Privacy Policy

Helfi Privacy Policy

Effective Date: [Insert Launch Date]

This Privacy Policy explains how Helfi ("we," "us," or "our") collects, uses, discloses, and protects your information when you use our mobile application and associated services (collectively, the "App").

By using the App, you consent to the practices described in this policy. If you do not agree with this Privacy Policy, do not use the App.

1. Information We Collect

a. Information You Provide Directly:

  • Name, email address, gender, age, height, weight, and other demographic data
  • Health goals, symptom ratings, supplement and medication data
  • Uploaded content (e.g., supplement labels, symptom images, notes)
  • Laboratory report PDFs and extracted lab test results (analyte names, values, units, reference ranges, collection dates, accession numbers, and laboratory names)
  • Payment and subscription information
  • Customer support communications

b. Automatically Collected Data:

  • Device information (type, OS version, IP address)
  • App usage logs and activity patterns
  • Error and crash reports

c. Data from Wearables & Third-Party Integrations (with your permission):

  • Apple Health, Google Fit, Garmin, Withings, etc.
  • Steps, heart rate, distance, sleep, calories, etc.

User Consent for Report Uploads

When you upload a laboratory or medical report (for example, a PDF of blood results) and supply any associated password, you explicitly authorise Helfi to temporarily use that password to decrypt the file and extract relevant medical markers.

  • The password is never stored, logged, or reused.
  • Once extraction is complete, the structured data is securely stored in encrypted form and the original file is deleted unless you choose to retain an encrypted copy for your records.

2. How We Use Your Data

We use your data to:
  • Provide and personalize the App's features
  • Deliver AI-generated reports and symptom analysis
  • Parse, normalize, display, and analyze laboratory test results for your personal use
  • Improve app functionality and AI accuracy through anonymized training data
  • Process payments and manage subscriptions
  • Send reminders, updates, and relevant notifications
  • Respond to support requests and inquiries
  • Comply with legal obligations and enforce our Terms of Use

3. How We Share Your Data

We do not sell your personal data. We only share it as follows:
  • Service Providers: For hosting, analytics, payment processing, and technical support
  • Legal Requirements: If required by law, court order, or regulatory request
  • Business Transfers: If Helfi is involved in a merger, acquisition, or sale of assets, your data may be transferred
  • With Consent: We may share data if you provide explicit permission

4. Data Security

We use encryption, secure cloud storage, and access control measures to protect your data. Despite best efforts, no system is completely secure. You use the App at your own risk.

Data Security and Encryption

We use industry-standard encryption to protect your data both in transit and at rest. All data transmitted between the App and our servers uses TLS 1.2 or higher.

  • Uploaded documents (such as laboratory reports or blood test PDFs) are stored securely in encrypted cloud storage.
  • Sensitive health data and structured lab results are encrypted at rest using AES-256-GCM encryption, which is an industry-standard encryption algorithm.
  • Structured health data is encrypted at the field level with unique per-record encryption keys, ensuring that each piece of data has its own encryption key.
  • Data encryption keys are protected using envelope encryption, where keys are encrypted with a master key stored securely in environment variables.
  • We maintain strict access controls — only authorised personnel can access sensitive data, and all access is logged and audited.

Laboratory Report Security

  • TLS in transit: All data is encrypted during transmission using TLS 1.2 or higher
  • Encryption at rest: Structured lab data is encrypted using AES-256-GCM with per-record encryption keys
  • Envelope encryption: Data encryption keys are wrapped using a master encryption key for additional security
  • Secure cloud storage: Original PDFs (if retained) are stored in encrypted cloud storage with access controls
  • Restricted access: Only authorized systems and personnel can decrypt and process PDFs
  • Audit logs: Full audit trail maintained for all processing activities, including uploads, decryption, extraction, and deletion
  • Password handling: PDF passwords are used only once for decryption and are never stored, logged, or reused

Breach notification: If a breach occurs that may cause harm, Helfi will notify affected users and authorities per the Australian Notifiable Data Breaches scheme.

5. Your Rights and Choices

Depending on your location, you may have the right to:
  • Access the data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict our data processing
  • Withdraw consent at any time (affects future processing only)
  • Lodge a complaint with a data protection authority

To exercise your rights, contact us at: support@helfi.ai

6. International Users

We are based in Australia but serve users worldwide. Your information may be processed in countries with different data protection laws. By using the App, you consent to this transfer and processing.

7. Data Retention and Deletion

By default, Helfi deletes original uploaded documents (such as PDFs) immediately after extraction. If you opt to retain a copy, it remains encrypted and accessible only through your authenticated account.

  • Structured health data is retained until you delete your account or request deletion.
  • System audit logs are maintained for security and compliance purposes. We retain audit logs as necessary to comply with legal obligations and for security monitoring.
  • You can request data deletion or export at any time via in-app settings or by contacting us at support@helfi.ai

Laboratory Report Retention

  • Structured data: Lab values are retained until account deletion or until you request deletion
  • Original PDFs: Deleted by default immediately after extraction unless you choose to retain them
  • Consent records: Retained for compliance and audit purposes
  • Audit events: Retained for security monitoring and compliance with legal requirements

8. Children's Privacy

The App is not intended for users under the age of 18. We do not knowingly collect data from anyone under 18. If we become aware of such data, we will delete it immediately.

9. Cookies & Tracking Technologies

We may use cookies or similar technologies for app functionality, usage analytics, and performance tracking. You can disable tracking through your device settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified within the App or via email. Continued use of the App after changes are posted constitutes your acceptance.

11. Contact Us

For questions about this Privacy Policy or your personal data, contact:

Email: support@helfi.ai

Mailing Address: [Insert Business Address Here]

By using Helfi, you confirm that you have read, understood, and agreed to the terms of this Privacy Policy.

For questions or concerns about your privacy, please contact us at: support@helfi.ai