Privacy Policy

Information you provide directly:

• Account registration: email address, display name, date of birth, password
• Profile information: grade level, state, zip code, country, school name and type
• Preferences: skill level, research interests, commute preferences, open-to-virtual flag
• For users under 16: parent or guardian email address for parental notification
• Payment information: processed by Stripe; we do not store full card details

Information collected automatically:

• IP address and approximate geolocation (country, city, region)
• Pages visited, timestamps, and navigation paths
• Browser type and user agent string
• Referring URL

Information from third parties:

• Payment status and subscription details from Stripe
• Publicly available research opportunity data used to populate listings

• To create and manage your account and deliver the Service
• To personalize opportunity recommendations based on your profile and preferences
• To process payments and manage subscriptions
• To send transactional emails (account verification, password reset, parental consent)
• To send service-related communications and updates (you may opt out of marketing emails)
• To monitor and analyze usage patterns to improve the Service
• To detect, investigate, and prevent fraudulent or unauthorized activity
• To comply with legal obligations

We do not sell your personal information. We may share information only in the following circumstances:

• Service providers: We share data with trusted vendors who assist us in operating the Service, including Stripe (payments), SendGrid (email), Sentry (error monitoring), and cloud infrastructure providers. These vendors are contractually obligated to protect your data.
• Legal requirements: We may disclose information if required by law, court order, or governmental authority, or to protect our rights, users, or the public.
• Business transfers: If On Helix AI is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.
• With your consent: We may share information for other purposes with your explicit consent.

We use cookies and similar technologies to maintain your login session and remember your preferences. We do not use third-party advertising cookies or tracking pixels.

• Session cookies: Required for authentication; deleted when you close your browser.
• Persistent cookies: Used to keep you signed in between sessions.

You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features of the Service.

We take children's privacy seriously. Users under 13 cannot create accounts. For users aged 13-15, we send a parental notification to the guardian email provided at registration. Please review our full COPPA Notice for details on our age requirements, what information we collect from minor users, and parents' rights to review, correct, or delete their child's information.

If we discover that we have collected personal information from a child under 13 without verified parental consent, we will delete it promptly. To report such a concern, contact us at privacy@onhelixai.com.

We retain your personal information for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., payment records may be retained for up to 7 years).

Analytics data (page views, IP addresses) is retained for up to 12 months and then aggregated or deleted.

We implement reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS), hashed passwords, and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach that affects your rights, we will notify you as required by applicable law.

• Access and correction: You may review and update your account information at any time through your profile settings.
• Deletion: You may request deletion of your account and associated data by emailing privacy@onhelixai.com.
• Opt out of marketing: You may unsubscribe from marketing emails using the unsubscribe link in any email we send. Transactional emails (e.g., password resets) cannot be opted out of while your account is active.
• Data portability: You may request a copy of the personal data we hold about you by contacting us.
• California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information.

We use the following third-party services that may process your data:

• Stripe — payment processing (stripe.com/privacy)
• SendGrid — transactional email delivery
• Sentry — application error monitoring
• ipapi.co — IP geolocation for analytics (IP addresses are not stored by this service beyond the request)
• Railway — cloud hosting infrastructure

The Service is operated in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer. We comply with applicable data protection laws for users in the European Economic Area (EEA) and other jurisdictions to the extent required.

We may update this Privacy Policy periodically. We will notify you of material changes by posting the revised policy and updating the effective date. We encourage you to review this policy regularly. Your continued use of the Service after changes constitutes acceptance of the revised policy.

For privacy-related inquiries or to exercise your rights, contact us at: