How Helixx AI collects, processes, and protects personal data across Singapore, the EU, the UK, and the UAE — written in plain language with the legal precision regulators expect.
Helixx AI is a product of YHVH Cyrus Enterprises Pte. Ltd. ("Helixx", "we", "us"), a company incorporated in Singapore (UEN: 202240171D) with its registered office at 160 Robinson Road, #14-04 Singapore Business Federation Center, Singapore 068914. We act as a data controller for our website and a data processor when our customers deploy the Helixx platform on their behalf.
We only collect what we need to operate the service and meet legal obligations. This includes:
We process personal data to (a) provide and operate the platform, (b) authenticate users and prevent abuse, (c) comply with legal and regulatory obligations including MAS, GDPR, FCA, and ICO requirements, (d) improve the service through aggregated analytics, and (e) communicate with you about your account and material product changes. We never sell personal data.
For data subjects in the EU and UK, we rely on the following legal bases under GDPR Article 6: contract (to deliver the service you've agreed to), legitimate interests (security, fraud prevention, service improvement), legal obligation (where regulation requires retention), and consent (for optional cookies and marketing communications, which you can withdraw at any time).
Helixx is region-aware by design. Customer data stays in the jurisdiction it originated in (Singapore, EU/EEA, UK, or UAE) unless you explicitly authorize a transfer. For any necessary cross-border transfers, we use Standard Contractual Clauses (UK IDTA where applicable) and conduct transfer impact assessments before processing begins.
Account data is retained for the life of your subscription plus 24 months for audit and legal purposes. Customer-provided data follows the retention period in your Data Processing Addendum (default: 90 days post-termination). Audit logs are retained for 7 years to satisfy MAS and FCA recordkeeping. Marketing communications data is deleted within 12 months of last engagement.
Subject to your jurisdiction, you have the right to access, correct, delete, restrict, port, and object to the processing of your personal data, and to withdraw consent. To exercise any of these, email hello@helixx.ai. We respond within 30 days. If you're not satisfied with our response, you may lodge a complaint with your local supervisory authority — the PDPC (Singapore), ICO (UK), your local DPA (EU), or the relevant UAE regulator.
We maintain appropriate technical and organizational measures including: encryption in transit (TLS 1.3) and at rest (AES-256), single sign-on with mandatory MFA for admin accounts, role-based access control with least-privilege defaults, continuous logging and anomaly detection, and annual third-party penetration testing. We follow ISO 27001 control mappings and are SOC 2 Type II in progress.
We use strictly necessary cookies for authentication and session management, and optional analytics cookies to understand product usage. You can manage optional cookies through your browser or our cookie banner.
We'll post material changes here with a new effective date and notify account admins by email at least 30 days before they take effect.