Helios PIPEDA Privacy Notice

Helios Policy Center

PIPEDA Privacy Notice

Helios is committed to protecting personal information in accordance with applicable privacy law, including Canada’s Personal Information Protection and Electronic Documents Act, where and to the extent PIPEDA applies.

This notice explains how Helios handles personal information relating to Canadian individuals and Canadian-facing commercial activity on the Helios platform, including account registration, profile creation, expert and company participation, communications, support, transactions, trust and safety reviews, and related platform operations.

Who this notice is for

This notice is intended for Canadian individuals and activities where PIPEDA applies to Helios’s collection, use, or disclosure of personal information in the course of commercial activity.

How this notice relates to other Helios policies

This notice should be read together with the Helios Privacy Policy, Terms of Service, Trust & Safety Policy, and any applicable product, payment, verification, or safety notices.

What PIPEDA generally covers

PIPEDA is Canada’s federal private-sector privacy law governing the collection, use, and disclosure of personal information in the course of commercial activity. It is structured around ten fair information principles.

Scope, Accountability & Purposes

01Scope and ApplicationWhen the PIPEDA Privacy Notice applies and what personal information means.+

This notice applies to personal information collected, used, or disclosed by Helios in the course of commercial activity where PIPEDA applies.

For purposes of this notice, “personal information” generally means information about an identifiable individual, subject to legal exceptions under applicable law.

This notice provides a clear explanation of Helios’s privacy practices under PIPEDA and does not limit any additional protections Helios may provide under other privacy laws, contractual commitments, or internal policies.

Examples
  • A Canadian expert creates a Helios profile and provides contact details, credentials, and service descriptions.
  • A Canadian-facing company submits a support request containing contact information and transaction context.
  • A user participates in verification, trust and safety, or payment workflows that require personal or business-related information.
Practical guidance

Only provide information you are authorized to share, and avoid submitting unnecessary personal or sensitive information unless Helios specifically requests it for a legitimate platform process.

02AccountabilityHelios’s responsibility for personal information under its control.+

Helios is responsible for personal information under its control and maintains internal measures designed to support privacy compliance.

Helios may designate a privacy lead, privacy contact, or other responsible personnel to oversee privacy governance, respond to privacy inquiries, coordinate incident handling, support access and correction workflows, and monitor compliance.

Helios may use third-party service providers for hosting, analytics, support, verification, payments, security, communications, and other operational functions. Where personal information is transferred to service providers for processing, Helios remains responsible for that information under PIPEDA’s accountability principle and may use contractual, technical, and organizational safeguards.

Examples
  • Helios uses a payment provider to process transaction-related data while maintaining responsibility for information under Helios’s control.
  • Helios uses support or infrastructure vendors subject to appropriate contractual and operational safeguards.
Practical guidance

Users should direct privacy inquiries through the designated Helios privacy contact or support route so the request can be reviewed consistently.

03Identifying PurposesWhy Helios may collect, use, or disclose personal information.+

Helios identifies the purposes for which personal information is collected before or at the time of collection, except where otherwise permitted or required by law.

Helios may collect, use, or disclose personal information for purposes including:

  • Creating, administering, and securing Helios accounts
  • Building and displaying user, expert, company, vendor, association, student, or partner profiles
  • Enabling marketplace participation, including gigs, quick tasks, service requests, consultations, communications, and transactions
  • Verifying identity, authority, eligibility, business affiliation, credentials, or profile legitimacy
  • Processing payments, payouts, billing events, refunds, tax-related workflows, and transaction support
  • Responding to support requests, platform inquiries, and operational communications
  • Maintaining platform integrity, investigating misconduct, preventing fraud, enforcing policies, and protecting users, Helios, and third parties
  • Improving platform features, matching systems, search, discoverability, and operational performance
  • Complying with legal, regulatory, tax, audit, dispute-resolution, recordkeeping, and law-enforcement response obligations
  • Establishing, exercising, or defending legal claims or rights

Where Helios requests information for a specific use case, Helios may provide additional just-in-time notice, in-product disclosure, onboarding explanation, or contextual language.

Examples
  • Helios requests identity or business information to verify eligibility for expert, seller, or vendor features.
  • Helios reviews message, account, listing, and transaction context to investigate fraud or safety concerns.
  • Helios uses platform activity data to improve search, matching, and operational performance.
Practical guidance

When a feature requests information, review the surrounding notice or form language to understand the purpose of collection.

