Privacy Policy

1. The short version

Mission data is yours. We do not aggregate it, sell it, or share it with anyone outside your operator team and the people you explicitly grant access to. We collect the minimum we need to operate the platform, we tell you what that is, and we delete it when you ask.

2. What we collect

• Account data: name, work email, role, organisation. Used to operate the account and to contact you about platform changes.
• Operator data: spacecraft you have access to, role assignments, API key metadata (not the key itself, which we never see).
• Mission data: telemetry, tasking, contacts, anomaly timelines. This is your data, not ours.
• Operational data: platform usage metrics, error logs, performance counters. Used to operate the platform and to debug issues you report.

3. Sub-processors

We use a small number of sub-processors. The current list lives at /legal/subprocessors/ and is updated within 14 days of any change. We notify you by email if a sub-processor change affects your data residency.

4. Data residency

Customer data is stored in the EU (eu-1) by default. Sovereign cloud deployments (EU sovereign, GCC, ASEAN) are available on request and at additional cost. Mission data never leaves the residency you have selected unless you explicitly initiate a cross-region transfer.

5. Your rights

You may export, correct, or delete your data at any time. The export endpoint is documented in the developer API. Deletion is permanent and irreversible; we confirm completion by email within 7 days.

6. Security

SOC 2 Type II, ISO 27001, and ISO 27017. Reports available under NDA. Our security model is documented in detail at /docs/security/.

7. Contact

privacy@helionhq.link. Data Protection Officer: dpo@helionhq.link.