Helix Reserve — Hereditary Cancer Risk Monitoring

Effective: May 12, 2026 · Last updated: May 12, 2026

1. Information We Collect

Account information: email address, first name, phone number (optional).

Family medical history: information about your relatives' health, including cancer diagnoses, ages at diagnosis, and family relationships. This information is provided by you during the guided intake process.

Payment information: processed by Stripe. We do not store credit card numbers. We retain your Stripe customer ID for subscription management.

Usage data: page views, feature usage, error logs. We do not log personally identifiable information or protected health information in our application logs.

2. How We Use Your Information

Risk assessment: Your family medical history is analyzed by our risk assessment engine to identify hereditary cancer risk patterns.

Counselor review: A licensed genetic counselor reviews your assessment and provides a personalized summary.

Ongoing monitoring: We re-evaluate your assessment quarterly and when clinical guidelines change.

Communication: We send transactional emails (sign-in links, assessment notifications, quarterly reminders) via Paubox (HIPAA-compliant).

3. De-identified Data

We may use de-identified family health history data for research and commercial purposes, as described in our Terms of Service. De-identified data has all personally identifiable information removed and cannot be traced back to you. Your name, email, and contact details are stored separately from your family health data to facilitate this separation.

4. Who Has Access

You: Full access to your assessment, family history, and account.

Your assigned genetic counselor: Access to your case profile and family history for clinical review.

Helix Reserve internal team: Authorized administrators for operational support and system maintenance.

We do not sell your personal information to third parties.

5. Infrastructure and Security

We are working toward HIPAA-compliant infrastructure and will publish updated documentation as that work progresses. Our current infrastructure includes:

Database: Supabase (PostgreSQL) with row-level security on all subscriber data
Hosting: Vercel
Payments: Stripe
Email: Paubox (HIPAA-compliant, BAA in place)
Encryption: data encrypted at rest (AES-256) and in transit (TLS 1.2+)

Business Associate Agreements (BAAs) with infrastructure providers are in progress as part of our Gate 6 compliance work.

6. Data Retention

We retain your data for the duration of your subscription plus seven years after termination, in accordance with healthcare data retention norms. Your original family history submission is retained permanently in de-identified form per our Terms of Service.

7. Your Rights

You have the right to:

Access your family history data and assessment results
Request a copy of your data in a portable format
Request deletion of your personally identifiable information (subject to legal retention requirements and the immutable de-identified submission record)
Update your family medical history at any time
Cancel your subscription

8. Contact

Privacy questions: privacy@helix-reserve.com

Privacy Policy