Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Def Dog Productions LLC (“Helo,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Helo platform at askhelo.com.

See also our Terms of Service.

1. Who We Are

Def Dog Productions LLC operates the Helo platform (askhelo.com), a B2B white-label AI chatbot service. Our principal place of business is 60 Bigbee High Rd, Ward CO 80481.

B2B context: Helo serves two distinct groups: Clients (businesses that sign up to use the platform) and End Users (website visitors who interact with chatbots embedded by Clients). For End User data, Clients are the data controllers and Helo acts as a data processor on their behalf.

2. What We Collect

From Clients (businesses)

  • Account information — your name and email address, collected via Google or GitHub OAuth. We receive only what your OAuth provider shares.
  • Business information — business name, industry vertical, and chatbot configuration settings.
  • Knowledge base content — text, FAQs, and documents you upload to train your chatbot.
  • Billing information — processed by Stripe. We store only a tokenized reference; we do not store full card numbers or CVV codes.
  • Usage data — chat message counts, lead capture counts, and other platform usage metrics.

From End Users (website visitors)

  • Conversation messages — the content of messages exchanged with the chatbot, processed on behalf of the Client.
  • Lead information — name, phone number, and email address voluntarily provided by the End User through the chatbot’s lead capture form.
  • IP address — collected for rate limiting and abuse prevention. IP addresses are not stored long-term and are not used for tracking or profiling.
  • Browser and device information — standard web server logs including browser type, referring URL, and operating system. Retained for a short period for operational purposes.

3. How We Use Data

We use collected data to:

  • Provide, operate, and maintain the Helo chatbot platform.
  • Process and deliver leads to the Client on whose site the conversation occurred.
  • Send transactional emails — lead notifications, welcome emails, and weekly summary reports — via Resend on behalf of Clients.
  • Generate aggregate, anonymized analytics to improve platform performance. We do not use individual conversations for model training without explicit consent.
  • Prevent fraud, enforce our Terms of Service, and ensure platform security.
  • Respond to support requests and legal inquiries.

4. Data Sharing

We share data only with trusted service providers necessary to operate the platform:

  • Anthropic — conversation messages are sent to Anthropic’s Claude API to generate chatbot responses. Anthropic’s data handling is governed by their own privacy policy and API terms.
  • Vercel — our hosting and edge infrastructure provider.
  • Railway — our database hosting provider. Data is stored and encrypted at rest on Railway’s infrastructure.
  • Resend — our transactional email delivery provider.
  • Stripe — payment processing. Stripe handles all card data and is PCI DSS compliant.

We do not sell, rent, or trade your personal data or End User data to any third party for marketing or advertising purposes.

We may disclose data if required by law, court order, or to protect the rights, property, or safety of Def Dog Productions LLC, our Clients, or the public.

5. Data Retention

  • Conversation logs — retained for 90 days by default. Clients on Enterprise plans may configure a different retention period.
  • Lead data — retained until the Client deletes a lead or the Client’s account is terminated.
  • Account data — retained while the account is active and for 90 days following account termination to allow data export.
  • Billing records — retained as required by applicable financial regulations.

After applicable retention periods, data is permanently deleted from our systems and our service providers’ systems to the extent technically feasible.

6. Client Responsibilities

Because Clients are the data controllers for their End Users’ data, Clients are responsible for:

  • Maintaining and publishing their own privacy policy that discloses the use of AI chatbots and data collection by the chatbot widget.
  • Adding an appropriate disclosure near the chat widget (e.g., “This chat is powered by AI and may collect your name, email, and conversation history.”).
  • Obtaining any consent required by applicable law before deploying the chatbot on sites that collect personal data from End Users in the EU, California, or other regulated jurisdictions.
  • Not deploying the platform on websites primarily directed at children under 13 without compliant parental consent mechanisms.

EU-based Clients may request a Data Processing Agreement (DPA) by contacting privacy@askhelo.com.

7. GDPR / CCPA Rights

Depending on where you live, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your personal data (“right to be forgotten”).
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we limit how we process your data.
  • Objection — object to processing based on legitimate interests.
  • Opt-out of sale — we do not sell personal data, so there is nothing to opt out of.

For Clients: to exercise these rights regarding your account data, contact privacy@askhelo.com.

For End Users: because Clients are the data controllers for your data, please contact the business whose chatbot you interacted with. We will cooperate with Clients to fulfill End User requests.

California residents have additional rights under the CCPA, including the right to know what categories of personal information we collect and disclose, and the right to non-discrimination for exercising CCPA rights.

8. Cookies

We use only a single session cookie to maintain your authenticated login session on the dashboard. This cookie is strictly necessary for the platform to function.

We do not use tracking cookies, analytics cookies, advertising cookies, or third-party cookies of any kind. No data from cookies is sold or shared with advertising networks.

9. Children

The Helo platform is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. Clients are prohibited from deploying Helo on websites primarily directed at children under 13 without implementing compliant parental consent mechanisms as required by COPPA and applicable law.

If you believe we have inadvertently collected data from a child under 13, please contact us at privacy@askhelo.com and we will promptly delete it.

10. Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit — all data transmitted to and from the platform is encrypted using TLS (HTTPS).
  • Encryption at rest — data stored in our Railway database is encrypted at rest.
  • Access controls — strict access controls limit which personnel can access production data.
  • Third-party security — we rely on SOC 2 compliant providers (Vercel, Railway, Stripe) for infrastructure.

In the event of a data breach affecting your personal data, we will notify affected Clients within 72 hours of becoming aware of the breach, as required by applicable law.

No security system is perfect. We cannot guarantee absolute security of your data. If you discover a security vulnerability, please report it to privacy@askhelo.com.

11. Contact

For privacy-related questions, requests, or concerns, please contact our privacy team:

Def Dog Productions LLC — Privacy
60 Bigbee High Rd
Ward, CO 80481
privacy@askhelo.com

We aim to respond to all privacy inquiries within 30 days.