Privacy Policy

Helix is operated by Helix Clinical LLC., a Michigan limited liability company ("Helix," "we," "us," or "our"). This Privacy Policy applies to the Helix iOS app, the Helix Clinical web platform at helixclinical.org, and any related services (collectively, the "Services").

If you have questions about this policy, contact us at hello@helixclinical.org.

Account information. When you register, we collect your email address and, for clinical practices, your practice name. Passwords are hashed and never stored in plain text.

Profile data. If you choose to provide it, we store body stats you enter (age, weight, biological sex, goals) to personalize your experience. This information is stored in your account and used only to generate recommendations within the app.

Protocol and tracking data. Compounds you track, doses you log, vial inventory, check-in responses, and notes you create are stored in your account.

Payment information. Pro subscriptions are processed by Apple (App Store) and RevenueCat. We do not receive or store your credit card number. RevenueCat provides us with subscription status only.

Usage data. We collect standard server logs (IP address, browser/device type, pages visited, timestamps) to operate and improve the Services. We do not sell this data.

Communications. If you contact us by email, we retain that correspondence to respond to you.

We do not store health records, medical history, lab results, or protected health information (PHI) on our own servers. All user data is stored in Supabase, our database provider, which maintains its own security certifications. Compound research content, AI responses, and tracking data are not transmitted to or stored by any third-party AI provider beyond the scope of generating your response.

We use your information to:

• Create and maintain your account

• Deliver and personalize the Services (e.g., stack recommendations, AI responses)

• Process subscription status via RevenueCat

• Send transactional emails (appointment reminders, password resets, practice invitations) via Resend

• Respond to support requests

• Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

The Ask Helix AI feature sends your question, relevant body profile data (age, weight, sex, active compounds), and context you provide to generate a response. This data is used solely to answer your question and is not used to train AI models. Do not include sensitive personal or medical information beyond what is necessary for your question.

If you use Helix Clinical as a practice administrator, you are responsible for obtaining appropriate consent from your patients before adding their information to the platform. We act as a data processor on your behalf. Patient data entered into Helix Clinical is stored in Supabase and is not shared with other practices or third parties.

We share data only with:

• Supabase — database and authentication infrastructure

• RevenueCat — subscription management

• Resend — transactional email delivery

• Apple — App Store payments and distribution

• Law enforcement — only when required by valid legal process

We do not sell, rent, or share your personal data with advertisers or data brokers.

The Services are available to users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us at hello@helixclinical.org and we will delete the account promptly.

We retain your account data for as long as your account is active. You may request deletion of your account and associated data at any time by emailing hello@helixclinical.org. We will process deletion requests within 30 days, except where retention is required by law.

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. No system is completely secure. If you discover a security vulnerability, please report it to hello@helixclinical.org.

You may access, correct, or delete your personal data at any time through the app settings or by contacting us. Michigan residents and users in applicable jurisdictions may have additional rights under applicable privacy laws. Contact hello@helixclinical.org to exercise your rights.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at helixclinical.org/privacy and updating the "Last Updated" date below. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.

Helix Clinical LLC.

hello@helixclinical.org

Michigan, USA