Effective date: July 3, 2026 · This policy applies to the applications and online services published by Helperly LLC — including our local-first caregiver diary apps and our connected services (such as need.work) — unless a separate notice is provided for a specific product.
This Privacy Policy explains what information is processed when you use our applications and online services (the “Apps” and “Services”), how it is used, and the choices you have. We describe practices to align with common expectations under the EU General Data Protection Regulation (“GDPR”), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and similar laws. This document is provided for transparency. It is not legal advice; you should have qualified counsel review your final deployment and marketing materials. This policy is drafted in English; translated versions are provided for convenience only, and the English version is authoritative.
The publisher responsible for these Apps and Services is Helperly LLC (“we,” “us,” “our”). For privacy-related requests, contact us through our support form at helperly.org/contact.
Depending on your location, we may be referred to as the data controller (GDPR/UK) or business (CCPA/CPRA) for personal information described in this policy.
This policy covers two categories of products, and it matters which one you are using:
Each product's store listing or website says which category it belongs to, and a specific product may post a supplemental notice that applies together with this policy.
Our health and caregiving Apps are personal care diaries and organizational tools. They are not medical devices and do not provide medical advice. Unless we separately enter a written agreement with a clinic or insurer, we do not act as a “covered entity” or “business associate” under HIPAA (U.S. health privacy rules) for information you enter in the Apps.
For the standard configuration of our Local-First Apps, we do not operate a backend that receives or hosts your diary database, free-text logs, photos, emergency protocols you configure, or similar content. That information is stored locally on your device (for example using on-device databases and secure storage). We do not transmit that content to our servers for storage, backup, analytics, or model training.
If we offer an optional cloud or sync feature in the future, we will describe it separately (including what is encrypted, where it is processed, and your choices) before it applies to you.
Depending on how you use a Local-First App, you may store locally, for example:
You control this information through the App (including export or erase features where provided). Removing the App from your device or using in-app data reset typically deletes local data subject to your operating system’s behavior.
Some of our products cannot work without keeping certain information on our servers. For those Connected Services, we keep only what the service needs to function:
We do not sell this information, we do not use it for third-party advertising profiling, and we do not collect more than the Service needs. Where a Connected Service surfaces third-party content (for example, publicly available job listings in need.work), that content belongs to its original sources; we do not claim it, and we describe its limitations in our Terms of Service.
You can delete content you have saved using the Service's own controls where provided, or ask us to delete your information through our support form. When you delete your account (where accounts exist), we delete or anonymize the associated information within a reasonable period, except where the law requires us to keep it longer.
Even when your content stays on your device, certain third-party services may process limited data:
If a build of an App is configured with crash reporting (for example Sentry via a Data Source Name in environment variables), crash reports, stack traces, and limited device or session metadata may be transmitted to help us diagnose reliability issues. We configure clients to reduce inclusion of obvious sensitive fields; you should review the implementation for your release. Crash reports are not a substitute for your diary database and are not intended to upload your health journal content.
If crash reporting is not enabled for your build, this section does not apply.
Some builds include privacy-respecting, anonymous product analytics (for example PostHog) to understand which features are used and improve the Apps. These usage statistics are anonymous — they are not tied to your identity or to a personal profile, and do not include your name, contacts, precise or IP-based location, or any diary or health-journal content. They cover only general app-usage events such as which screens are viewed, which features are used, your subscription tier, and the app or device version, kept deliberately coarse and aggregated so that no individual can be singled out. Because this data is anonymous and cannot identify you, it is collected as a standard part of using the Apps; it begins only after you accept this Privacy Policy and the in-app disclaimer, and stops if you reset the App’s data. We do not link these statistics to the health information you store on your device.
We keep advertising to a minimum, and we apologize for the ads we do show — they are necessary to cover some of our operating costs. If you are able, an optional paid subscription removes ads entirely and directly supports our mission. Many of our App builds ship without any advertising at all.
