Legal

Privacy Policy

Last updated: 18 June 2026 · Effective: 18 June 2026

This policy explains what information Helicarrier collects when you use the hosted Helicarrier Cloud service, why we collect it, and the choices you have. We try to collect as little as the product needs to run, and never to sell it.

1. Who we are

“Helicarrier”, “we”, “us” refers to the operator of the Helicarrier Cloud platform-as-a-service, reachable at engineering@helicarrier.xyz. For the purposes of applicable data-protection law, we act as the data controller for your account information and as a data processor for the application data you choose to deploy and run on the platform.

This policy covers the hosted service only. If you self-host the open-source Helicarrier engine on your own infrastructure, you are the controller and processor for everything that runs there — this policy does not apply.

2. Information we collect

Information you give us

• Account details — your name, email address, and the password hash created when you sign up.
• Organisation details — the team and project names you create, and members you invite.
• Billing details — handled by our payment processor. We store a customer reference, plan, and invoice history, but never your full card or bank-account numbers.
• Support correspondence — anything you send us by email.

Information created by using the service

• Application content — the source code, container images, environment variables, and database contents you deploy. Your environment variables are encrypted at rest and are decrypted only at deploy time.
• Usage & metering data — the compute resources (such as memory-minutes) your services consume, used to calculate your bill.
• Operational logs — build and runtime logs from your services, and platform logs needed to operate and secure the service.
• Connection metadata — when you connect a GitHub account, the installation identifier and repository list you grant access to.
• Technical data — IP address, browser type, and session identifiers, collected automatically when you use the dashboard.

3. How we use your information

• To provide, operate, build, deploy, and route your services.
• To authenticate you and keep your account secure.
• To meter usage and charge you accurately.
• To detect, prevent, and investigate abuse, fraud, and security incidents.
• To send you service-related messages (deploy results, billing notices, security alerts).
• To provide support and to improve the product.

We do not sell your personal data, and we do not use the contents of the applications or databases you deploy for advertising or to train models.

4. Legal bases

Where data-protection law requires a legal basis, we rely on: performance of our contract with you (to provide the service), our legitimate interests (to secure and improve the platform), compliance with legal obligations (such as tax record-keeping), and your consent where specifically requested.

5. Who we share it with

We share data only with service providers that help us run Helicarrier, under contract and only as needed:

• Payment processors (for example Paystack and Polar) — to take payment and manage subscriptions.
• Infrastructure providers — the cloud hosts and networks the platform runs on.
• Source-control providers — GitHub, when you connect a repository.
• Authorities — when we are legally required to, or to protect the rights, safety, and security of our users and the platform.

6. Data retention

We keep account and application data for as long as your account is active. When you delete a project it is soft-deleted and recoverable for a short window before permanent deletion. When you close your account we delete or anonymise your personal data within a reasonable period, except where we must retain records (such as invoices) to meet legal obligations.

7. Security

We protect data in transit with TLS and encrypt secrets at rest using AES-256-GCM. Passwords are stored only as salted hashes. Access to production systems is restricted and logged. No system is perfectly secure, but we work to protect your data and to notify you promptly of any breach that affects you, as required by law.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise most of these directly in the dashboard, or by emailing engineering@helicarrier.xyz. We will respond within the time required by applicable law.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies.

10. International transfers

Helicarrier may process and store data in countries other than your own. Where we transfer personal data across borders, we use appropriate safeguards as required by applicable law.

11. Children

Helicarrier is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the date above and, where appropriate, notify you by email or in the dashboard.

13. Contact

Questions about this policy or your data? Email engineering@helicarrier.xyz.