HeliosBack to Home

GLBA Privacy Notice

Last updated: March 15, 2026 · Effective immediately

This notice is provided in accordance with the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. §§ 6801–6809, and its implementing regulations. It describes how Helios Finance collects, shares, and protects your nonpublic personal information (“NPI”).

FACTS: WHAT DOES HELIOS FINANCE DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Name, email address, and account credentials
  • Bank account balances, transaction history, and account numbers (via Plaid)
  • Investment holdings, brokerage account data, and portfolio values
  • Payment and billing information (processed by Stripe)
  • Income and employment information (if provided via linked accounts)

How?

All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Helios Finance chooses to share; and whether you can limit this sharing.

Reasons We Can Share Your Personal Information

Reasons we can share your personal informationDoes Helios share?Can you limit?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes — to offer our products and services to youNoWe don't share
For joint marketing with other financial companiesNoWe don't share
For our affiliates' everyday business purposes — information about your transactions and experiencesNoWe don't share
For our affiliates' everyday business purposes — information about your creditworthinessNoWe don't share
For nonaffiliates to market to youNoWe don't share

Who We Are

Who is providing this notice?Helios Finance, operating at helios-finance.com. Helios Finance provides a personal finance dashboard that aggregates financial account data, tracks investments, and offers spending analytics.

What We Do

How does Helios Finance protect my personal information?To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include:
  • Encryption of all data in transit (TLS 1.2+) and at rest (AES-256 via Google Cloud)
  • Plaid access tokens encrypted with a separate encryption key
  • Passwords hashed using bcrypt (cost factor 12)
  • Secrets managed via Google Cloud Secret Manager
  • Infrastructure hosted in a SOC 2 Type II certified environment (Google Cloud Platform)
  • JWT-based authentication with 7-day token expiry
How does Helios Finance collect my personal information?We collect your personal information when you, for example:
  • Create an account or provide your contact information
  • Link your bank or brokerage accounts via Plaid
  • Enter or import financial transactions and investment holdings
  • Pay for a subscription via Stripe
  • Sign in via Google OAuth
  • Use or navigate the Service
Why can't I limit all sharing?Federal law gives you the right to limit only:
  • Sharing for affiliates' everyday business purposes — information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See the “Other important information” section below for details.

Definitions

AffiliatesCompanies related by common ownership or control. They can be financial and nonfinancial companies. Helios Finance has no affiliates.
NonaffiliatesCompanies not related by common ownership or control. They can be financial and nonfinancial companies. Helios Finance does not share with nonaffiliates so they can market to you.
Joint marketingA formal agreement between nonaffiliated financial companies that together market financial products or services to you. Helios Finance does not jointly market with other companies.

Service Providers We Share With

We share your nonpublic personal information with the following service providers strictly to operate the Service. These providers are contractually obligated to protect your information and use it only for the purposes for which it was shared:

ProviderPurposeInformation Shared
Plaid Inc.Bank & brokerage account linking and data aggregationAccount credentials (handled entirely by Plaid; we never see or store your bank login)
Stripe Inc.Subscription payment processingName, email, payment method details (card numbers handled entirely by Stripe; we never store them)
Google Cloud PlatformInfrastructure hosting (servers, database, secrets)All service data (encrypted at rest and in transit, stored exclusively in us-central1)
Google OAuthSocial sign-in authenticationGoogle account ID, name, email, profile picture

Data Storage Location

All nonpublic personal information is stored exclusively within the United States.

  • Database: Google Cloud SQL (PostgreSQL) in us-central1 (Council Bluffs, Iowa)
  • Application servers: Google Cloud Run in us-central1
  • We do not transfer, replicate, or store your data outside of the United States

Other Important Information

California Residents: Under the California Financial Information Privacy Act (CalFIPA, SB-1), you have the right to opt out of sharing your personal financial information with nonaffiliated third parties for purposes other than servicing your account. Helios Finance does not share your information with nonaffiliates for marketing or any purpose beyond servicing your account, so no opt-out action is needed.

Vermont Residents: In accordance with Vermont law, we will not share your nonpublic personal information with nonaffiliates unless you provide written consent or the sharing is otherwise permitted by law. We do not currently share with nonaffiliates.

Nevada Residents: We are providing this notice pursuant to Nevada law. If you prefer not to receive marketing calls from us, you may be placed on our internal do-not-call list by contacting us at the address below. Nevada law requires we provide the following: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone: 702-486-3132; Email: aginfo@ag.nv.gov.

Your Right to Opt Out

Because Helios Finance does not:

  • Share your information with affiliates for marketing purposes
  • Share your information with nonaffiliates for marketing purposes
  • Engage in joint marketing with other financial companies
  • Sell, rent, or trade your personal information

…there is currently no opt-out action required on your part. If our sharing practices change in the future, we will provide you with an updated notice and an opportunity to opt out before any such sharing occurs.

Data Retention & Deletion

  • We retain your nonpublic personal information for as long as your account is active and as needed to provide the Service.
  • Upon account deletion, your personal data will be permanently removed within 30 days.
  • You may request deletion of your data at any time by contacting us at privacy@helios-finance.com.
  • Third-party providers (Plaid, Stripe) may retain data subject to their own retention policies and legal obligations.

Questions?

If you have any questions about this GLBA Privacy Notice, please contact us:

Privacy PolicyTerms of ServiceTerms of UseHome