1. Introduction
Helixa (“we,” “our,” or “us”) is a personal health tracking application developed by Kirubel. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Helixa app. We are committed to protecting your privacy and handling your data responsibly.
2. Information We Collect
We collect the following categories of information to provide and improve our service:
| Data Type | Purpose | Storage |
|---|---|---|
| Email address | Account creation and authentication | Supabase Auth (encrypted) |
| Body weight | Progress tracking and benchmarks | Supabase Database (RLS-protected) |
| Medication name, dose, injection dates | GLP-1 tracking and PK estimates | Supabase Database (RLS-protected) |
| Side effects logged | Personal reference and pattern tracking | Supabase Database (RLS-protected) |
| Daily tags (food, exercise, mood) | Lifestyle tracking | Supabase Database (RLS-protected) |
| AI Coach conversation messages | Personalized coaching responses | Supabase Database (RLS-protected) |
We do NOT collect: your real name, phone number, physical address, GPS location, device contacts, photos, or any biometric data.
3. How We Use Your Information
- To provide the service: Your data powers the tracking features, PK level estimates, benchmark comparisons, and AI Coach responses.
- To improve the app: We may use aggregated, anonymized data to understand usage patterns and improve features.
- To communicate with you: We may send essential service emails (e.g., password reset, account verification) using Resend as our email delivery provider.
We do NOT use your data for advertising, sell your data to third parties, or share individual health data with anyone.
4. Third-Party Services
Helixa uses the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, edge functions | Email, all user-entered health data |
| Google Gemini API (Flash 2.0) | AI Coach feature | Conversation messages (no PII sent beyond what user types) |
| Resend | Transactional email delivery | Email address only |
| RevenueCat | Subscription management (future) | Anonymous user ID, purchase status |
Each third-party service has its own privacy policy. We encourage you to review them.
5. Data Storage and Security
- All data is stored in Supabase cloud infrastructure with encryption at rest and in transit.
- Row Level Security (RLS) is enabled on all database tables, ensuring users can only access their own data.
- Authentication is handled via Supabase Auth with secure token-based sessions.
- We do not store passwords in plain text. All authentication credentials are managed by Supabase’s secure auth system.
6. Data Retention and Deletion
Your data is retained for as long as your account is active. You may:
- Delete individual records (weight logs, shots, side effects) at any time within the app.
- Delete your entire account through Settings → Account → Delete Account. This permanently removes all your data from our servers including your authentication record.
- Export your data before deletion if you wish to retain a personal copy.
Account deletion is irreversible. Once deleted, your data cannot be recovered.
7. HIPAA Disclaimer
Helixa is NOT a HIPAA-covered entity. Helixa is a personal wellness and tracking tool, not a healthcare provider, health plan, or healthcare clearinghouse. While we take reasonable measures to protect your data, we do not claim HIPAA compliance. If you require HIPAA-compliant health data management, please consult your healthcare provider.
8. Children’s Privacy
Helixa is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data (available directly in-app).
- Portability: Request your data in a portable format.
- Objection: Object to processing of your data.
To exercise any of these rights, contact us at support@helixaapp.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through in-app notifications. Your continued use of Helixa after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
support@helixaapp.com
Developer: Kirubel
Jurisdiction: United States — State of Maryland