Helix Extract

by Helix Systems LLC

Privacy Policy

Last Updated: January 24, 2026

1. Introduction

Helix Systems LLC ("we," "our," or "us") operates Helix Extract, an AI-powered browser extension for document data extraction. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

  • Email address
  • Password (encrypted) — for direct registration only
  • Account creation date
  • Login timestamps

Google OAuth Information

If you choose to sign in with Google, we receive the following information from Google:

  • Your Google account email address
  • Your name and profile picture (if available)
  • A unique Google account identifier

We do not receive or store your Google password. Google OAuth uses secure token-based authentication.

Usage Data

  • Document processing requests (metadata only, not document content)
  • Token usage statistics
  • Browser extension activity

Document Data

Important: We do not collect, store, or share the content of your uploaded documents. Your document data is:

  • Processed securely via AWS Bedrock AI for data extraction only
  • Never stored on our servers beyond the brief processing window
  • Never shared with third parties or used for any other purpose
  • Encrypted in transit and during processing

3. Browser Extension Permissions

The Helix Extract browser extension requests the following permissions to function. We only request permissions that are essential for the service:

  • Active Tab: Allows the extension to interact with the current webpage when you click the extension icon. We only access the tab you're actively using and only when you initiate an action.
  • Scripting: Enables the extension to extract document content from documents (PDFs, Word documents, and images) for processing.
  • Storage: Stores your authentication token, extension preferences, and a local activity log (last 100 actions) on your device. This data never leaves your browser.
  • Side Panel: Displays the Helix Extract interface in Chrome's side panel for easier access.
  • Identity: Enables secure Google OAuth sign-in without exposing your credentials to the extension.
  • Tabs: Allows the extension to detect when you navigate to a new page so it can update its state accordingly.
  • Host Permissions (api.discoverhelix.com, tool.discoverhelix.com): Allows the extension to communicate with our API servers to process your document extractions. These permissions are limited to our domains only—the extension cannot access or communicate with any other websites.

What we do NOT collect:

  • We do not collect or store your browsing history
  • We do not track which websites you visit
  • We do not access webpage content unless you explicitly initiate a document extraction
  • We do not run in the background or monitor your activity

4. How We Use Your Information

  • To provide and maintain Helix Extract services
  • To process your documents using AI
  • To manage your account and subscription
  • To send service-related communications
  • To improve our services and develop new features
  • To ensure security and prevent fraud
  • To comply with legal obligations

5. Data Storage and Security

Your data security is our top priority. We implement enterprise-grade security measures:

  • End-to-End Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Secure AWS Infrastructure: All processing occurs within AWS's secure infrastructure in US-EAST-1
  • Zero Data Retention: Your uploaded document content is processed in memory and immediately discarded. For multi-page documents requiring layout analysis, content is temporarily stored in encrypted S3 storage during processing and automatically deleted upon completion.
  • Data Isolation: Your document data never escapes our secure processing pipeline and is never accessible to Helix staff
  • Access Controls: Strict role-based access to account data only
  • Security Monitoring: Ongoing security monitoring and threat detection

6. Data Sharing and Disclosure

We do not sell, share, or disclose your uploaded document content to any third parties. Your document data remains completely private and secure.

For essential service operations, we use:

  • AWS Bedrock: AI processing of your documents occurs entirely within AWS's secure infrastructure. Your document content is encrypted, processed, and immediately discarded—it is never stored, logged, or used for model training.
  • AWS (Hosting): Secure cloud infrastructure for our application
  • Stripe: Payment processing (they never see your document content)

We may disclose account information (not document content) only when:

  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers or acquisitions

7. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@discoverhelix.com

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information Collected

  • Identifiers: Email address, name, Google account ID
  • Commercial Information: Subscription and payment history
  • Internet Activity: Extension usage statistics, login timestamps

Your California Rights

  • Right to Know: Request what personal information we have collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. To exercise your California privacy rights, contact us at privacy@discoverhelix.com.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

  • Contract Performance: Processing your documents and managing your account is necessary to provide the service you requested
  • Legitimate Interests: Improving our services, ensuring security, and preventing fraud
  • Consent: Marketing communications (which you can withdraw at any time)
  • Legal Obligation: Compliance with applicable laws

Your GDPR Rights

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request restriction of processing in certain circumstances
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates applicable law.

To exercise your GDPR rights, contact us at privacy@discoverhelix.com.

10. Cookies, Tracking, and Analytics

Cookies

We use essential cookies for authentication and session management only. We do not use third-party advertising cookies or trackers.

Analytics

We do not use third-party analytics services such as Google Analytics, Mixpanel, or similar tools. We collect only basic, anonymized usage metrics (such as total API requests and error rates) to maintain service reliability. These metrics cannot be used to identify individual users or track browsing behavior.

11. Third-Party Services

  • AWS Bedrock: Secure AI processing of document content within AWS infrastructure - your data never leaves the secure AWS environment and is not used for model training
  • AWS Textract: Document text and layout analysis for the verification feature - processes documents to detect text locations, then immediately discards them
  • AWS SES: Email delivery
  • Stripe: Payment processing
  • Google OAuth: Optional authentication

These services operate under strict data protection agreements. Your uploaded document content is only processed by AWS Bedrock and AWS Textract and is never shared with other third-party services.

12. Data Retention

  • Account Data: Retained while your account is active
  • Document Content: Never stored-processed in memory and immediately discarded after extraction
  • Extracted Results: Available in your browser session; we do not retain extraction results on our servers
  • Audit Logs: Usage metadata (not document content) retained for 90 days for security purposes

13. Children's Privacy

Helix Extract is not intended for users under 18. We do not knowingly collect information from children. If you believe we have collected data from a minor, contact us immediately.

14. International Users

Our services are hosted in the United States. By using Helix Extract, you consent to the transfer of your data to the US. We comply with applicable data protection laws.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the service. Continued use constitutes acceptance of the updated policy.

16. Contact Us

For privacy-related questions or concerns:

Email: privacy@discoverhelix.com

Company: Helix Systems LLC