What This Policy Covers
Helm is a product of Ruwad ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Helm mobile application and related services (collectively, the "Service"). Personal data means any information that identifies or could reasonably identify you as an individual.
Personal Data We Collect
Data you provide directly
| Category | Examples |
|---|---|
| Account information | Name, email address (via Google or Apple sign-in) |
| Content you create | Text, voice recordings, images, and files you capture in the app |
| Workspace data | Topic names, thread content, task details, meeting minutes |
| Communications | Support requests, feedback you send us |
Data collected automatically
| Category | Examples |
|---|---|
| Device information | Device model, operating system, app version |
| Usage data | Feature usage, screen views, interaction patterns |
| Diagnostics | Crash reports, performance metrics, error logs |
| Network information | IP address, connection type |
Data from third-party services
| Source | Data |
|---|---|
| Google Sign-In | Name, email address, profile picture |
| Apple Sign-In | Name, email address (may be relayed) |
| Google Calendar (if connected) | Calendar event titles, times, attendees, and descriptions for meetings you choose to import |
| Google Gmail (if connected) | Email metadata and content for messages you choose to import for knowledge extraction |
Google User Data
When you connect your Google account, Helm requests access only to the specific scopes you authorize. We access, use, store, and share Google user data as follows:
- Access: We access your Google profile (name, email) for authentication, and Calendar/Gmail data only when you explicitly connect these integrations
- Use: Google user data is used solely to provide the Helm service to you — extracting knowledge, creating tasks, and organizing your information
- Storage: Google user data is stored securely on Google Cloud Platform with encryption at rest (AES-256) and in transit (TLS 1.2+). Data is retained only while your account is active
- Sharing: Google user data is shared only with AI processing providers (Anthropic, OpenAI) as necessary to deliver the Service, and only the minimum content needed for processing. We do not sell, rent, or share Google user data for advertising purposes
Helm's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How We Use Your Information
- Service delivery: To operate, maintain, and provide the features of Helm
- AI processing: To process your content using AI for knowledge extraction, task management, summarization, and organization
- Service improvement: To understand usage patterns, fix bugs, and develop new features
- Security: To detect, prevent, and address fraud, abuse, and technical issues
- Communications: To send you service-related notifications and respond to support requests
- Legal compliance: To comply with applicable laws and enforce our Terms of Use
AI Data Processing
Helm uses third-party AI services to process your content. When you submit content for processing:
- Your inputs (text, voice transcriptions, images) are sent securely to AI providers via encrypted connections
- AI providers process your content to extract tasks, generate summaries, detect language, and organize your knowledge
- This processing is performed solely to deliver the Helm service to you
We may use de-identified and aggregated data (data that can no longer identify you) to improve our service and AI processing quality. You may opt out of this in your account settings.
Data Sharing and Disclosure
We do not sell your personal data. We share your data only in the following circumstances:
Service providers
| Provider | Purpose |
|---|---|
| Clerk | Authentication (Google and Apple sign-in) |
| Anthropic | AI content processing and knowledge extraction |
| OpenAI | AI content processing (supplementary) |
| Google Cloud Platform | Infrastructure, hosting, and data storage |
| MongoDB Atlas | Database hosting |
Other circumstances
- Workspace members: Content within a workspace is accessible to other members of that workspace
- Legal requirements: When required by law, legal process, or government request
- Safety: To protect the rights, property, or safety of Ruwad, our users, or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
Cookies and Tracking
The Helm mobile application does not use cookies. Our website (ruwad.solutions) uses:
- Essential cookies: Required for site functionality and security
- Analytics: We use privacy-focused analytics to understand site usage. No personal data is collected through website analytics
Data Storage and Security
Your data is stored on Google Cloud Platform infrastructure. We implement the following security measures:
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Workspace-scoped access controls — users can only access data within their authorized workspace
- JWT-based authentication with short-lived tokens
- Regular security reviews and monitoring
- Rate limiting and abuse prevention
Data Retention
| Data type | Retention period |
|---|---|
| Account and profile data | Retained while your account is active |
| Content and workspace data | Retained while your account is active |
| Voice recordings | Deleted after transcription is complete |
| AI processing inputs | Not retained by AI providers after processing |
| Diagnostics and crash reports | 90 days |
| Usage analytics | 12 months (aggregated) |
When you delete your account, all your personal data (topics, threads, tasks, AI-generated content, and workspace data) is permanently deleted from our systems within 30 days. Backups containing your data are purged within 90 days.
International Data Transfers
Your data may be processed and stored in data centers outside your country of residence, including in the United States and the Middle East. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses where applicable.
Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data (available via Settings > Delete Account)
- Data portability: Request your data in a machine-readable format
- Objection: Object to processing of your data for certain purposes
- Restriction: Request that we limit processing of your data
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at abdulaziz@ruwad.ai with the subject line "Privacy Request: [nature of request]". We will respond within 30 days.
Children's Privacy
Helm is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at abdulaziz@ruwad.ai.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, through in-app notification or email. Your continued use of Helm after the changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, reach out to us: