Sensitive workflows deserve honest security.

Helm drafts, recommends, prepares, prioritizes, and summarizes — it never sends, moves, cancels, or shares without your explicit approval. This is enforced at the action layer, not a UI convenience.

• Email send, calendar move, meeting cancel, and memory share all queue for human approval.
• Sensitive actions (board, legal, personal, restricted memory) require explicit executive sign-off — co-pilot delegation is disabled.
• Every approval, edit, rejection, and snooze writes an immutable audit record.

Helm requests the narrowest scopes that make each capability work. We never ask for blanket administrative access to your Workspace or tenant.

• Mail: read message metadata and bodies for connected mailboxes only — no admin-wide mail access.
• Calendar: read/write only the calendars you explicitly connect.
• Scopes are listed in plain language during connection and can be revoked at any time.
• If a feature can ship with a narrower scope, we ship the narrower scope and accept the smaller surface area.

Each executive office has explicit roles. Visibility into sensitive memory, drafts, and approvals is gated by role, not by team membership.

• Roles: Executive (owner), Chief of Staff / EA (co-pilot), Delegate (scoped read).
• Co-pilots can approve low-risk actions on the executive's behalf when the executive explicitly enables it — never by default.
• Sensitive memory items are restricted to the executive unless they choose to share them.

Every AI proposal, every human decision, every executed action is logged with actor, timestamp, and payload reference. The audit log is read-only from the application.

• Visible in-product per item and per workspace.
• Exportable as CSV/JSON; SIEM forwarding is available for enterprise discussions.
• Logs retained for the lifetime of the workspace; deletion follows the data retention policy below.

You own your data. Helm retains exactly what is needed to operate the product and nothing more, with clear paths to delete on demand.

• Executive memory persists until you delete it. Deleting a memory item removes it from active recall immediately; backups age out within 30 days.
• Inbox and calendar content is processed in-memory for triage and prep; persisted summaries are scoped to the workspace.
• Workspace deletion triggers a 30-day soft-delete window followed by full erasure across primary and backup stores.
• No customer data is used to train shared models. Ever.

OAuth refresh and access tokens for connected accounts are encrypted at rest using envelope encryption with workspace-scoped data encryption keys.

• AES-256-GCM at rest; TLS 1.3 in transit.
• Per-workspace data encryption keys, wrapped by a managed KMS key. Decryption happens only at the moment a connector call is made.
• Token revocation is one click in Settings → Connected accounts and propagates to the provider.

Helm Office is built for individual executive offices today. The enterprise roadmap focuses on what large organizations need to standardize Helm across multiple offices.

• Centralized billing, workspace provisioning, and policy controls — planned.
• Custom data residency and tenant isolation guarantees — available for enterprise discussions.
• Custom security reviews, pen-test reports, and architecture deep-dives — available for enterprise discussions.

Helm Office is not SOC 2 certified today. We are operating Helm against SOC 2 control mappings (access, change management, monitoring, incident response) with the goal of pursuing a Type I report, followed by Type II.

• Type I report — planned.
• Type II observation period — planned to follow Type I.
• We will not claim SOC 2 status before a report is issued.

Single sign-on via SAML 2.0 and OIDC is on the roadmap for organizations standardizing identity through Okta, Azure AD / Entra, Google Workspace, and similar providers.

• SAML 2.0 and OIDC — planned.
• Just-in-time provisioning — planned alongside SSO.
• Available earlier for enterprise discussions on request.

Automated user lifecycle management via SCIM 2.0 is planned for organizations that need to provision and deprovision Helm seats from a central identity source.

• User and group sync — planned.
• Automatic deprovisioning on offboarding — planned.
• Available for enterprise discussions where lifecycle automation is required.

A standard Data Processing Addendum, including Standard Contractual Clauses for EU/UK transfers, is available for enterprise discussions. We will negotiate reasonable customer-specific terms in good faith.

• Standard DPA available on request.
• GDPR roles: Helm is the data processor; the customer is the data controller.
• Subprocessor list maintained and provided under NDA during procurement.

Helm Office is not HIPAA-eligible today and a Business Associate Agreement is not currently offered. Customers handling protected health information should not route PHI through Helm at this time.

• HIPAA-eligible deployment posture — under evaluation.
• BAA availability — planned only after the underlying controls and subprocessor posture meet HIPAA requirements.
• We will not market Helm as HIPAA-eligible before that work is complete.