Helm

Legal

Privacy Policy

Last updated: 2026-04-22

The short version

Helm is a self-hosted application. The operator of each Helm instance — usually the same person as the user — is the data controller. Your data lives on their server, not on ours, because there is no "ours."

What this instance stores

When you use Helm, the following is persisted on this server:

  • Your account (username + a salted PBKDF2-SHA256 password hash).
  • Your uploaded resume (PDF, DOCX, or LinkedIn export zip) plus a plaintext copy used for AI extraction.
  • The structured profile extracted from your resume: target roles, skills, locations, salary, industry.
  • Jobs you have added to the tracker, search results from public job boards, and notes you attach to applications.
  • Application logs (structured request logs — method, path, status, latency).

What leaves this server

Helm calls third-party services only to do its job. By design:

  • Anthropic (Claude API) — resume text is sent for field extraction; job descriptions are sent for scoring and resume tailoring; your chat messages are sent for AI chat responses. Governed by Anthropic's privacy policy.
  • Public job boards — LinkedIn, Indeed, Glassdoor, ZipRecruiter, Greenhouse, Ashby, Lever, Adzuna. Your search terms are sent. No personal data beyond that.
  • Gmail SMTP (weekly digest) — only if the operator enables it. The digest email is sent via the operator's Gmail account.
  • Sentry — only if the operator opts in via SENTRY_DSN. Stack traces and request metadata, no resume or chat content.

Helm does not include any analytics, trackers, or telemetry on its own.

Your rights

Because this is self-hosted, you should direct data-access, correction, and deletion requests to whoever operates this particular instance. The app includes admin tooling to delete accounts and all associated data on request.

Retention

Your data is retained as long as your account exists on this instance. Nightly backups (if configured by the operator) are retained for 14 days by default.

Changes

This policy may change as Helm evolves. Updates will be posted here and dated.

This is the upstream Helm project's reference privacy policy. Operators running Helm for others — e.g. hosting a shared instance — should replace it with one tailored to their jurisdiction and scope.