Privacy Policy

The data controller responsible for processing your personal data is:

Udhold APS
CVR: 42341576 — Denmark
Email: privacy@helmos.dk

We collect and process the following categories of personal data:

• Account & Contact Data: Name, email address, and password hash when you register or join our waitlist.
• Vessel & Telemetry Data: GPS coordinates, speed, heading, depth, wind data, and other NMEA readings transmitted by the Helm Core device.
• Usage Data: Pages visited, features used, browser type, IP address, and device identifiers collected through Google Analytics (only with your consent).
• Payment Data: Billing is handled entirely by Stripe. We do not store credit card numbers or full payment credentials.
• Cookies: We use strictly necessary cookies for session management, and optional analytics cookies subject to your consent.

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): To deliver the Service you have subscribed to.
• Consent (Art. 6(1)(a)): For analytics cookies and marketing communications. You may withdraw consent at any time via our cookie banner.
• Legitimate interests (Art. 6(1)(f)): For fraud prevention, platform security, and improving the Service.
• Legal obligation (Art. 6(1)(c)): Where required by Danish or EU law.

• Providing, maintaining, and improving the HelmOS platform.
• Processing your waitlist registration and communicating launch updates.
• Sending transactional emails (account, billing, security alerts).
• Analysing usage patterns to improve features — only when analytics consent is granted.
• Complying with legal, regulatory, and tax obligations.

We use the following categories of cookies:

• Strictly necessary: Required for core platform functionality (session tokens, CSRF protection). These cannot be disabled.
• Analytics (optional): Google Analytics 4, loaded only when you grant consent via our cookie banner. You can revoke consent at any time.

We do not use advertising or cross-site tracking cookies.

We do not sell your personal data. We share data only with the following processors:

• Supabase Inc. — cloud database and authentication (US/EU).
• Stripe Inc. — payment processing (US/EU).
• Google LLC — analytics, only with your consent (US/EU).
• Netlify Inc. — hosting and edge delivery (US/EU).

All processors are subject to data processing agreements and operate under appropriate safeguards including Standard Contractual Clauses where applicable.

Some processors are based outside the European Economic Area (EEA). Transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent adequacy mechanisms.

We retain personal data for as long as necessary to provide the Service and comply with legal obligations:

• Account data: retained for the duration of your account plus 2 years.
• Telemetry / voyage logs: retained for the period covered by your subscription plan.
• Waitlist data: deleted within 12 months of general availability launch.
• Analytics data: retained per Google Analytics default retention settings (14 months).

As a data subject in the EU/EEA you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Restriction — limit how we process your data.
• Portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — at any time, without affecting lawfulness of prior processing.

To exercise any of these rights, email privacy@helmos.dk. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Authority (datatilsynet.dk).

We implement industry-standard security measures including TLS encryption in transit, bcrypt-hashed credentials, row-level security on all database tables, and access controls limiting data access to authorised personnel only.

We may update this Privacy Policy periodically. We will notify you via email or a prominent banner on the platform before changes take effect. The effective date at the top of this page reflects the most recent revision.

For any privacy-related questions, contact our Data Protection team:
Udhold APS — CVR: 42341576 — Denmark
Email: privacy@helmos.dk