Privacy Policy

Effective Date: March 18, 2026 · Last Updated: March 18, 2026

Helmsted, Inc. ("Helmsted," "we," "our," or "us") is a Delaware corporation committed to protecting the privacy and security of the information entrusted to us. This Privacy Policy describes how we collect, use, store, and share information in connection with our platform and services (the "Services").

Helmsted provides an AI-powered operating system designed for independent registered investment advisers ("RIAs"). Our platform helps advisors orchestrate client communications, analyze financial information, automate meeting documentation, and streamline planning workflows — all from a single, communication-first workspace.

1. Scope of This Policy

This Privacy Policy applies to:

Financial advisors and firms using Helmsted
End clients of those advisors whose data may be processed through Helmsted
Visitors to our website and users of our platform

Helmsted acts as a service provider (processor) on behalf of RIAs, who maintain the primary relationship with their clients and act as the data controller. Advisors determine the purposes and means of processing their client data through our platform.

2. Information We Collect

A. Information Provided Directly

Name, email address, phone number, and professional credentials
Firm name, CRD number, and professional affiliation
Account login credentials
Communications processed through the platform (messages, emails, meeting notes, call transcripts)
Documents uploaded to the platform (e.g., tax returns, estate documents, financial statements, insurance policies)

B. Financial and Planning Data

Assets, liabilities, income, and expenses
Investment holdings and custodial account data
Insurance, estate, and trust documentation
Other financial information provided by advisors or their clients for planning purposes

C. Communication and Recording Data

Audio recordings of calls and meetings conducted through or connected to the platform
Transcriptions generated from recorded calls and meetings
Automated meeting summaries, action items, and follow-up recommendations
Email content and metadata processed through integrated email accounts

Advisors are responsible for obtaining appropriate consent from their clients and all meeting participants prior to recording calls or meetings through Helmsted, in compliance with applicable federal and state laws.

D. Automatically Collected Information

Device and browser information
IP address and approximate location data
Usage data (features used, interactions, session duration, and activity patterns)

E. AI-Derived Data

Structured data extracted from uploaded documents
Summaries, insights, and planning considerations generated by AI systems
Metadata and contextual relationships identified across financial data points
Proactive alerts based on regulatory changes, market conditions, or client-specific triggers

3. How We Use Information

We use collected information to:

Provide, operate, maintain, and improve the Services
Process, organize, and structure financial and client data
Generate insights, summaries, action items, and planning outputs
Facilitate and document communication between advisors and clients
Record and transcribe calls and meetings as directed by advisors
Deliver proactive alerts regarding regulatory or legislative changes that may impact clients
Maintain system security, integrity, and performance
Comply with legal, regulatory, and compliance obligations
Develop new features and functionality

Helmsted does not provide financial advice to end clients. All advice, recommendations, and planning decisions remain the sole responsibility of the advisor. Helmsted's AI-generated outputs are assistive in nature and are intended to support — not replace — professional judgment.

4. Data Minimization and Access Controls

Helmsted employs a task-scoped, need-to-know approach to data access. When our AI systems process a client's information:

Only the data fields relevant to the specific task at hand are assembled and provided to the AI model
Sensitive personal identifiers are masked at the application layer before data reaches the model
No more data than is necessary for a given operation is ever exposed to any processing system

This principle of least-privilege access applies across the platform, ensuring that data exposure is always proportional to the task being performed.

5. AI Model Training

Helmsted does not use advisor or client data to train AI models. Your data is used solely to provide the Services to you. We do not use uploaded documents, communications, financial information, call recordings, or any other client data as training data for machine learning models.

We operate under enterprise-tier agreements with our AI providers that explicitly and contractually prohibit the use of any data processed through Helmsted for model training, fine-tuning, or improvement of third-party AI systems. This commitment is fundamental to the trust our platform is built on.

6. Role of Advisors and Client Data

If you are an end client of an advisor using Helmsted:

Your advisor controls how your data is collected, used, and processed through our platform
Helmsted processes your data on behalf of and as directed by your advisor
Requests regarding access to, correction of, or deletion of your data should be directed to your advisor
Your advisor is responsible for providing you with notice about their use of Helmsted and obtaining any required consents

7. Sharing of Information

We do not sell personal information.