Where ads appear, some mobile builds use Google AdMob (or other Google advertising components) to show banner or interstitial ads. AdMob is operated by Google. When ads load, Google may process data such as device identifiers, IP address, coarse location, app identifiers, and ad interaction signals to deliver, measure, personalize (where allowed), and fight fraud. We do not receive your diary or health journal content from AdMob. Google processes data under its own policies and may combine data across apps and sites where permitted by law.
You should review Google’s documents, including:
Where required (for example the EEA, UK, or Switzerland), Google may show a consent message or use limited ads modes depending on your configuration and region. On iOS, Apple’s App Tracking Transparency may apply. In the U.S., you may have opt-out rights for certain “sales” or “sharing” of personal information for cross-context behavioral advertising—use platform settings (for example Google’s Ads Settings) and device controls where available.
Web or desktop builds may use other ad components (for example contextual web ads) when enabled; those providers process data under their own policies. Your App Store / Play data safety disclosures should match the build you ship.
Where GDPR or the UK GDPR applies, we rely on one or more of the following:
Sensitive health-related data you enter is processed on your device to operate the App; where GDPR requires a specific condition for sensitive data, your voluntary use of the App to store that information for your own purposes is the lawful basis described here. For special-category (health) data under GDPR Article 9, our condition is your explicit consent (Article 9(2)(a)), given when you accept this Privacy Policy and the in-app disclaimer, to process the health information you choose to store for your own personal use; you may withdraw it at any time by deleting your data or discontinuing use.
Information stored only on your device is retained until you delete it in the App, erase app data, or uninstall, subject to device backups you control (for example encrypted device backups). Information we receive directly from you (such as support messages) is kept only as long as needed to respond and for legitimate business or legal purposes. For Connected Services, we keep account data and saved content while your account is active or while you continue using the Service, then delete or anonymize it within a reasonable period — and you can ask us to delete it sooner. Crash reports are retained according to our diagnostics provider’s settings and operational needs, typically on a rolling basis.
We use reasonable technical and organizational measures appropriate to each product. For local-first software, because information resides on your device, you should protect device access (passcode, biometrics, disk encryption) and avoid sharing unlocked devices. No method of storage or transmission is 100% secure.
Subject to applicable law, you may have the right to:
For data that exists only on your device, we cannot access or delete it remotely; use in-app tools or device settings. For data we do hold in our systems (for example Connected Service accounts, support messages, or crash metadata tied to random identifiers), contact us through our support form.
CCPA/CPRA (California): We describe our practices in this notice at collection. We do not sell personal information or share it for cross-context behavioral advertising in the sense requiring a “Do Not Sell or Share” link for the Apps and Services described here. If our practices change, we will update this policy and provide required links and methods.
California residents may request to know, delete, or correct personal information we hold (subject to exceptions). We will not discriminate against you for exercising these rights. To submit a request, use our support form. We may verify your request as permitted by law.
Residents of Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws may have similar rights (including appeal rights where applicable). Contact us the same way.
Sensitive personal information: Under CPRA, certain health-related information is sensitive. Your health journal content is processed on-device as described above; we do not use it for purposes beyond providing the App’s local functionality and as stated in this policy.
If you live outside the regions above, local laws may grant you similar rights. Where the GDPR does not apply, we still aim to honor reasonable privacy requests for information we control.
The Apps and Services are intended for adults and caregivers. They are not directed at children for independent sign-up. If you believe we have inadvertently collected personal information from a child in a way that violates applicable law, contact us and we will take appropriate steps.
For purely local processing, your diary content does not leave your device to our systems. If we process personal data in our systems (for example Connected Service accounts or messages you send us), that information may be processed in the country where we operate or where our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses).
We do not use your information for solely automated decisions that produce legal or similarly significant effects regarding you.
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where required, provide additional notice (for example in-app or via store listing). Continued use of the Apps and Services after the effective date may be subject to the updated policy as permitted by law.
To the maximum extent permitted by law, the Apps and Services are provided “as is.” This policy is intended to describe practices accurately but is not a contract. Nothing in this policy limits any non-waivable rights you may have under consumer protection or privacy laws.
Privacy inquiries and rights requests: use our support form at helperly.org/contact.