Last updated: February 2026
Helmwise (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our AI-powered passage planning platform at helmwise.co (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.
When you create an account, we collect your name, email address, and authentication credentials. If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe. We do not store full credit card numbers on our servers.
You may provide vessel information including vessel name, type, length, beam, draft, displacement, fuel capacity, water capacity, and engine specifications. This data is used to generate accurate passage plans and safety assessments tailored to your vessel.
We collect and store the passage plans you create, including departure and arrival ports, waypoints, route data, weather briefings, tidal analyses, safety assessments, and any exported documents (GPX, PDF). This data is essential for providing the Service and maintaining safety audit trails.
We collect anonymous usage data to understand how the Service is used and to improve it. This includes pages visited, features used, session duration, browser type, device type, and general geographic region. We use Sentry for error tracking, which may collect technical information about errors and crashes you encounter.
Your vessel data and route information are processed by our AI agents to generate comprehensive passage plans, including weather routing, tidal predictions, safety assessments, and port information. This is the core purpose of the Service.
Vessel specifications and route data are used to calculate safety margins, identify hazards, assess weather risks, and generate GO/CAUTION/NO-GO recommendations. Safety audit logs are maintained to support the integrity of our safety systems.
Aggregated and anonymized usage data helps us improve the accuracy of our AI agents, identify areas where the Service can be enhanced, and prioritize new features. We may analyze passage plan patterns in aggregate to improve route recommendations and safety assessments.
We may use your email address to send transactional messages (account verification, password resets, subscription confirmations), service announcements, and safety-related notifications. You can opt out of non-essential communications at any time.
To generate passage plans, we send route and location data to third-party data providers including NOAA (National Oceanic and Atmospheric Administration), the National Weather Service, OpenWeather, and NDBC buoy networks. These requests include geographic coordinates but do not include your personal information.
We use trusted service providers to operate the platform, including Supabase (database and authentication), Stripe (payment processing), Sentry (error tracking), Upstash (caching), and Resend (transactional email). These providers access only the data necessary to perform their services and are bound by their own privacy policies.
We do not sell, rent, or trade your personal information to third parties. We do not share your vessel data, passage plans, or personal information with advertisers, data brokers, or any other commercial entities.
We may disclose your information if required to do so by law, in response to valid legal process, to protect our rights or property, or in the event of an emergency involving potential threats to personal safety.
While your account is active, we retain your account information, vessel data, and passage plans to provide the Service. Safety audit logs are retained for compliance and safety improvement purposes.
Upon account closure: When you request account deletion, we will delete your personal data, vessel information, and passage plans within 30 days. Anonymized and aggregated data that cannot be used to identify you may be retained for analytical purposes. Safety audit logs may be retained in anonymized form as required for regulatory compliance.
You have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@helmwise.co.
If you are located in the European Union or the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), encryption at rest, row-level security policies on our database, secure authentication through Supabase Auth, and regular security reviews. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also send a notification to the email address associated with your account. Your continued use of the Service after changes constitutes acceptance of the updated policy.
For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at: