Privacy Policy
Last updated: March 15, 2026 · Effective immediately
1. Introduction
Helios Finance (“Helios,” “we,” “us,” or “our”) operates the website helios-finance.com and associated services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with the terms of this policy, please do not access the Service.
2. Information We Collect
2.1 Account Information
When you register, we collect your name, email address, and password (hashed). If you sign in via Google, we receive your Google account ID, name, email, and profile picture URL.
2.2 Financial Data
We use Plaid Inc. to securely connect to your bank and brokerage accounts. Plaid transmits your account balances, transaction history, and investment holdings to our Service. We store this data solely to provide the Service to you. We never receive or store your bank login credentials — those are handled entirely by Plaid.
2.3 Payment Information
Subscription payments are processed by Stripe Inc. We do not store your credit card number, CVC, or other payment card details. Stripe retains this information under its own privacy policy.
2.4 Usage Data
We may collect anonymized usage analytics such as pages visited, features used, and device/browser type to improve the Service. This data cannot be used to personally identify you.
3. How We Use Your Information
- To provide, operate, and maintain the Service.
- To aggregate and display your financial data (accounts, transactions, investments, budgets, goals).
- To process subscription payments and manage your account.
- To send you transactional emails (e.g., payment receipts, password resets).
- To detect, prevent, and address fraud, abuse, or technical issues.
- To improve the Service based on anonymized, aggregated usage patterns.
4. We Do NOT Sell Your Data
Helios Finance does not sell, rent, lease, or trade your personal information or financial data to any third party, under any circumstances.
We will never monetize your data through advertising, data brokerage, or any form of data commerce. Your financial information exists in our systems solely to power the features you use.
5. Third-Party Service Providers
We share limited data with the following third-party providers, strictly to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Plaid Inc. | Bank & brokerage account linking | Account credentials (handled by Plaid, not stored by us) |
| Stripe Inc. | Payment processing | Email, name, payment method details |
| Google Cloud Platform | Infrastructure hosting | All service data (encrypted at rest and in transit) |
| Google OAuth | Social sign-in | Google account ID, name, email, profile picture |
These providers are contractually bound to protect your data and may not use it for purposes other than providing services to Helios.
6. Data Storage & Location
All user data is stored exclusively within the United States.
- Our database is hosted on Google Cloud SQL (PostgreSQL) in the
us-central1region (Council Bluffs, Iowa, USA). - Our application servers run on Google Cloud Run in the same
us-central1region. - Data is encrypted in transit (TLS 1.2+) and at rest (AES-256) by Google Cloud.
- We do not replicate, mirror, or transfer your data to any non-US data center or jurisdiction.
7. Data Retention
We retain your personal and financial data for as long as your account is active. If you delete your account:
- Your personal data and financial records will be permanently deleted within 30 days.
- Anonymized, aggregated analytics data (which cannot identify you) may be retained indefinitely.
- Stripe and Plaid may retain data subject to their own retention policies and legal obligations.
8. Your Rights
You have the right to:
- Access — Request a copy of all personal data we hold about you.
- Correction — Request correction of any inaccurate or incomplete data.
- Deletion — Request deletion of your account and all associated data.
- Portability — Request an export of your data in a machine-readable format.
- Objection — Object to processing of your data for any purpose not essential to the Service.
To exercise any of these rights, contact us at privacy@helios-finance.com. We will respond within 30 days.
9. Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted via TLS 1.2+.
- All data at rest is encrypted via AES-256 (Google Cloud managed encryption keys).
- Plaid access tokens are encrypted with a separate encryption key before storage.
- Passwords are hashed using bcrypt with a cost factor of 12.
- Authentication uses JSON Web Tokens (JWT) with 7-day expiry.
- Secrets are managed via Google Cloud Secret Manager (not stored in code or environment files).
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will promptly delete that information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
12. Contact
If you have any questions about this Privacy Policy, please contact us:
- Email: privacy@helios-finance.com
- Website: helios-finance.com