Privacy policy for controlled business document workflows.

This policy explains how Helvabase handles personal data and customer content when someone visits the public site, creates an account, joins a workspace, asks for a pilot, uploads or references business sources, or uses the product to prepare response dossiers.

If a customer has a signed order form, data processing agreement, or other written agreement with Helvabase, that agreement controls where it conflicts with this public policy.

Account and contact data: name, business email, authentication provider, workspace membership, role, invitations, support messages, and pilot requests.

Workspace and project data: organization names, project names, source inventory metadata, review states, output requests, approval notes, and agent handoff settings.

Customer content: documents, links, questionnaires, RFP material, templates, source excerpts, generated drafts, and other files or text that users submit or ask Helvabase to process.

Operational data: device, browser, IP address, request logs, security events, error traces, delivery logs for transactional email, billing events, and similar technical records.

We use data to provide and secure the service, authenticate users, manage workspaces, process source review workflows, create response dossiers and agent context packs, provide support, handle billing, improve reliability, and comply with legal obligations.

Helvabase is designed to keep business context controlled. The product should surface source status, caveats, missing proof, and human review states before generated content is reused or exported.

Helvabase may use Snipara for context, indexing, retrieval, memory, MCP access, and source health. It may also use infrastructure, database, email, authentication, billing, logging, and security providers to operate the service.

These providers process data only as needed for the service relationship, security, compliance, support, and payment operations. Production secrets and service-account keys are handled server-side and are not exposed in public pages.

The service uses essential cookies and similar storage for authentication, sessions, security, and product operation. Helvabase does not need advertising cookies to provide the core business workflow.

If analytics, marketing, or optional tracking tools are added later, this policy should be updated before those tools are used on production traffic.

Helvabase keeps account, workspace, project, customer content, billing, and operational data for as long as needed to provide the service, meet contractual obligations, protect security, resolve disputes, and satisfy legal requirements.

Customers can request deletion or export of workspace data through their account owner or by contacting support. Some records may be retained where required for security, billing, audit, legal, or backup integrity.

Depending on where you are located and how the service is used, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. You may also have the right to lodge a complaint with a data protection authority.

For workspace content, Helvabase may act as a processor for the customer organization. In that case, requests about workspace content may need to be handled through the customer organization that controls the workspace.

For privacy questions, data requests, or security concerns, contact support@helvabase.com. Include the workspace, account email, and request type so the team can route it correctly.