Privacy Policy
Last updated June 5, 2026
This Privacy Policy explains how Helmbloom LLC (“Helm,” “we,” “us”) collects, uses, and shares information when you use the Helm platform at helmbloom.com (the “Service”). It applies to business owners who use Helm and to the data they store in it.
1. Information we collect
- Account information: your name, email, password (hashed), business name, and phone number.
- Business & customer data: the records you enter or import — customers, jobs, quotes, invoices, messages, photos, and notes.
- Payment information: processed by Stripe. We store limited billing metadata (such as plan and status) but not full card numbers.
- Usage & device data: log data, IP address, browser type, and feature usage, used to operate and improve the Service.
- Cookies: used for sign-in sessions and basic analytics.
2. How we use information
- To provide, maintain, and secure the Service.
- To power features you use, including AI-assisted text and scheduling.
- To process subscription billing and prevent fraud.
- To provide support and send service-related communications.
- To analyze and improve the Service.
3. AI processing
When you use AI features, relevant text (such as a prompt or message context) is sent to our AI provider (Anthropic) to generate a response. We do not sell your data, and we do not use your Customer Data to train third-party AI models for their own purposes.
4. How we share information
We do not sell your personal information. We share it only with:
- Service providers (subprocessors) that help us run the Service: Stripe (payments), Twilio (SMS), Vapi (AI voice/phone agent), Resend (email), Anthropic (AI), Google (ads and maps), Vercel (hosting), Neon (database), and Cloudflare (storage/CDN).
- Authorities, when required by law or to protect rights, safety, and security.
- A successor entity in connection with a merger, acquisition, or sale of assets, subject to this Policy.
5. Your customers' data
When you use Helm to manage your own customers, you are the controller of that data and Helm acts as your processor, handling it on your behalf to provide the Service. You are responsible for having a lawful basis to collect and contact your customers.
6. Data retention
We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion as described below.
7. Security
We use industry-standard measures — including encryption in transit, hashed passwords, and access controls — to protect your information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
8. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing (for example, under GDPR or CCPA/CPRA). You can export your data at any time from within the Service, or contact us to exercise these rights.
9. Cookies
We use essential cookies to keep you signed in and limited analytics cookies to understand usage. You can control cookies through your browser settings, though disabling them may affect how the Service works.
10. Children's privacy
The Service is intended for businesses and is not directed to children under 18. We do not knowingly collect data from children.
11. International users
The Service is operated from the United States. If you access it from outside the U.S., you consent to the processing of your information in the U.S., where data-protection laws may differ from those in your country.
12. Communications & consent
Helm sends two kinds of messages. Transactional messages (such as booking confirmations, reminders, and account notices) are sent as part of providing the Service. Marketing messages are sent only with consent.
- SMS/text: when a business collects your number through a Helm booking form, it asks for your consent to receive texts. Message and data rates may apply, message frequency varies, and you can reply STOP to opt out or HELP for help at any time. Promotional texts are sent only 8am-9pm in your local time.
- Mobile numbers and SMS consent: we do not sell, rent, or share your mobile phone number or your SMS opt-in consent with third parties or affiliates for their own marketing or promotional purposes. SMS opt-in consent is never shared with anyone for marketing.
- Email: marketing emails include an unsubscribe link and the sender's postal address, as required by CAN-SPAM. You can opt out at any time.
- Carrier opt-out (STOP) and unsubscribe requests are honored across the Service.
13. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will provide notice. Continued use of the Service after changes take effect constitutes acceptance.