Helix.
← Back Legal

Privacy Policy

Effective: May 2026

Short version: your research logs (doses, vials, cycles, journal, metrics) stay on your device. The only personal data stored on our servers is the account identity needed to sign you in. We run no analytics, no advertising trackers, and we never sell your data.

1. Who we are

Helix (“Helix,” “we,” “us”) is a research and education tool for tracking peptide protocols. This policy explains what data the app handles and how. By using Helix you agree to this policy together with our Terms of Use.

2. Data stored on your device only

The research information you enter — including peptides you save, vials and reconstitution details, cycles and stacks, logged doses, injection sites, journal entries, and health metrics (such as weight, sleep, or lab values) — is stored locally on your device in the app's database. In this version of the app, this information is not transmitted to us or to any third party; it does not leave your device unless you choose to export or share it yourself.

3. Data stored on our backend

To provide sign-in and your founding-member status, we store a small amount of account data with our authentication and database provider:

  • Email address — used to create and secure your account.
  • Display name — only if your sign-in provider (Apple or Google) supplies it.
  • Account record — your account identifier, your acceptance of the terms and safety acknowledgement (with timestamps), founding-member status, and basic app preferences.

We do not store your research logs or health metrics on our backend in this version of the app.

4. How you sign in

Helix offers sign-in with Apple, Google, or email and password. When you use Apple or Google, that provider authenticates you and returns a limited identity token (and, if you allow it, your email and name). Your sign-in session is stored securely on your device. If you use Apple's “Hide My Email” feature, we only ever receive the relay address Apple provides.

5. Service providers

We rely on a few infrastructure providers that process data on our behalf. We do not sell data to anyone, and we do not share data with advertising networks or analytics brokers.

  • Supabase — hosts authentication and the account records described above.
  • Apple and Google — process sign-in when you choose those methods; Google Play Services is also required for Google sign-in on Android.
  • Expo / EAS — delivers over-the-air app updates. When the app checks for an update, the update service may receive standard request information (such as your device's app/runtime version and IP address). It does not receive your account or research data.

6. What we do not do

  • No third-party analytics SDKs (no Google Analytics/Firebase Analytics, PostHog, Segment, Amplitude, Mixpanel, or similar).
  • No crash-reporting SDKs (no Sentry, Crashlytics, or Bugsnag).
  • No advertising, ad identifiers, or cross-app tracking.
  • No remote push notifications. Reminders are scheduled locally on your device; we collect no push token.
  • No selling or renting of personal data.

7. Notifications

If you enable reminders, Helix schedules them entirely on your device using the local notification system. No reminder data is sent to a server, and no push-notification token is collected.

8. Data retention and deletion

You are in control of your data:

  • Local data remains on your device until you delete it or uninstall the app.
  • Delete Account (Settings → Delete Account) immediately erases your local data on the device and flags your account for deletion on our backend. Backend account records are permanently purged within 30 days of that request.
  • Sign out clears your session on the device without deleting your account.

9. Children

Helix is intended only for adults aged 18 or older. We do not knowingly collect data from anyone under 18.

10. Security

Your sign-in session is held in your device's secure storage, and connections to our backend use encryption in transit. No method of storage or transmission is perfectly secure, but we work to protect your information using industry-standard measures.

11. Your rights

Depending on where you live, you may have rights to access, correct, or delete your personal data. Because your research logs live on your device, you can access and delete them directly in the app. For account data on our backend, use Delete Account or contact us using the details below.

12. Changes to this policy

We may update this policy as the app evolves — for example, when optional cross-device sync is introduced in a future version. Material changes will be reflected here with an updated effective date.

13. Contact

Questions about this policy or your data? Contact us at support@gethelixapp.org.