Who is responsible (controller)
Helvetic Research is operated by Kush Patil, a sole proprietorship (Einzelfirma) based in Zürich, Switzerland. For any privacy matter, contact hello@helveticresearch.com. See our Legal Notice for full operator details.
What we collect
Account data: your email address and Google account identifier — we use Google sign-in and never receive or store your Google password. Settings: your plan, timezone, retention preference, and external-report preference. Research data: the strategies, parameters, and results you create. Technical logs: a per-action audit record (timestamp, account, tool used, outcome, latency) and standard server logs. If you later purchase a paid plan, our payment processor handles card details — we do not store card numbers. OAuth tokens and authorization codes are stored only as hashes, never in plaintext.
Why we process it (lawful basis)
We process account and research data to provide the service you request (performance of a contract). We process audit and security logs to keep the service safe and available (legitimate interest). Where we rely on legitimate interest, you may object at any time.
Who we share it with (sub-processors)
We use trusted providers to run the service: Google (sign-in), Neon (database hosting, EU / Frankfurt), Cloudflare R2 (report and object storage), and Render (application hosting). If and when paid plans go live, a payment processor (Stripe) will be added as a sub-processor — it is not active today. We do not sell your data and do not use it to train AI models.
International transfers
Your research and account data are stored in the EU (Frankfurt). Some providers may process data outside Switzerland or the EU; where they do, transfers rely on recognized safeguards (EU adequacy decisions, Standard Contractual Clauses, or the Swiss-U.S. Data Privacy Framework where applicable). The exact mechanism per provider is being confirmed with counsel.
How long we keep it
Unsaved research and its generated PDF, Excel, or CSV exports are deleted after 24 hours. Saved research and its exports are kept for your plan's retention window (7 days on Free, 1 year on Pro, 5 years on Max, and a custom window on Institutional) and then deleted. Deleted research has a short recovery window before permanent removal. Account data is kept while your account is active. Audit and security logs are kept for a limited period for security and legal purposes, then deleted.
Your rights
You can access, correct, export, or delete your data, and object to or restrict certain processing. Use your account controls or email hello@helveticresearch.com. You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU/EEA, your local data-protection authority.
Cookies
We use one strictly necessary first-party cookie to keep you signed in, plus Google's own sign-in flow. We do not use advertising or cross-site tracking cookies. Because this cookie is essential to the service, no consent banner is required; disabling it will sign you out.
AI and automated processing
Research outputs are generated by quantitative models and, where you connect one, by your own AI client. We do not make automated decisions that produce legal or similarly significant effects about you.
Workspace ownership and controls
Every stored research result belongs to your account workspace and is isolated from other customers. You can keep research, use plan-default retention, delete records, or restore normally deleted records during the recovery window, and you can inspect and revoke authorized AI clients from your account page. Shared reports retain Helvetic Research branding and the research-only disclaimer.
Changes to this policy
We will post material changes to this page.