive a response.

2.7 Encryption Data

Helvety Tasks and Helvety Contacts use end-to-end encryption to protect your data. For these services, we store:

• PRF parameters (Pseudo-Random Function extension data) used to derive encryption keys from your passkey
• Encrypted data fields (where applicable)

Important: Encryption keys are derived client-side in your browser using the WebAuthn PRF extension. Helvety does not receive or store your raw decryption keys during normal operation. This architecture is intended to reduce exposure risk if our servers are compromised, but no technical measure can provide absolute protection. Additionally, encryption uses Additional Authenticated Data (AAD) to bind each ciphertext to its specific database record, helping prevent encrypted data from being moved or replayed in a different context.

Browser Requirements: End-to-end encryption requires a modern browser with WebAuthn PRF support. Browser compatibility can change over time; refer to the current product documentation for supported platforms.

2.8 Data Processing by Service

The Helvety ecosystem consists of several services, each with distinct data processing characteristics:

• helvety.com (Main Website): Uses essential cookies and privacy-focused analytics/performance telemetry (Vercel Analytics and Vercel Speed Insights). We do not use advertising trackers or cross-site profiling.
• Helvety Auth (helvety.com/auth): Email address, passkey credentials, PRF encryption parameters, geo-confirmation status (confirmation that you are located in Switzerland and the timestamp of that confirmation), IP address (for rate limiting), and user agent (for device detection). This data is primarily used for authentication and security, and may also be processed where necessary for legal compliance, abuse prevention, and service reliability.
• Helvety PDF (helvety.com/pdf): For supported operations in the current architecture, file contents are processed in your browser and are not intended to be uploaded to our servers for file conversion. No login or account is required. The service still uses minimal server-side endpoints for platform and security functions (for example auth callback handling, CSP reporting, and session/security proxy logic). Helvety PDF is currently free with a maximum file size of 100MB per file.
• Helvety Store (helvety.com/store): User profile (email), Stripe customer ID, subscription and purchase history, licensed tenant IDs (for enterprise products), and IP address (for checkout consent audit trail and rate limiting). Payment data (card details, billing address) is handled exclusively by Stripe.
• Helvety Tasks (helvety.com/tasks): Task content is end-to-end encrypted client-side before storage. Encrypted fields include: titles, descriptions, and start/end dates. These fields are designed to be stored as encrypted ciphertext at rest on our servers. Encryption keys are derived from your passkey on your device and are not transmitted to Helvety servers. Record identifiers for encrypted data are generated on your device and bound to the ciphertext via Additional Authenticated Data (AAD). Our architecture is designed so that we are generally unable to access your task content in plaintext during normal operation. Non-encrypted structural metadata is stored in plaintext to enable application functionality: record identifiers, timestamps, priority levels, display preferences (sort orders), and entity relationships (e.g., stage and label references). Service-level usage limits may apply and are listed on the product pages.
• Helvety Contacts (helvety.com/contacts): Contact content is end-to-end encrypted client-side before storage. Encrypted fields include: first and last names, description, email, phone, birthday, and notes. These fields are designed to be stored as encrypted ciphertext at rest on our servers. Encryption keys are derived from your passkey on your device and are not transmitted to Helvety servers. Record identifiers for encrypted data are generated on your device and bound to the ciphertext via Additional Authenticated Data (AAD). Our architecture is designed so that we are generally unable to access your contact content in plaintext during normal operation. Non-encrypted structural metadata is stored in plaintext to enable application functionality: record identifiers, timestamps, display preferences (sort orders), and immutable built-in taxonomy references (category IDs). When linking contacts with task entities, additional non-encrypted relationship metadata (link identifiers, linked entity identifiers/types, and timestamps) is stored to enable the cross-app linking feature. Service-level usage limits may apply and are listed on the product pages.