Consent, Collection, Use & Retention

04ConsentHow Helios seeks consent where required by applicable law.+

Helios seeks consent for the collection, use, and disclosure of personal information where required by applicable law.

Depending on the context, Helios may rely on express consent, implied consent, or another lawful basis recognized under applicable law. Consent may be sought through account registration flows, privacy notices, service request forms, application or verification submissions, in-product actions, communications with Helios, acceptance of platform terms, or other clear user actions.

Where information is more sensitive, or where the context warrants heightened clarity, Helios may request more explicit forms of agreement or confirmation.

Helios may collect, use, or disclose personal information without consent where permitted or required by applicable law, including in certain legal, security, investigative, fraud-prevention, emergency, or compliance circumstances.

Examples
  • A user submits a verification form and confirms that the information may be used for eligibility review.
  • A user contacts support and provides information necessary to resolve an account issue.
  • Helios processes information without consent when legally permitted for fraud prevention, security response, or compliance review.
Practical guidance

Read the notice attached to account, profile, transaction, verification, or support workflows before submitting information.

05Limiting CollectionCategories of personal information Helios may collect when reasonably necessary.+

Helios limits its collection of personal information to what is reasonably necessary for the purposes identified by Helios and collects such information by fair and lawful means.

Depending on how an individual uses the platform, Helios may collect categories of information such as:

  • Name, email address, telephone number, username, job title, and company affiliation
  • Profile content, expertise, certifications, service descriptions, portfolio materials, project examples, business information, and related marketplace details
  • Communications submitted through forms, messaging tools, support channels, verification processes, reports, or safety workflows
  • Payment-related, payout-related, billing-related, and transaction-related information processed directly or through service providers
  • Identity or business verification information where needed for safety, fraud prevention, marketplace integrity, or policy enforcement
  • Technical, device, log, and usage information
  • Content, files, attachments, technical data, manuals, CAD-related materials, and other information voluntarily uploaded or submitted through platform features
  • Any other information the individual chooses to provide in connection with use of Helios

Helios does not intend to collect personal information beyond what is reasonably necessary for legitimate platform, legal, safety, and operational purposes.

Examples
  • An expert profile may include work history, certifications, service descriptions, and portfolio materials.
  • A support ticket may include messages, screenshots, account identifiers, or relevant transaction details.
  • Verification may require documentation depending on the level of access, payout, or marketplace activity requested.
Practical guidance

Before uploading files or profile content, remove personal data that is not needed for the specific platform purpose.

06Limiting Use, Disclosure, and RetentionHow Helios limits use, disclosure, and retention of personal information.+

Helios uses and discloses personal information only for the purposes for which it was collected, for uses reasonably related to those purposes, or as otherwise permitted or required by law.

Helios may disclose personal information to service providers, payment and payout providers, verification vendors, hosting and infrastructure providers, analytics vendors, communications vendors, security providers, professional advisers, insurers, auditors, counterparties involved in requested transactions or engagements, and authorities or third parties where disclosure is required or permitted by law.

Helios may also disclose information in connection with legal claims, investigations, fraud prevention, protection of rights and safety, business transfers, financing, merger, acquisition, reorganization, insolvency proceedings, or sale of some or all assets, subject to applicable legal requirements.

Helios retains personal information only for as long as reasonably necessary for identified purposes, legal or regulatory obligations, disputes, records, enforcement, platform integrity, legitimate business needs, or security needs. Helios may then delete, anonymize, de-identify, aggregate, or securely dispose of information in accordance with applicable retention practices and technical limitations.

Examples
  • Payment-related data may be shared with payment processors to complete billing, payout, refund, tax, or dispute workflows.
  • Account information may be retained while a dispute, fraud review, legal claim, or compliance obligation remains active.
  • Information may be de-identified or aggregated for reporting, analytics, or service improvement.
Practical guidance

Do not assume deleting visible profile content immediately removes all related records; some data may remain temporarily or longer where legally or operationally required.

Quality, Security & Transparency

07AccuracyKeeping information accurate, complete, and up to date where necessary.+

Helios takes reasonable steps to ensure that personal information is as accurate, complete, and up to date as necessary for the purposes for which it is to be used.

Individuals are responsible for ensuring information submitted to Helios is truthful, current, and complete, and for updating account or profile information where appropriate.

Helios may request updated documentation or clarification where accuracy is important for verification, safety, transaction integrity, or compliance.

Examples
  • A vendor updates its business contact information after a change in authorized representative.
  • An expert updates certifications, portfolio materials, or service descriptions so profile claims remain current.
  • Helios requests clarification when verification records appear inconsistent or outdated.
Practical guidance

Keep your account, profile, business, payment, and verification information current to avoid account limits, delays, or inaccurate marketplace signals.

08SafeguardsSecurity measures used to protect personal information.+

Helios protects personal information using safeguards appropriate to the sensitivity of the information.

Helios may use administrative, technical, contractual, and physical safeguards such as access controls, least-privilege permissions, authentication measures, encryption in transit and where appropriate at rest, environment segregation, secure development and operational practices, vendor controls, logging, monitoring, confidentiality obligations, workforce training, incident response procedures, and secure retention or disposal measures.

No internet transmission, electronic storage method, or security control is completely secure. While Helios works to protect personal information using appropriate measures, Helios cannot guarantee absolute security.

Examples
  • Access controls restrict internal access to personal information based on role and business need.
  • Vendor controls and confidentiality obligations support secure handling of data by service providers.
  • Logging and monitoring may help identify account compromise or suspicious access patterns.
Practical guidance

Use strong credentials, secure your devices, avoid sharing passwords, and report suspected unauthorized access promptly.

09Openness and TransparencyHow Helios makes privacy practices available and understandable.+

Helios makes information available about its privacy practices through this notice, the Helios Privacy Policy, contextual notices, trust and safety materials, help content, and direct communications where appropriate.

Helios may provide additional explanations concerning particular features, categories of processing, or specific transactions where doing so would improve clarity, consent quality, or user understanding.

Examples
  • A profile creation flow may explain how profile information will be displayed or used.
  • A verification flow may provide additional context about why documents or business records are requested.
  • A support or safety workflow may explain how submitted information may be reviewed.
Practical guidance

Review contextual notices and help-center materials before using new features or submitting sensitive information.

Individual Rights, Complaints & Service Providers

10Access and Correction RightsHow individuals may request access to or correction of personal information.+

Subject to identity verification, legal limitations, and applicable exceptions, individuals may request access to personal information Helios holds about them and may request correction of inaccurate or incomplete personal information.

When responding to an access or correction request, Helios may verify identity and authority, clarify the request scope, protect privacy and rights of others, and comply with applicable legal obligations. Where Helios cannot provide access in full, Helios may explain the basis for any limitation or refusal as permitted or required by law.

Examples
  • A user asks Helios for access to personal information associated with their account.
  • A user requests correction of an outdated email address, job title, company affiliation, or profile detail.
  • Helios limits access to information that would reveal another user’s private information or is subject to legal restrictions.
Practical guidance

Make requests specific when possible, and be prepared to verify identity before Helios can disclose or correct personal information.

11Challenging Compliance and ComplaintsHow individuals can raise privacy questions, concerns, or complaints.+

Individuals may contact Helios with questions, concerns, or complaints about Helios’s handling of personal information or compliance with this notice.

Helios may request additional information reasonably necessary to understand, verify, investigate, and resolve a complaint. Helios may also maintain internal complaint-handling and escalation procedures designed to support fair and consistent review.

Examples
  • A user asks why specific verification information was requested.
  • A user reports that their private information appears in a public-facing area.
  • A user asks Helios to review whether information was handled consistently with the PIPEDA Privacy Notice.
Practical guidance

Include enough context for Helios to investigate, such as account information, links, dates, screenshots, affected records, and the specific concern.

12Cross-Border Processing and Service ProvidersProcessing outside a user’s home jurisdiction and third-party provider safeguards.+

Helios may store or process personal information in jurisdictions outside an individual’s home province, territory, or country, including through cloud services, support operations, infrastructure providers, or other service providers.

Where Helios uses third-party processors, Helios remains accountable for personal information under its control and may implement contractual and operational safeguards appropriate to the circumstances.

Personal information may be subject to the laws of the jurisdiction in which it is processed or stored, including lawful access requirements applicable in that jurisdiction.

Examples
  • Cloud infrastructure or support tools may process information outside Canada.
  • Payment, verification, or communications vendors may handle information under their own operational environments and legal obligations.
  • Helios may use contractual safeguards with providers that process personal information on its behalf.
Practical guidance

Do not upload information unless it is needed for the relevant platform feature, transaction, support request, or verification workflow.

Incidents, Sensitive Information, Third Parties & Updates

13Breach Response and NotificationHow Helios may respond to breaches of security safeguards.+

If Helios becomes aware of a breach of security safeguards involving personal information under its control, Helios may investigate, contain, document, and remediate the incident.

Under PIPEDA’s breach regime, organizations must report certain breaches of security safeguards to the Office of the Privacy Commissioner of Canada, notify affected individuals where the breach creates a real risk of significant harm, and keep records of all breaches of security safeguards.

Where applicable, Helios may assess sensitivity, probability of misuse, scope of exposure, and likelihood of significant harm in determining whether notification or reporting obligations are triggered. Helios may also notify other organizations, institutions, insurers, vendors, or authorities where appropriate and permitted by law.

Examples
  • Helios investigates whether an unauthorized access event affected personal information.
  • Helios evaluates whether exposed information is sensitive and whether misuse is probable.
  • Helios notifies appropriate parties where legal requirements or risk-reduction measures call for notification.
Practical guidance

Report suspected account compromise quickly and preserve relevant evidence such as unusual login notices, suspicious messages, or unauthorized account changes.

14Children, Minors, and Sensitive InformationExpectations for avoiding unnecessary sensitive information.+

Helios expects users to provide only information they are authorized to provide and to avoid submitting unnecessary sensitive personal information unless specifically required for a legitimate platform process.

Where a feature, transaction, or safety process may require more sensitive information, Helios may apply additional handling, restriction, or review measures appropriate to the circumstances.

If Helios learns that personal information has been provided in a manner inconsistent with applicable law, platform rules, or authorization requirements, Helios may restrict access, remove content, request clarification, or take other appropriate operational or safety action.

Examples
  • A user removes unnecessary personal identifiers from an uploaded technical file before sharing it.
  • Helios requests clarification when a profile, file, or support submission appears to include unnecessary sensitive information.
  • Helios restricts or removes content that contains private information submitted without proper authorization.
Practical guidance

Before uploading content, check whether it contains minors’ information, health details, government identifiers, private contact details, or other sensitive data that is not needed.

15Third-Party Services and Platform CounterpartiesHow third-party terms and counterparties may apply to user interactions.+

Helios may integrate with, rely on, or direct users to third-party services for payments, payouts, communications, infrastructure, identity verification, analytics, or other functions. Those third parties may operate under their own privacy terms and legal obligations.

Where Helios acts as the platform intermediary rather than the independent controller for a third party’s practices, the third party’s own policies may also apply.

Where users voluntarily interact with other users, clients, experts, vendors, associations, or partners through Helios, personal information shared in connection with those interactions may be processed by the receiving party according to its own legal obligations and policies, subject to Helios’s platform rules and applicable agreements.

Examples
  • A payment provider processes billing or payout details under its own privacy and service terms.
  • A vendor receives user information needed to complete a requested marketplace engagement.
  • A third-party verification provider may process identity or business records under applicable provider terms.
Practical guidance

Review third-party privacy terms when using services connected to payments, verification, communications, or external tools.

16Updates to This PolicyHow Helios may update this PIPEDA Privacy Notice.+

Helios may update this PIPEDA Privacy Notice from time to time to reflect changes in legal requirements, platform functionality, operational practices, service-provider relationships, or risk-management measures.

When Helios makes material changes, Helios may update the effective date or last-updated date and may provide additional notice where appropriate.

Practical guidance

Review updated versions of this notice periodically, especially when new Helios features, transaction workflows, or privacy-related notices are introduced.

17Contact HeliosWhere users may send privacy questions, requests, or complaints.+

If you have questions, requests, or complaints relating to this PIPEDA Privacy Notice or Helios’s handling of personal information, you may contact Helios.

Helios Privacy Contact
Email: Support@helios.supplies

If applicable law gives you the right to escalate concerns to a privacy regulator, you may also have the right to contact the Office of the Privacy Commissioner of Canada.

Practical guidance

For faster review, include the type of request, the account or email involved, relevant dates, and whether you are requesting access, correction, complaint review, or another privacy action.

Related Helios Policies

Use these related Helios pages for additional privacy, legal, safety, and platform-governance context.

Share an Idea or Feedback

or join our Ideas to Impact program

peopl-with-lightbulb-icon-2026-01-07-23-53-47-utc copy.jpg

Help us improve Helios, uncover new opportunities, and build what matters most. Share your idea, feedback, suggestion, or recommendation.