Privacy Policy

1. Who we are

HelpFound is an online emotional support and guided self-help service for new and expecting parents, operating from the United Kingdom. Our AI companion Nia offers warm, non-judgemental support. HelpFound is the data controller for personal data processed through the service. For data protection queries, email privacy@helpfound.com.

2. The sensitive nature of this data

When you talk to Nia, you may share information about your mental or physical health, your pregnancy or your baby, your relationships, or other personal matters. Under UK GDPR, this is special category data and gets stronger legal protection. We process it on the basis of your explicit consent, given when you create an account and accept these terms. In situations where Nia identifies a risk to your life or safety, we may also process and act on information to protect vital interests. You can withdraw consent at any time by deleting your account, which removes your personal data as described in section 8.

3. What we collect

You need an account to use HelpFound. We do not allow anonymous use. The data we hold falls into these categories:

• Account information: your email address and a hashed password.
• Profile information: your subscription status, preferences, and any details you choose to add.
• Conversation data: the messages you send to Nia and her responses, stored against your account.
• Things Nia remembers: to make support feel personal, Nia keeps a summary of what matters to you, such as your stage in pregnancy or parenthood and recurring themes you raise. You can view and delete this at any time from your account.
• Payment information: if you subscribe, payment is processed by Stripe (web) or by Apple or Google (mobile). We do not store your card or payment-method details.
• Usage data: which features you use and when, used to operate and improve the service.
• Technical data: your IP address, device type, and browser, captured automatically when you connect.

4. How we use it

We use your data only for:

• Providing the HelpFound service and generating Nia's responses to you.
• Remembering what matters to you, so support feels personal across conversations.
• Managing your account, subscription, and billing.
• Safety monitoring, where required to protect you or others (see section 6).
• Improving the service, in a way that does not identify individual users.
• Sending you account-related communications such as confirmation and billing emails.
• Complying with our legal obligations.

We do not sell your data. We do not use your conversations to train AI models. We do not use your data for advertising.

5. Sub-processors we rely on

We use the following providers to operate the service. Each is contractually required to protect your data and to process it only as instructed by us:

• Anthropic (United States): generates Nia's responses through the Claude API. Anthropic does not retain or train on your inputs under our API agreement.
• OpenAI (United States): generates embeddings for the public reference content Nia draws on. User conversations are not sent to OpenAI.
• Supabase (United Kingdom, eu-west-2): hosts our database and handles authentication. User data is stored in the UK.
• Stripe (Ireland and United States): processes web subscription payments.
• Apple (Ireland and United States): processes iOS in-app purchases under your Apple ID.
• Google (Ireland and United States): processes Android in-app purchases under your Google account.
• RevenueCat (United States): reconciles mobile subscription status with your account.
• Vercel (United States): hosts and serves the HelpFound web application.

Where data leaves the UK, we rely on UK-recognised transfer mechanisms (such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses) to maintain equivalent protection. Email privacy@helpfound.com for more detail.

6. Safety monitoring and human review

Conversations are stored against your account so you can return to them and so Nia can hold context. They are not routinely read by HelpFound staff. A small number of authorised HelpFound staff may access conversations only in three situations: when you ask us to (for example, to investigate an issue you have raised), when we have a credible concern that you or another person is at risk, or when we are legally required. Access is logged. Conversations are not shared outside HelpFound except as described in section 5.

7. How long we keep your data

• Active accounts: we keep your data for as long as your account is active.
• Inactive accounts: if your account has had no activity for 24 months, we will email you and, unless you reactivate, delete it.
• After account deletion: we remove your personal data from active systems within 30 days. Encrypted backups are rotated and fully overwritten within a further 90 days.
• Conversation history: you can delete individual conversations from your account at any time; deleted conversations follow the same backup rotation as above.
• Billing records: we keep transaction records for 6 years to meet UK accounting and tax requirements, separated from health-related conversation data.

8. Your rights under UK GDPR

You have the following rights:

• Access: to obtain a copy of the personal data we hold about you.
• Rectification: to correct inaccurate or incomplete data.
• Erasure: to request deletion of your data, subject to legal retention requirements.
• Restriction: to limit how we process your data while a query is being resolved.
• Objection: to object to processing where we rely on legitimate interests.
• Portability: to receive your data in a portable format.
• Withdraw consent: to withdraw the consent that allows us to process special category data, at any time.

To exercise any of these rights, email privacy@helpfound.com. We will respond within one month. For complex requests we may extend this by up to two further months and will tell you if we do. We may ask you to verify your identity before we share account data, to protect you against impersonation.

9. Security

Data is encrypted in transit using TLS 1.2 or higher, and at rest in our database. Access to user data by HelpFound staff is restricted, role-based, and logged. Passwords are stored hashed; we never see your plain-text password. We work hard to keep your data safe but no service can promise perfect security. If we become aware of a personal data breach that is likely to risk your rights or freedoms, we will notify you and the Information Commissioner's Office in line with UK GDPR.

10. Cookies

We use essential cookies to keep you signed in and to maintain your session. We do not use advertising or third-party tracking cookies. You can control cookies in your browser settings; disabling essential cookies may prevent the service from working.

11. Children

HelpFound is for adults. You must be 18 or over to use the service. You confirm your age when you create your account. We do not knowingly collect data from anyone under 18. If you believe a child has used HelpFound, contact privacy@helpfound.com and we will delete the account. For young people, we recommend YoungMinds (youngminds.org.uk) and Shout (text SHOUT to 85258).

12. Changes to this policy

We may update this policy. For significant changes (new data uses, new sub-processors handling sensitive data, or changes to your rights), we will tell you by email and give you reasonable notice before the change takes effect. The date at the top of this page is updated for every change.

13. Complaints

If you have a privacy concern, please contact privacy@helpfound.com first so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.