3. Legal Basis for Processing

We process your personal data in accordance with the principles set out in Art. 6 nDSG: lawfulness, proportionality, purpose limitation, transparency, accuracy, and data security. Our processing is based on the following grounds:

• Contract performance: Processing necessary to fulfill our contractual obligations to you, including processing orders, managing subscriptions, and providing the Services.
• Legal obligations: Processing required to comply with applicable Swiss law, such as tax and accounting requirements (e.g., Art. 958f Swiss Code of Obligations).
• Legitimate interests: Processing for our legitimate business interests, such as fraud prevention, security, and improving our Services, where such interests are not overridden by your rights.
• Consent: Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

We use your personal data for the following purposes:

• To create and manage your account
• To process and fulfill your orders
• To manage subscriptions and billing
• To send transactional emails (order confirmations, receipts, etc.)
• To provide customer support
• To detect and prevent fraud and security incidents
• To comply with legal obligations
• To improve and optimize the Services
• To enforce our Terms of Service
• To respond to valid legal requests from Swiss law enforcement and judicial authorities

4.1 Marketing Communications

We intend to send marketing communications (such as newsletters, promotional offers, or product announcements) only where we have a valid legal basis, typically your consent where required by applicable law.

Opt-Out: You can withdraw your consent and unsubscribe from marketing communications at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email
• Contacting us at contact@helvety.com

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications (such as order confirmations, account notifications, or important service updates) as necessary to provide the Services.

4.2 Law Enforcement and Legal Disclosures

We may disclose your non-encrypted personal data to Swiss law enforcement or judicial authorities when required by a valid Swiss court order or binding legal request issued in accordance with applicable Swiss law. We will cooperate with any lawful surveillance order directed at us, including under the Swiss Federal Act on the Surveillance of Post and Telecommunications (BÜPF) to the extent it applies to our services.

The types of data we may disclose in response to valid legal requests include:

• Account information (email address, account creation date, internal identifiers)
• IP addresses and timestamps associated with account activity
• Subscription and billing metadata
• Non-encrypted structural metadata from Helvety Tasks and Helvety Contacts (priority levels, display preferences such as colors and icons, sort orders, entity relationships, and category assignments)

Our architecture is designed so we are generally unable to access encryption keys for end-to-end encrypted content during normal operation. Decryption keys are designed to remain on your device. As a result, we are generally not able to provide plaintext encrypted content in response to legal requests. The data categories we can typically provide are limited to non-encrypted metadata as described above.

Where legally permitted, we will notify affected users of legal requests concerning their accounts. We may be prohibited from providing such notice where it would compromise an ongoing investigation or where notification is otherwise prohibited by law.

5. Third-Party Service Providers

We share your personal data with the following third-party service providers who process data on our behalf:

Stripe: Stripe, which maintains PCI DSS Level 1 certification, handles all payment card information. We do not have access to or store your complete card details. Stripe may perform automated fraud analysis on payment data as part of its processing services; for details, see Stripe's Privacy Policy.

Resend: Resend operates as a sub-processor of Supabase for email delivery. Email addresses and transactional email content (such as verification codes) transit through Resend's infrastructure.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside Switzerland, particularly the United States, where our service providers are located.

For transfers outside Switzerland, we rely on one or more safeguards in accordance with nDSG Art. 16 and Art. 17, depending on the provider and transfer context:

• Adequacy decisions and recognized frameworks: where available and applicable under Swiss law.
• Standard contractual safeguards: such as Standard Contractual Clauses (or equivalent clauses) where available.
• Contract necessity: Certain transfers are necessary for the performance of a contract with you (e.g., payment processing via Stripe to fulfill a purchase) in accordance with nDSG Art. 17(1)(b).

By using the Services, you acknowledge that your data may be transferred internationally as described above. You can obtain further information about the specific safeguards in place for each provider by contacting us at contact@helvety.com.

7. Data Retention

We retain data only for as long as necessary to fulfill the purposes for which it was collected, to operate the Services, and to meet legal, tax, accounting, fraud-prevention, and security obligations:

• Account data: Your account consists of your email address, an internal identifier (UUID), and passkey credentials. This data is retained while your account is active. After account deletion, core account records are deleted, except where retention is required for legal, security, abuse-prevention, or dispute purposes.
• Transaction data: Purchase and subscription transaction evidence may be retained for up to 10 years where required by Swiss accounting and commercial law (including Art. 958f Swiss Code of Obligations). Where possible, direct account linkage is removed or minimized after account deletion. Payment card details are handled by Stripe, not stored in full by Helvety.
• Consent audit records: When you accept the Terms of Service and Privacy Policy during checkout, we record a consent event including your IP address, timestamp, and the legal version identifier in effect for that checkout flow. Under the current implementation, this is captured as a shared consent version value used for both Terms and Privacy acceptance records. This evidence may be retained for up to 10 years for contract and consent proof. After account deletion, direct user linkage may be removed where legally and operationally appropriate.
• Communication records: Retained for as long as needed to process inquiries, resolve disputes, and comply with legal obligations.
• Technical logs: Retained for a limited period for security, fraud-prevention, service reliability, and incident response (target retention up to 6 months / 183 days under current operational policy, unless a longer period is required for a specific incident, dispute, or legal hold).
• Rate limiting data: IP-based identifiers used for rate limiting are stored in Redis (Upstash). Standard rate-limit windows are short-lived (typically 1 to 5 minutes depending on the endpoint); some anti-abuse lockout counters and lockout state can be retained longer (up to 24 hours) for account security.
• Subscription data: Retained for the duration of your subscription and for any legally required period thereafter. Subscription history (plan changes, upgrades, downgrades, cancellations) may be retained as part of transaction and service records.

8. Your Rights

Under the nDSG and other applicable Swiss law, you have the following rights regarding your personal data:

• Right of Access (Art. 25 nDSG): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Art. 32(1) nDSG and Art. 6(5) nDSG): You have the right to request correction of inaccurate or incomplete data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention requirements.
• Right to Data Portability (Art. 28 nDSG): You have the right to receive your data in a structured, commonly used format.
• Right to Object (Art. 30(2)(b) nDSG): You have the right to object to the disclosure of your data to third parties in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Self-Service Account Deletion: You can request deletion of your account directly from your account settings at helvety.com/store/account. Upon confirmation, your account and personal data are scheduled for deletion across Helvety services without undue delay (target: within 30 days), including authentication credentials, subscription records, task data, and contact data, subject to technical processing time and legally required retention. Depending on system architecture and legal obligations, some records may be deleted, de-identified, or retained in restricted form for compliance, fraud-prevention, dispute handling, or security purposes. This action is intended to be permanent and may not be reversible. We recommend exporting your data before proceeding.

Self-Service Data Export: You can export your personal data from your account settings. The export includes your profile information, subscription history, purchase history, and tenant registrations in JSON format. For Helvety Tasks and Helvety Contacts (end-to-end encrypted data), you can initiate an export from within the app while authenticated with your passkey; the data is decrypted client-side and exported locally. Server-side exports of encrypted data are available only in encrypted form.

To exercise any of these rights, you may also contact us at contact@helvety.com with the subject line "Data Export Request," "Account Deletion Request," or a description of the right you wish to exercise. We will verify your identity and respond within the timeframe required by applicable law, and in many cases within 30 days, subject to legal and operational constraints.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss supervisory authority (Art. 19 nDSG): Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), Feldeggweg 1, 3003 Bern, Switzerland, https://www.edoeb.admin.ch.

9. Cookies and Tracking

We use essential cookies and similar storage technologies that are necessary for operation and security of the Services. Depending on the service, we may also use privacy-focused telemetry tools for product analytics and performance monitoring. Examples include:

• Authentication cookies: To keep you logged in during your session.
• Security cookies: To protect against security threats.
• Preference cookies: To remember your settings (e.g., theme preference).

We use Vercel Analytics, a privacy-focused analytics service, to understand how our Services are used. Vercel Analytics collects:

• Page view counts and navigation patterns
• Referrer URLs (how you arrived at our site)
• Browser and device type
• Country-level geographic location
• Performance metrics (via Vercel Speed Insights across all apps)

Based on our current implementation and vendor documentation, Vercel Analytics is designed to operate without advertising trackers and without cross-site profiling by us. Analytics data is typically aggregated and pseudonymized/anonymized by provider tooling. You can learn more at Vercel's Analytics Privacy Policy.

