Legal

Privacy Policy

Last updated:

OpenHelm ("we," "our," or "the Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software and services.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account information: name, email address, and company name when you register for Business or Cloud tiers.
  • Payment information: processed by our payment processor (Stripe). We do not store full card numbers.
  • Communications: messages you send to our support team or post in our community channels.

1.2 Information Collected Automatically

When you use OpenHelm software or visit our website, we may collect:

  • Usage data: anonymous telemetry about goal success rates, job durations, and feature usage. This data is aggregated and cannot be used to identify you. You can opt out at any time via helm config set telemetry.enabled false.
  • Crash reports: anonymized crash reports to help us fix bugs. These may include stack traces but do not include your code or goal content.
  • Website analytics: standard web analytics including page views, referrer URLs, and browser type via a self-hosted Plausible instance (no cookies, no cross-site tracking).

1.3 What We Never Collect

By design, OpenHelm does not collect:

  • Your source code or project files
  • Goal statements or job outputs
  • Your Anthropic API key
  • Credentials, secrets, or environment variables from your projects
  • Content of files accessed by Claude Code during goal execution

The execution of goals is entirely local to your machine (Community and Business tiers). In Cloud tier, code is processed in isolated VMs that are destroyed after each job — we do not retain your code.

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain our services
  • Process transactions and send related information
  • Respond to support requests and feedback
  • Send product updates, release notes, and security notices (you can unsubscribe at any time)
  • Improve the software based on anonymous usage patterns
  • Detect and prevent abuse or unauthorized use
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising.

3. Data Storage & Security

Account and billing data is stored on servers located in the European Union and/or the United States. We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest) for all stored data.

We retain your data for as long as your account is active. If you delete your account:

  • Account data is deleted within 30 days
  • Anonymized, aggregated usage data may be retained indefinitely (it cannot be traced back to you)
  • Payment records are retained for 7 years as required by financial regulations

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please email — we have a responsible disclosure program and appreciate reports.

4. Third-Party Services

We use a small number of third-party services:

  • Stripe — payment processing. Subject to Stripe's Privacy Policy.
  • GitHub — for repository access in Cloud tier (only repos you explicitly authorize).
  • Postmark — transactional email (receipts, security notices). We do not use marketing email platforms.

We do not use advertising networks, tracking pixels, third-party analytics that set cookies, or social media widgets that track you across sites.

5. Your Rights

Depending on your location, you may have rights including:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your personal data
  • Portability: receive your data in a machine-readable format
  • Objection: object to certain processing of your data

To exercise these rights, email . We will respond within 30 days.

GDPR: If you are in the EU/EEA, our lawful basis for processing is contract performance (for providing services), legitimate interests (for improving the product), and your consent (for marketing communications).

CCPA: California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

6. Children's Privacy

OpenHelm is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will delete it.

7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify registered users by email. Your continued use of OpenHelm after changes constitutes acceptance of the updated policy.

8. Contact Us

For privacy questions or to exercise your rights: