// PRIVACY

What Helios stores. What it doesn't.

Plain English, no jargon. Last updated 2026-05-05.

Your conversations never touch our database. Period.

When you chat with Helios, type a search, generate an image, or use voice mode, your messages and Helios's replies pass through xAI's inference API and come back to your browser. Nothing in that flow is written to a Helios-owned database. We don't persist your transcripts. We don't train on them. We don't even see them in our application logs.

The owner cannot see your data either.

Casey (Helios's creator and the sole admin of nyptid.com) has a standing personal commitment: no human at nyptid will ever read your stuff. That commitment is enforced at the database layer via PostgreSQL Row-Level Security (RLS), not just by promise:

  • Every row in the Helios database carries a user_id column. The RLS policy on every table is using (auth.uid() = user_id) — meaning a query from any signed-in account (including the owner's) can only return rows that account owns.
  • Owner accounts have no special read scopeover user content. Owner role only unlocks aggregate counts (e.g. “3 users signed up this week” — no emails, no message bodies, no workspace contents).
  • The Supabase service_role key (which bypasses RLS) lives only on the server inside specific endpoints — billing webhooks, anti-abuse counters, the workspace upsert your own browser triggers. None of those endpoints expose other users' data to the owner.

What we DO store

Three things, three places:

  • Account rowin Supabase Auth — your email, an encrypted password hash, the timestamp you signed up, and your tier (free or premium). That's it. No content, no usage logs, no transcripts.
  • Saved code workspacesin Supabase (only if you click “Save” on the /code page). Files you save are stored as JSON tagged with your user_id. RLS policy users_own_workspaces prevents anyone but you from reading them — including the owner. Don't want them stored? Don't click Save. Already saved? Delete from /account.
  • Payment datain Stripe — when you upgrade to Premium, Stripe stores your card details (we never see them) and your subscription state. We get back a customer ID and a webhook event saying “they're premium now.” That's the entire integration.

Where your conversations actually live

  • In your browser's localStorage.The chat page keeps your history client-side so you can scroll back. Clear your browser storage and it's gone — we have no copy.
  • Briefly in xAI's memorywhile inferring your reply. xAI's policy is that API requests are not used to train their public models. See xAI's privacy policy.

What we count (no content)

Helios enforces a free-tier daily quota of 12 messages. To do that we keep a per-IP counter in process memory — just {ip → message count today}. The counter resets daily and is never persisted.

Anti-abuse

Free is a taste. To prevent the same person from spinning up dozens of free accounts to dodge the cap, we (a) block disposable / throwaway email providers at signup, and (b) plan to link anonymous browser fingerprints so one device gets one free account. Fingerprints aren't shared with anyone and aren't tied to your real identity.

Voice mode

When you use Voice mode, your microphone audio streams to Deepgram for transcription, the resulting text goes to xAI for the reply, and the reply text goes to ElevenLabs for synthesis. None of those audio chunks touch Helios's servers and none are persisted by us. Each provider's privacy policy applies to the handoff to them.

Email

We'll only email you about your account (sign-in confirmation, payment receipts, security alerts). No marketing, no “weekly digest,” no surveys. Cancel by deleting your account at /account.

If anything changes

We'll update this page and date the change at the top. If we ever add server-side conversation storage (we don't plan to), it would be opt-in with a clearly-labeled toggle and a separate “turn it off and forget my history” button.

Questions? Email support@nyptidindustries.com.