We may share information in the following limited circumstances:

A. With Advisors and Their Firms

Data is accessible to authorized users within the advisor's organization as configured by the firm's administrator.

B. Service Providers

We work with carefully selected third-party service providers for cloud hosting, data storage, processing infrastructure, and AI services. All service providers are bound by strict confidentiality obligations and data processing agreements.

C. Legal and Regulatory Requirements

We may disclose information to comply with applicable laws, regulations, subpoenas, court orders, or legal processes, and to support RIA regulatory obligations including SEC and state recordkeeping requirements.

D. Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such transfer and any choices you may have regarding your information.

8. Data Retention

We retain information:

As long as necessary to provide the Services and maintain your account
To comply with legal, regulatory, and compliance obligations, including SEC and state RIA recordkeeping requirements, which may require retention for specified periods
As directed by advisor firms under their data governance policies

Upon account termination, advisors may request export of their data. Certain data may be retained in backup or archival systems for compliance purposes even after deletion requests.

9. Data Portability and Exit

We believe your data belongs to you. Advisor firms may request a complete export of their data at any time in a standard, machine-readable format. Upon termination of services, we will work with you to ensure a complete and orderly transition of your data.

10. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect information, including:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Role-based access controls and multi-factor authentication
Comprehensive audit logs and monitoring systems
Regular security assessments and vulnerability testing
SOC 2 aligned security practices

No system can be guaranteed to be completely secure. In the event of a data breach that affects your personal information, we will notify affected parties in accordance with applicable law.

11. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

Access your personal data held by us
Request correction of inaccurate or incomplete data
Request deletion of your data (subject to regulatory retention requirements)
Restrict or object to certain processing activities
Receive your data in a portable format

If you are a client of an advisor using Helmsted, please contact your advisor directly to exercise these rights, as they are the controller of your data.

If you are an advisor or firm, contact us at privacy@helmsted.ai to exercise your rights.

California Residents (CCPA)

California residents may have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@helmsted.ai.

12. AI and Automated Processing

Helmsted uses artificial intelligence to:

Extract and structure information from uploaded documents
Transcribe and summarize calls, meetings, and communications
Generate insights, action items, and planning considerations
Identify proactive planning opportunities and regulatory impacts
Assist advisors in prioritizing client needs and follow-ups

All AI-generated outputs are assistive in nature. They are designed to augment the advisor's expertise, not replace it. Advisors should review all AI-generated content before relying on it or sharing it with clients.

AI Traceability

Every AI generation event within Helmsted is logged and traceable. Each event is recorded with its inputs, model version, and timestamp. If any AI-generated recommendation or output is ever questioned, we can reconstruct exactly what data was provided and what produced the result.

AI Outputs as Client Communications

Every document, summary, or communication generated by the platform is logged with a delivery timestamp and flagged as AI-generated. If an advisor edits AI-generated content before sending to a client, the full change history is preserved. This ensures a complete and auditable record from generation through client delivery.

13. Communication Recording Disclosures

Helmsted's platform includes functionality to record, transcribe, and analyze calls and meetings. When these features are enabled:

Advisors are responsible for notifying all participants that a call or meeting is being recorded
Advisors are responsible for complying with all applicable federal and state recording consent laws, including two-party consent states
Recordings and transcriptions are stored securely and subject to the same data protection measures as all other platform data
Recordings may be used to generate automated meeting summaries, action items, and follow-up tasks

14. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

Maintain sessions and authentication state
Analyze platform usage and performance
Improve user experience

We do not use cookies for third-party advertising. You can manage cookie preferences through your browser settings.

15. Third-Party Integrations

Helmsted may integrate with third-party systems, including email providers, custodians, calendar services, and other financial technology platforms. Data shared with these integrations is governed by their respective privacy policies. We encourage you to review the privacy practices of any third-party services you connect to Helmsted.

16. Children's Privacy

Helmsted is a business-to-business platform designed for use by financial professionals. It is not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will provide notice through the platform or via email to registered users.

18. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact:

Helmsted, Inc.
Registered in Delaware
privacy@helmsted.ai