Privacy Policy

1. Introduction

This Privacy Policy explains how AI SEO Software Ltd (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use HelperOne.ai (“the App”), including the iOS application and the website at helperone.ai.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the App, you acknowledge that you have read and understood this policy.

2. Data We Collect

2.1 Account Information

When you create an account or sign in (including via Apple Sign In or Google), we receive and store:

• Your name and email address
• Account identifier from the sign-in provider
• Profile picture URL (if provided by the sign-in provider)

2.2 Device & Technical Data

When you use the App on your iOS device, we may collect:

• Device model, operating system version, and app version
• Unique device identifiers (e.g. Identifier for Vendors) — we do not collect the Advertising Identifier (IDFA) without your explicit consent via App Tracking Transparency
• Language and locale settings
• Crash logs and performance diagnostics

2.3 Camera & Microphone Data

HelperOne.ai is a video and audio enabled AI assistant. With your explicit permission, the App accesses your device's camera and microphone for real-time video and audio interactions with your AI assistant. We process this data in real time to provide the service. Video and audio streams are not permanently stored on our servers unless you explicitly choose to save a session. You can revoke camera and microphone access at any time through your iOS Settings.

2.4 Conversation Data

Messages, prompts, and interactions with your AI assistant (including text, audio transcriptions, and session metadata) are processed in real time by our infrastructure. To generate AI responses, your conversation content is transmitted to the third-party AI providers listed in Section 5. We may retain conversation logs for a limited period to support debugging, abuse prevention, and service improvement. Your conversation content is not sold, and is not shared with third parties for marketing purposes.

2.5 Payment Data

In-app purchases and subscriptions are processed by Apple through the App Store. We do not receive or store your payment card details. Apple may collect payment information in accordance with their own privacy policy. We store transaction records (amounts, dates, package type) and your subscription status.

2.6 Usage & Analytics Data

We collect anonymised usage data via PostHog, including:

• Screens visited and features used
• Device type and operating system
• Approximate location (country/region level)
• Session duration and interaction patterns

2.7 Push Notifications

If you opt in to push notifications, we store your device push token to send you relevant notifications. You can disable push notifications at any time through your iOS Settings.

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing the App — creating accounts, processing AI interactions (including video and audio), managing credits and subscriptions
• Communication — sending transactional emails and push notifications related to your account or the App
• Security & abuse prevention — detecting prohibited activities, enforcing our Terms of Service, and protecting our infrastructure
• Service improvement — analysing anonymised usage patterns to improve features and user experience
• Legal compliance — meeting our obligations under applicable law

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract — processing necessary to provide the App you have signed up for (Article 6(1)(b))
• Consent — where you have given explicit consent, such as camera/microphone access, push notifications, or optional analytics (Article 6(1)(a))
• Legitimate interests — analytics, security, fraud prevention, and service improvement (Article 6(1)(f))
• Legal obligation — where required by law, such as financial record-keeping (Article 6(1)(c))

5. Data Sharing & Third Parties

We share personal data only with service providers necessary to operate HelperOne.ai.

AI Model Providers

To generate responses to user messages, we transmit chat messages and conversation context to one or more of the following third-party AI service providers, depending on which model a given bot is configured to use:

• OpenAI — Privacy Policy
• Anthropic — Privacy Policy
• OpenRouter — Privacy Policy (a routing gateway that may forward requests to additional underlying AI providers)
• Microsoft Azure OpenAI Service — Privacy Statement

We contractually require each of these providers to maintain data protection standards equivalent to those described in this Privacy Policy, and we share only the minimum data necessary to fulfil user requests. Where supported by the provider, we configure these services to use your conversation content solely to generate responses and not to train their AI models.

Infrastructure & Platform Providers

• Microsoft Azure — cloud infrastructure and hosting
• Apple — App Store, in-app purchases, Sign in with Apple
• Google — OAuth sign-in
• Composio — integration provider for connected services (Gmail, Google Workspace, Slack, Todoist, ClickUp, Reddit, LinkedIn, X/Twitter) — Privacy Policy

Connected Services (Third-Party Integrations)

HelperOne lets you optionally connect third-party services so your assistant can act on your behalf. These connections are entirely optional — the app is fully functional without any of them.

Services. We integrate, or may offer integration with: Gmail, Google Calendar, Google Tasks, Google Drive, Google Docs, Google Sheets, Slack, Reddit, LinkedIn, ClickUp, Todoist, and X (Twitter). Availability varies by release.

How connections work. Authentication is performed through our integration provider, Composio, using each service's standard OAuth authorisation. We do not see or store your third-party passwords. Access tokens are held to maintain the connection and can be revoked at any time by disconnecting the service in the app.

What we access and why. When you connect a service, we access only the data needed to perform the tasks you ask of your assistant — for example email messages and addresses, calendar events and attendees, task lists, documents and files, and messages or posts within a connected service. This data is used solely to provide the features you request. It is never sold, never used for advertising, and never used to train AI models.

Google user data. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Retention and deletion. Connected-service data is retained only as long as needed to provide the feature, or until you disconnect the service. Disconnecting a service removes its stored access tokens. Deleting your account permanently removes your bots, chat history, connected-service data, and associated tokens.

Analytics

• PostHog — anonymised product analytics

We do not sell your personal data to any third party. Disclosure to other parties occurs only when legally required or to protect our rights and safety.

6. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with UK GDPR.

7. Data Retention

• Account data is retained for the lifetime of your account and deleted within 30 days of account closure
• Payment records are retained for 7 years to comply with financial record-keeping obligations
• Conversation logs are retained for up to 30 days and then automatically deleted
• Video and audio session data is processed in real time and not retained unless you choose to save a session
• Analytics data is anonymised and retained in aggregate form

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit and at rest, secure HTTPS connections, and access controls on our infrastructure. The App runs on a dedicated, fully secure virtual private server. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Under UK GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data (“right to be forgotten”)
• Restriction — request that we restrict processing of your data in certain circumstances
• Portability — request your data in a structured, commonly used, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, you may withdraw it at any time (e.g. revoking camera/microphone permissions or unsubscribing from notifications)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

You may also request account and data deletion directly within the App or by emailing [email protected].

10. App Tracking Transparency

We respect Apple's App Tracking Transparency framework. We do not track you across other companies' apps or websites. If any future feature requires tracking, we will request your permission through the iOS App Tracking Transparency prompt before any tracking occurs.

11. Cookies & Local Storage

On our website (helperone.ai), we use the following cookies:

• Session cookies — essential for authentication and maintaining your logged-in state
• Analytics cookies — used by PostHog to understand usage patterns (anonymised)

The iOS app may use local storage on your device for authentication tokens and preferences. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the website.

12. Children's Privacy

The App is not intended for individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account or through a notice in the App. We encourage you to review this policy periodically.

14. Contact

For any questions or concerns about this Privacy Policy or your personal data, contact us at: