Privacy Policy

Effective April 29, 2026

Helmrig is built around a simple promise: your terminal, your files, and your conversations with AI stay between your phone and your laptop. This page explains exactly what we collect — and what we don't — in plain English.

1. Who we are

The data controller for Helmrig is Individual entrepreneur Nikita Kislitsin (Identification Number 305512825), registered in Tbilisi, Georgia. For any privacy question or request, email hi@helmrig.dev.

2. What this policy covers

helmrig.app — the marketing website you are reading right now.
qr.helmrig.app — a small rendezvous service used during device pairing.
The Helmrig iOS app, distributed via TestFlight and (in the future) the App Store.
The Helmrig CLI / daemon you run on your laptop (the helmrig npm package).

3. What we collect — and don't

helmrig.app. The website uses Vercel Web Analytics and Vercel Speed Insights to count aggregate, anonymous traffic. These services do not use cookies and do not store personally identifying information. The site does not have a signup form and does not ask for your email or any other personal data. Typefaces are loaded from Google Fonts (fonts.googleapis.com); when your browser requests them, your IP address is visible to Google.

qr.helmrig.app (pairing rendezvous). When you pair your iPhone with your laptop, the laptop produces a small encrypted blob and uploads it to qr.helmrig.app so your phone can fetch it via a short URL (the QR code). We do not hold the encryption key — the blob is opaque to us. The blob is deleted immediately after the first successful fetch, and otherwise expires shortly after. Our hosting providers (Vercel and Cloudflare) keep standard request metadata — IP address, User-Agent, timestamp — for short, provider-defined periods for abuse prevention and reliability. We do not analyze those access logs.

The Helmrig iOS app. The app embeds no third-party analytics, crash-reporting, or telemetry SDKs. We do not receive crash reports or usage events from your device. The app talks only to your paired laptop, over an end-to-end encrypted tunnel; Helmrig servers are not in the path of that traffic.

When the app is distributed through Apple TestFlight or the App Store, Apple collects its own diagnostics — crash logs, beta usage, install events, and similar. Those are governed by Apple's privacy policy, not this one. You can opt out of sharing diagnostics in iOS settings.

The Helmrig CLI / daemon. The CLI you run on your laptop keeps all of its logs locally on your machine. It does not send analytics, telemetry, or crash reports to us. About once per hour it asks the npm registry (registry.npmjs.org) whether a newer version is available and installs it automatically; that request is made by your machine to npm, Inc., and is governed by npm's privacy policy.

4. What we never see

Because the tunnel between your phone and your laptop is end-to-end encrypted, and Helmrig servers are not in the network path, we have no access to:

the contents of any terminal session, file, or git operation;
conversations with AI assistants (Claude, Codex, or others);
any source code, secrets, or environment variables;
which projects you work on or what you do with them.

We could not produce this data if asked.

5. Cookies and similar technologies

helmrig.app does not set first-party cookies. Vercel Analytics and Speed Insights operate without cookies. Resources loaded from Google Fonts or Cloudflare may use technologies controlled by those parties — see their respective policies.

6. Sub-processors

We rely on the following providers to operate the service. Each operates under its own privacy policy.

Vercel, Inc. — hosting for helmrig.app and qr.helmrig.app, plus the analytics described above.
Cloudflare, Inc. — DNS and proxy in front of qr.helmrig.app.
Apple Inc. — App Store and TestFlight distribution; iOS device diagnostics.
npm, Inc. (GitHub) — package registry for the Helmrig CLI.
Google LLC — Google Fonts CDN for typography on helmrig.app.

7. International transfers

These providers operate globally. The limited request metadata that reaches them — primarily IP addresses and User-Agent strings — may be processed in countries outside Georgia, the European Economic Area, or your country of residence, including the United States. Each provider relies on its own legal mechanism (such as Standard Contractual Clauses) for such transfers.

8. Retention

helmrig.app analytics — aggregated, with no personal identifiers retained.
qr.helmrig.app pairing blob — deleted on first fetch, or expires shortly thereafter.
Provider access logs — retained for the period each provider's policy specifies, then deleted.
Email correspondence with hi@helmrig.dev — kept as long as needed to respond to your message; deleted on request.

9. Security

The connection between the iPhone app and the paired laptop is end-to-end encrypted. Keys live on your devices and are never sent to us. Pairing material is opaque to qr.helmrig.app and is destroyed after use. Helmrig holds no user accounts, passwords, or sessions.

10. Children

Helmrig is a developer tool and is not directed at children under 16. We do not knowingly collect personal data from anyone in that age group.

11. Your rights

Under the Law of Georgia on Personal Data Protection — and, where applicable, the EU and UK GDPR, the California Consumer Privacy Act, and similar laws — you may have the right to access, correct, delete, port, or object to the processing of your personal data, and to withdraw any consent you have given. Email hi@helmrig.dev to exercise any of these rights.

If you believe we have handled your data unlawfully, you may also lodge a complaint with the Personal Data Protection Service of Georgia or your local supervisory authority in the EU/EEA.

12. Changes

We will post any updates to this policy at this URL. Material changes will be marked with a new effective date and, where appropriate, called out in the app or on the website.

13. Contact

Questions, requests, or anything else privacy-related: hi@helmrig.dev.