Privacy Policy

Helix is operated by Helix Clinical LLC., a Michigan limited liability company ("Helix," "we," "us," or "our"). This Privacy Policy applies to the Helix iOS app, the Helix Clinical web platform at helixclinical.org, and any related services (collectively, the "Services").

If you have questions about this policy, contact us at hello@helixclinical.org.

Account information. When you register, we collect your email address and, for clinical practices, your practice name. Passwords are hashed and never stored in plain text.

Profile data. If you choose to provide it, we store body stats you enter (age, weight, biological sex, goals) to personalize your experience. This information is stored in your account and used only to generate recommendations within the app.

Protocol and tracking data. Compounds you track, doses you log, vial inventory, check-in responses, and notes you create are stored in your account.

Payment information. Pro subscriptions are processed by Apple (App Store) and RevenueCat. We do not receive or store your credit card number. RevenueCat provides us with subscription status only.

Usage data. We collect standard server logs (IP address, browser/device type, pages visited, timestamps) to operate and improve the Services. We do not sell this data.

Communications. If you contact us by email, we retain that correspondence to respond to you.

We do not store health records, medical history, lab results, or protected health information (PHI) on our own servers. All user data is stored in Supabase, our database provider, which maintains its own security certifications. When you use AI-powered features, relevant data is transmitted to Anthropic (our third-party AI provider) solely to generate your response. Anthropic does not use your data to train its models. See Section 5 for full details.

We use your information to:

• Create and maintain your account

• Deliver and personalize the Services (e.g., stack recommendations, AI responses)

• Process subscription status via RevenueCat

• Send transactional emails (appointment reminders, password resets, practice invitations) via Resend

• Respond to support requests

• Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

Helix uses Anthropic's Claude AI to power the following features: Ask Helix (AI chat), label and vial scanning, and lab report analysis.

What data is sent to Anthropic:

• Ask Helix: your question, active compounds and doses, body profile (age, biological sex, weight, height, experience level), and any lab results you have on file

• Label & vial scanning: the photo you take or upload of a product label

• Lab report analysis: the image or PDF of your lab report

How it is used: Data is transmitted to Anthropic's servers solely to generate your response. Anthropic does not use your data to train its AI models and processes it under their Privacy Policy (anthropic.com/privacy).

Your consent: The app asks for your explicit consent before sending any data to Anthropic. You can withdraw consent at any time in Settings → Privacy → AI Data Sharing. Withdrawing consent disables AI features until consent is re-granted.

Do not include sensitive personal or medical information beyond what is necessary for your question.

If you use Helix Clinical as a practice administrator, you are responsible for obtaining appropriate consent from your patients before adding their information to the platform. We act as a data processor on your behalf. Patient data entered into Helix Clinical is stored in Supabase and is not shared with other practices or third parties.

We share data only with:

• Supabase — database and authentication infrastructure

• Anthropic — third-party AI provider powering Ask Helix, label scanning, and lab report analysis (see Section 5). Data shared: health profile, active compounds, lab results, and label/lab photos, solely to generate your response.

• RevenueCat — subscription management

• Resend — transactional email delivery

• Apple — App Store payments and distribution

• Law enforcement — only when required by valid legal process

We do not sell, rent, or share your personal data with advertisers or data brokers.

The Services are available to users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us at hello@helixclinical.org and we will delete the account promptly.

We retain your account data for as long as your account is active. You may request deletion of your account and associated data at any time by emailing hello@helixclinical.org. We will process deletion requests within 30 days, except where retention is required by law.

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. No system is completely secure. If you discover a security vulnerability, please report it to hello@helixclinical.org.

You may access, correct, or delete your personal data at any time through the app settings or by contacting us. Michigan residents and users in applicable jurisdictions may have additional rights under applicable privacy laws. Contact hello@helixclinical.org to exercise your rights.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at helixclinical.org/privacy and updating the "Last Updated" date below. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.

Helix Clinical LLC.

hello@helixclinical.org

Michigan, USA