We use Vercel Analytics/Speed Insights and do not intentionally operate advertising trackers or cross-site profiling technologies.

Essential cookies do not require consent under Swiss law as they are necessary for the Services to function. You can configure your browser to reject cookies, but this may affect your ability to use certain features.

9.1 Do Not Track (DNT)

"Do Not Track" (DNT) is a browser setting that requests websites not to track the user. We do not currently respond to DNT signals in a standardized manner, as there is no industry-wide standard for DNT. Our current analytics configuration is described above in this Section 9.

9.2 Automated Decision-Making

We do not use automated decision-making processes, including profiling, that produce legal effects concerning you or similarly significantly affect you. While we may use automated tools for fraud detection, spam filtering, or service optimization, these processes do not result in decisions that have legal or similarly significant effects on individuals. If this changes in the future, we will update this policy and, where required, provide you with notice and an opportunity to object.

Note: Our payment processor, Stripe, may perform automated fraud analysis on payment transactions as part of its processing services. Such analysis is conducted by Stripe as an independent controller and is subject to nDSG principles and Stripe's Privacy Policy.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Client-side end-to-end encryption using passkey-derived keys (for applicable services)
• Zero-knowledge-oriented architecture in which encryption keys are derived client-side and are designed not to be persisted on our servers
• Secure authentication mechanisms
• Access controls and authentication for administrative access
• Rate limiting to protect against brute force attacks on authentication endpoints
• CSRF (Cross-Site Request Forgery) protection using secure token validation
• Short-lived session tokens with automatic refresh and expiry controls
• Security event logging for audit trails and incident response
• Periodic internal security reviews
• Secure hosting infrastructure

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Swiss FDPIC (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter) as soon as possible after becoming aware of the breach, as required by Article 24 nDSG
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Document the breach, including its effects and the remedial actions taken

Our breach notification will include, where possible: a description of the nature of the breach, the likely consequences, the measures taken to address the breach, and contact information for further inquiries.

10.2 End-to-End Encryption

Helvety Tasks and Helvety Contacts implement end-to-end encryption to protect your content. Other Helvety services (helvety.com, Helvety Auth, Helvety PDF, Helvety Store) do not use end-to-end encryption. For Helvety Tasks and Helvety Contacts:

• Encryption keys are derived from your passkey using the WebAuthn PRF (Pseudo-Random Function) extension
• Encryption and decryption operations are designed to occur locally in your browser
• We store only PRF parameters (salt values) that allow your device to re-derive the same key
• Our architecture is designed so that we are generally unable to decrypt your content during normal operation because encryption keys are derived client-side and are not intentionally stored on our servers
• Your passkey (stored on your device) is required to access encrypted content
• Additional Authenticated Data (AAD) binds each ciphertext to a specific record, preventing encrypted data from being moved or replayed in a different context
• Record identifiers for encrypted data are generated on your device, not by our servers

Helvety Tasks encrypted fields: titles, descriptions, and start/end dates. Non-encrypted structural metadata: record identifiers, timestamps, priority levels, display preferences (sort orders), and entity relationships (e.g., stage and label references).

Helvety Contacts encrypted fields: first and last names, description, email, phone, birthday, and notes. Non-encrypted structural metadata: record identifiers, timestamps, display preferences (sort orders), and immutable built-in taxonomy references (category IDs).

This approach is designed to help protect your encrypted content in the event of a data breach on our servers. Browser requirements for end-to-end encryption can change over time; refer to the current product documentation for supported platforms.

11. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@helvety.com. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the "Last reviewed" date and, where required by law or reasonably practicable, provide notice:

• Update the "Last reviewed" date at the top of this page
• Via email (for account holders) and/or through a notice on the Services

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the revised policy.

13. Contact Information

For any questions about this Privacy Policy or our data practices, or to exercise your data protection rights, please contact us: