Personal Data We Collect
When you create a Helio account with us, we collect the following Personally Identifiable Information ("PII"):
- Phone Number
- Email address
- IP address
You make the decision whether to proceed with our request for your PII. However, if you decide not to provide the requested information, you will be unable to use Helio.
You warrant and promise that you're 13 years of age or older. ZURB does not intend to collect PII from anyone under the age of 13 (or 16, if you are a citizen of the EU). You must not engage to use Helio unless you are lawfully allowed to do so.
How We Use Your Personal Information
We use PII for the purpose of managing your Helio account, including:
- To process transactions
- To provide services in accordance with our Terms of Service applicable to the type of account you sign up for.
- Develop new products and services
- Manage the performance or our Platform.
- Monitor and analyze trends, usage, and activities in connection with our Platform.
We may use PII for various purposes related to communicating with you, including:
- Providing customer support
- Send you technical notices, updates, security alerts and support, administrative messages, and promotional emails.
ZURB will not sell PII to anyone. One exception would be only in the event that ZURB or any of its Intellectual Property is sold. In this case we would transfer PII to the buyer in order for them to continue to provide the same great ZURB service.
ZURB may disclose to authorized law enforcement personnel, PII from anyone who poses a threat. This might include those that are attempting to commit fraud or those who conduct activities that could bring harm to others. We assume that this is not you so please don’t worry.
Occasionally, we may share PII with our selected business partners for the purpose of providing improved services. If you prefer that we not provide your PII to our business partners, let us know by using one of the methods described below in this policy. We also might retain the services of outside contractors for the purpose of providing training services, technical support, to develop improved services, handle order processing or to perform other services. We require that these contractors maintain the same level of security and confidentiality that ZURB does.
We provide a number of ways for you to “opt-out” of receiving additional information from us or having us provide your PII to our partners. We may offer you these choices at the time you give us your information. Users who no longer wish to receive our promotional communications may opt-out of receiving these communications by replying to a promotional email communication, writing “unsubscribe” in the subject line, or by simply emailing us at [email protected].
Our Web pages may contain links to other sites. We do not share PII with those websites and are not responsible for their privacy policies. We encourage you to learn about the privacy policies of those companies.
When you visit any of ZURB's web pages, we may store information about your web session and assign you one or more ‘cookies’. Your browser will store these cookies on your computer in a small text ﬁle. For example, when you decide to login as a user, we store encrypted information in your browser so you don’t have to login on every page.
ZURB has a sophisticated security program for keeping the information stored in our system protected from unauthorized access. We store your information in a secure data center located in the United States, and replicated in secure regions around the world. Here are some of the key features of our security practices:
- All user data is encrypted at rest.
- All user data is encrypted in transit.
- Our service is hosted on AWS, to learn more about their security practices, visit: https://aws.amazon.com/security/
- Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions
- Firewall and VPN services to help block unauthorized system access
- User data is stored and encrypted on a network not connected to the internet.
- Systems access logged and tracked for auditing purposes
- All changes to user accounts are logged for auditing
- Regular, off-premise, multi-region, backups.
- User data is soft-deleted to protect from user mistakes. Data is permanently deleted when the account is scheduled for deletion, you can cancel your account at anytime by going to Account Settings and choosing “Cancel My Account”
- All software dependencies are kept up to date and are patched on a regular basis.
- Stable system updates and security patches are applied at the hardware level when they are released.
- All user data is served over HTTPS with TLS 1.2 and TLS 1.3 with HSTS enabled.
- Two factor authentication is available for extra security.
- All passwords are salted and encrypted.
- Requests to authorize users in our system are rate limited to protect from malicious traffic.
- Tester identifying data is stored separately from their responses to preserve their anonymity.
- We do not collect credit card information.
If you are aware of any security issues with regards to our service, please report them to: [email protected].
Specific Rights for EU Citizens:
- Data Portability - you have the right to have your data sent to you upon request. You may request your data by reaching out to [email protected]. We will email your requested data as a JSON file.
- Right to be Forgotten - You have the right to erasure of PII if: (a) it's no longer needed for the original purpose (& no new lawful purpose exists), (b) you revoke consent & there's no other lawful basis for processing, (c) the PII has been processed unlawfully, and (d) erasure is necessary for compliance with EU law or the national law of the relevant member state.
- Right of Rectification - if ZURB is acting as Controller with regards to your PII we ensure that inaccurate or incomplete data is erased or rectified and you have the right to rectification or inaccurate PII
- Right of Transparency & Access - you have the right to obtain (among other things): (a) confirmation of whether, and where we are processing your PII, (b) information about the purposes of the processing, (c) information about the categories of recipients with whom the data may be shared, (d) when the PII in our possession is not collected directly from you, information as to the source of the data. and (e) information about the existence of, and an explanation of the logic involved, in any automated processed that has a significant effect on you. ( (e) does not pertain to any data processed by ZURB)