HelixGate
Talk to usBook a demo

Privacy Policy

How HelixGate Technologies Limited handles personal data — in plain English, then in the formal terms a DPO needs.

In short

We collect the personal data we need to operate the HelixGate platform and serve our customers. We don’t sell data. We don’t train AI models on customer data. We host UK customer data in UK regions by default. You have the rights you’d expect under UK GDPR — access, rectification, erasure, portability, objection — and we make them easy to exercise.

Who we are

HelixGate Technologies Limited (“HelixGate”, “we”, “us”), registered in England & Wales, company number 16676827. Registered office available on request. Email: privacy@helixgate.io.

Our two roles

Controller for personal data of website visitors, prospects, and customer administrative contacts.

Processor for personal data our customers upload into the HelixGate platform. The customer is the controller; we process on their instructions under a Data Processing Agreement.

What we collect

  • Contact data — name, email, company, role — when you contact us, request a demo, or sign up for a tenant.
  • Account data — the credentials, role assignments, and audit-log entries generated when you use the platform.
  • Usage data — standard server logs (IP, user agent, request paths, response codes) for security and operational purposes.
  • Cookies — the marketing site uses minimal essential cookies only. The platform uses session cookies for authentication.

Lawful basis

Contract performance for delivering the platform. Legitimate interest for operating the marketing site and responding to enquiries. Consent for any optional analytics or marketing communications.

How long we keep it

Customer-uploaded data: per the controller’s configured retention policy. Audit logs retained per policy with anonymisation of departed users (UK GDPR Article 17). Marketing enquiry data: 24 months unless you ask us to remove it sooner. Server logs: 90 days.

Sub-processors

We use a small number of sub-processors to deliver the platform — cloud hosting, email delivery, error monitoring. The current list is available on request and is part of the DPA. We notify customers before adding a new sub-processor.

Where we host data

UK regions by default. Enterprise customers can request alternative regions (EU, US) at onboarding. Cross-border transfers, where they occur, rely on the appropriate UK-IDTA / EU SCC mechanism.

Your rights

You can request access to, correction of, or deletion of your personal data. You can object to or restrict processing. You can request data portability. To exercise any right, email privacy@helixgate.io — we acknowledge within 2 business days and respond substantively within 30 days.

If we are processing on behalf of a customer (you are a user on a tenant), please contact that customer first; if that doesn’t resolve it, we will help.

You may also lodge a complaint with the UK ICO (ico.org.uk).

Security

Detailed in our security architecture page. AES-256-GCM at rest, TLS 1.3 in transit, physical isolation per tenant, immutable audit trails enforced at the database layer, TOTP MFA, NIST SP 800-63B AAL2-aligned authentication.

Changes

We’ll update this policy when we change practice. The “last updated” date at the top tells you when. Material changes are notified to active customers by email.

HelixGate Technologies Limited · Registered in England & Wales 16676827 · Contact