Privacy Policy

Last updated June 2, 2026

This Privacy Policy explains how Helen's Foundry, Inc. (“Helen's Foundry,” “we,” “us”) collects, uses, and shares information when you use Helen's Foundry, our strategic-context platform for teams building with AI agents (the “Service”). By using the Service you agree to the practices described here.

Information we collect

We collect the following categories of information:

  • Account information. When you sign in we receive your email address and basic profile details (such as your name) from your authentication provider — Google or GitHub OAuth, or an email/password account managed through our authentication provider, Supabase.
  • Workspace content. The strategic artifacts you create — missions, visions, strategies, goals, personas, tickets, comments, links between artifacts, and related metadata — and the workspaces and team memberships you set up.
  • Integration data. If you connect Helen's Foundry to GitHub, our GitHub App receives pull-request and issue metadata (titles, diffs, and check status) for the repositories you authorize, so we can post alignment checks. If you connect an AI agent over our MCP endpoint, we process the requests that agent makes on your behalf.
  • Usage and technical data. Server and request logs, IP address, browser type, timestamps, and error diagnostics, used to operate, secure, and debug the Service.

How we use information

  • To provide, maintain, and improve the Service and its features.
  • To power AI features — including Helen and agent-facing tools — that read your artifact graph to answer questions, surface drift, and check work against intent.
  • To authenticate you, secure your account, and prevent abuse.
  • To respond to support requests and communicate about the Service.
  • To comply with legal obligations and enforce our Terms.

AI processing

Helen's Foundry's AI features send relevant artifact content to a third-party AI model provider to generate responses. We do not sell your content, and we do not use it to train our own models. Content processed by third-party model providers is handled under their applicable terms, which prohibit using business/API inputs to train their public models. AI outputs can be inaccurate — review them before relying on them.

Cookies and sessions

We use strictly-necessary cookies to keep you signed in and to secure your session. We do not use third-party advertising cookies.

Service providers and subprocessors

We share information with vendors who process it on our behalf to run the Service, under contractual confidentiality and security obligations:

  • Supabase — database, authentication, and storage.
  • Vercel — application hosting and delivery.
  • AI model provider — model processing for Helen's Foundry's AI features.
  • GitHub — source control integration (only for repositories you connect).
  • Sentry — error monitoring and diagnostics.
  • Stripe — payment processing, if and when paid plans are introduced.

We may also disclose information if required by law, to protect our rights or users' safety, or in connection with a merger, acquisition, or sale of assets (with notice where required).

Data retention

We retain your information for as long as your account is active and as needed to provide the Service. When you delete content or close your account, we delete or anonymize the associated data within a reasonable period, except where we must retain it to meet legal, security, or backup-rotation requirements.

Security

We protect data in transit with TLS and apply row-level access controls so workspace content is only accessible to its members. No method of transmission or storage is perfectly secure, but we work to safeguard your information and to address vulnerabilities promptly.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, or to object to or restrict certain processing. To exercise these rights, email us at hello@helensfoundry.com. We will respond consistent with applicable law.

International transfers

We operate in the United States, and our providers may process data there and elsewhere. Where required, we rely on appropriate safeguards for cross-border transfers.

Children

Helen's Foundry is a workplace tool and is not directed to children. We do not knowingly collect personal information from anyone under 16.

Changes to this policy

We may update this policy as the Service evolves. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you.

Contact

Questions about this policy? Email hello@helensfoundry.com or write to Helen's Foundry, Inc., Santa Fe, New Mexico, USA.