Legal
Privacy Policy
This explains what Helm collects, why, and the choices you have — written in plain language, without the boilerplate.
Overview
Helm ("Helm", "we", "us") is a voyage tracker and live AIS ship-tracking app for cruise passengers, crew, and ship enthusiasts. Helm is a standalone product — it isn't operated under, or affiliated with, any other brand — and this policy covers the Helm app and this website only.
Helm's guiding principle is simple: we collect what's needed to run the logbook, the planner, and live tracking — nothing that isn't. We never sell your data.
Data we collect
What we collect depends on how you use the app.
Account identity
- Sign in with Apple is Helm's only sign-in method. Apple gives us a unique, app-specific identifier for your account (not your Apple ID email), plus your name and email address only if you choose to share them at the Apple sign-in prompt — Apple lets you decline or use "Hide My Email," in which case we only ever see a private relay address, never your real one. We never receive your Apple password or any data from your other Apple ID–linked apps.
- Profile — a display name, a unique handle, an optional avatar image, your persona (passenger / crew / enthusiast), and an optional home port.
Voyage, planner & budget data
- Voyages — ship, embark/disembark ports, dates, cabin number and category, nautical miles, notes, and an optional cover image.
- Plans — itinerary items you add per day (dining, excursions, shows, spa, reminders, notes) with times, locations, and booking references.
- Budget entries — amounts, currency, category, and labels you log for a voyage. Helm only stores the numbers you type in; it is never connected to any bank, card, or payment account.
- Keepsake voyage cards you generate (these are rendered on your device; sharing them is your choice).
Voyages default to private. You choose, per voyage, whether to make it visible to people who follow you ("friends") or to everyone ("public") — see below.
Social features (opt-in)
- Follows — who you follow, and who follows you.
- Public profile — if you set a voyage to "public," its title, dates, nights, and distance appear on your public profile (reachable via your handle) and in the feed of people who follow you.
- "Who's aboard" — if you mark a voyage "public" or "friends" and it's active, other users logged as being on the same ship at the same time can see your display name, handle, and avatar in that voyage's "who's aboard" list.
These features are opt-in via your per-voyage visibility setting. Nothing is shared publicly by default.
Notifications
Helm's backend can store a device push token against your account for features like departure/arrival alerts and social notifications. Push notifications are not live yet in the current build — if/when they're enabled, we'll update this policy and the in-app settings, and you'll be able to disable them any time in iOS Settings.
Membership status
If you join the Watch, Apple's App Store/StoreKit gives our backend a signed transaction receipt, which we verify directly with Apple. From that we store which product you bought, whether your membership is active, and its expiry/renewal date. We never receive or store your card number, billing address, or other payment details — that's handled entirely by Apple.
Weather & ship-position lookups
When you view sea conditions or a tracked ship's position, the app sends coordinates (the ship's or a port's position — not your device location) to our backend, which relays them to our weather provider to fetch a marine forecast. We cache the result keyed to a rounded location grid and hour, not to you personally.
What we do not collect
- No advertising identifiers (IDFA) and no ad-network SDKs.
- No third-party analytics or behavioural-tracking SDKs.
- No payment card, bank, or billing-address data — Apple handles all payment processing.
- No contacts, photo library, microphone, camera, or precise device-location access.
- Helm never sells, rents, or uses your data to build advertising profiles.
Server logs
Like any web service, our backend produces routine operational logs (timestamps, endpoint paths, response codes, coarse error messages) to keep the service running and to debug failures. These are not used for analytics, profiling, or advertising, and are retained only as long as needed for operational and security purposes.
How we use it
- To run the app — sync your voyages, plans, and budgets across your devices; verify your Helm Premium entitlement.
- To show you live ship data — match the ship you're tracking to its live AIS feed and marine weather.
- To power social features — if you opt in, show your public profile to people who follow you, and let you see who else is aboard a voyage you've logged.
- To keep the service reliable and secure — prevent abuse and maintain uptime.
- To communicate with you — respond to support requests, and send essential service notices (for example, a subscription receipt). We do not send marketing email unless you ask us to.
Location & ship tracking, specifically
Helm's live tracking uses AIS (Automatic Identification System) data — the same public maritime transponder signals ships broadcast for navigational safety — sourced from AISStream (aisstream.io). This tells you where a ship is; it is not your personal location, and none of your personal data is sent to AISStream.
Helm does not request Location permission on iOS and does not access your device's GPS in the background. No on-device location is ever sent to our servers — only ship and port coordinates that are already public reference data.
