Skip to main content
Helikon Labs
Sign inPublic beta soon
Legal

Privacy policy

Public draft · last updated 2026-04-20.

This privacy policy is in public draft during our beta. It accurately describes how we handle data today. Material changes will be announced via in-app notice and email 30 days in advance of taking effect.

Our commitments

  • We do not sell user data.
  • We do not train third-party models on user content without consent.
  • Research data uploaded to the platform is encrypted at rest and in transit.
  • You can export and delete your data at any time.
  • Institutional deployments can opt in to additional data-residency controls.

Data-handling practices

  • TLS 1.3 for data in transit; AES-256 at rest on standard commercial cloud infrastructure.
  • Least-privilege access controls on engineering and support tooling.
  • Research and partnership data shared in project workspaces stays private to invited members.
  • We don’t sell account data to third parties and don’t share it with advertising networks.

Public scientific record

Publication and patent data surfaced on the platform comes from public research records (OpenAlex, PatentsView, ORCID™, and ROR). This data is part of the public scientific record and is not deleted when an individual account is closed. For corrections upstream, contact the indexing source directly. See our Attributions page for full trademark and licensing details on these sources.

Account data on deletion

When you delete your Helikon Labs account, your profile, private projects, messages, and files enter a 30-day grace period (during which recovery via support is possible). After 30 days, personal identifiers are permanently removed. Publication and patent records remain in the public research index and are unaffected.

Compliance programs (roadmap)

Formal SOC 2 certification, FERPA, and GDPR programs are on our roadmap for institutional customers. If your institution has a specific compliance requirement, send us a note and we’ll share where we are on the path.

Contact us about privacy

All privacy, data-subject, and GDPR requests are handled through our contact form. We don’t list inboxes publicly, so legitimate requests don’t get buried in spam.

Submissions are routed to the right team internally. We acknowledge data-subject requests within 30 days as required by applicable privacy law.