How we handle your data

Privacy Policy

What personal data Helvetic Research collects, why, who processes it, how long it is kept, and the rights you have under Swiss (nFADP) and EU (GDPR) law.

Who is responsible (controller)

Helvetic Research is operated by Kush Patil, a sole proprietorship (Einzelfirma) based in Zürich, Switzerland. For any privacy matter, contact hello@helveticresearch.com. See our Legal Notice for full operator details.

What we collect

Account data: your email address and Google account identifier — we use Google sign-in and never receive or store your Google password. Settings: your plan, timezone, retention preference, and external-report preference. Research data: the strategies, parameters, and results you create. Technical logs: a per-action audit record (timestamp, account, tool used, outcome, latency) and standard server logs. If you later purchase a paid plan, our payment processor handles card details — we do not store card numbers. OAuth tokens and authorization codes are stored only as hashes, never in plaintext.

Why we process it (lawful basis)

We process account and research data to provide the service you request (performance of a contract). We process audit and security logs to keep the service safe and available (legitimate interest). Where we rely on legitimate interest, you may object at any time.

Who we share it with (sub-processors)

We use trusted providers to run the service: Google (sign-in), Neon (database hosting, EU / Frankfurt), Cloudflare R2 (report and object storage), and Render (application hosting). If and when paid plans go live, a payment processor (Stripe) will be added as a sub-processor — it is not active today. We do not sell your data and do not use it to train AI models.

International transfers

Your research and account data are stored in the EU (Frankfurt). Some providers may process data outside Switzerland or the EU; where they do, transfers rely on recognized safeguards (EU adequacy decisions, Standard Contractual Clauses, or the Swiss-U.S. Data Privacy Framework where applicable). The exact mechanism per provider is being confirmed with counsel.

How long we keep it

Unsaved research and its generated PDF, Excel, or CSV exports are deleted after 24 hours. Saved research and its exports are kept for your plan's retention window (7 days on Free, 1 year on Pro, 5 years on Max, and a custom window on Institutional) and then deleted. Deleted research has a short recovery window before permanent removal. Account data is kept while your account is active. Audit and security logs are kept for a limited period for security and legal purposes, then deleted.

Your rights

You can access, correct, export, or delete your data, and object to or restrict certain processing. Use your account controls or email hello@helveticresearch.com. You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU/EEA, your local data-protection authority.

Cookies

We use one strictly necessary first-party cookie to keep you signed in, plus Google's own sign-in flow. We do not use advertising or cross-site tracking cookies. Because this cookie is essential to the service, no consent banner is required; disabling it will sign you out.

AI and automated processing

Research outputs are generated by quantitative models and, where you connect one, by your own AI client. We do not make automated decisions that produce legal or similarly significant effects about you.

Workspace ownership and controls

Every stored research result belongs to your account workspace and is isolated from other customers. You can keep research, use plan-default retention, delete records, or restore normally deleted records during the recovery window, and you can inspect and revoke authorized AI clients from your account page. Shared reports retain Helvetic Research branding and the research-only disclaimer.

Changes to this policy

We will post material changes to this page.