Sharing
We share the minimum data necessary with these categories of third party. None of them may use your data for their own advertising purposes, and we do not use any advertising, marketing, or analytics third parties.
- Apple — for Sign in with Apple identity-token verification and StoreKit subscription processing, governed by Apple's own privacy policy for the parts of the flow Apple handles directly.
- AISStream — we receive public vessel AIS broadcast positions (ship identity, position, heading, speed) from AISStream; we don't send them any of your personal data.
- Our weather provider (Open-Meteo) — coordinates only (ship/port location), not tied to your identity, for marine weather/sea-state forecasts.
- Our hosting and database provider — runs the servers and database Helm's backend runs on, as our data processor, under contracts that limit them to providing that service.
- Other Helm users — only for the profile fields and voyage details you deliberately make visible via social/follow features. Nothing is public by default.
- Legal requirements — if we're required to disclose data to comply with the law, or to protect the rights, safety, or property of Helm, our users, or the public.
We do not sell your personal data, and we do not share it for cross-context behavioural advertising.
The Watch & payment data
The Watch ($49.99/year or $5.99/month, with a 14-day free trial) is sold and billed entirely through Apple's App Store — "subscription" is the term Apple's own purchase sheet uses, for platform-compliance reasons, but everywhere else we call it a membership. Apple — not Helm — collects and processes your payment details. Helm receives only a signed receipt confirming your entitlement status, which we verify against Apple's servers before unlocking Watch features on your account.
For how to manage, change, or cancel the Watch, see Support → The Watch.
Data retention
We retain your account and content for as long as your account is active. If you delete your account (see Support → Delete your data), we delete your personal data and user content within a reasonable period, except where we must keep limited records for legal, tax, fraud-prevention, or dispute-resolution purposes — for example, subscription transaction records Apple or tax law requires us to retain for a set period.
Cached weather data and vessel AIS position history are reference/operational data, not personal data, and are retained on an operational basis (for example, rolling windows) independent of any individual account.
Your rights & choices
Wherever you're located, you can email support@helm.voyage at any time to:
- Access — get a copy of the personal data we hold about you.
- Export — get your voyages, plans, and budget entries in a portable format.
- Correct — fix inaccurate profile or account data (you can also edit your display name, handle, persona, and home port directly in the app).
- Delete — permanently delete your account and associated personal data and content. You can also delete individual voyages in-app any time.
- Object or restrict — object to certain processing, or ask us to limit how we use your data.
- Withdraw consent — for anything based on consent (like social/follow visibility), turn it off at any time in-app.
If you're in the UK or EEA, these are your rights under UK GDPR/GDPR (access, rectification, erasure, restriction, portability, and objection), and you can also lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office, ico.org.uk) if you believe we haven't handled your data properly. If you're a California resident, you have similar rights under the CCPA/CPRA (know, delete, correct, and opt out of sale/sharing) — Helm does not sell or share personal data for cross-context advertising.
We respond to verified requests within a reasonable time and in any event within the time limits required by applicable law — see Support for details.
Security
We use industry-standard measures to protect your data, including encryption in transit (HTTPS/TLS) between the app and our backend, hashed/signed authentication tokens, server-side verification of all Apple identity tokens and StoreKit transactions (we never trust client-supplied purchase claims), and access controls on our database and hosting infrastructure. No method of transmission or storage is 100% secure, but we work to protect your information using measures appropriate to its sensitivity.
International data transfer
Our servers and database may be located in a different country from where you use Helm. Where we transfer personal data internationally (for example, from the UK/EEA to a hosting region outside it), we rely on appropriate safeguards such as the UK International Data Transfer Addendum or the EU Standard Contractual Clauses, or transfers to regions the UK/EU consider to provide adequate protection.
Children
Helm is not directed at children, and you must be at least 16 years old to create a Helm account. Helm's social features (public profiles, follows, "who's aboard") mean some content you post may be visible to other users, and we restrict the minimum age accordingly. If we learn we've collected personal data from someone under this age without appropriate consent, we'll delete that account and data.
Changes to this policy
We may update this policy from time to time, for example as we add features (like push notifications) or change providers. We'll update the "Last updated" date above, and for material changes we'll provide notice in the app or by email before the changes take effect.
Contact
Questions about this policy or your data? Email support@helm.voyage. We aim to respond to all privacy requests within a reasonable time and within any limits required by law.
Have a specific request?
Access, export, correction, or deletion — we handle these directly, no ticket queue.