Helios PIPEDA Policy

Helios is committed to protecting personal information in accordance with applicable privacy law, including the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”), where and to the extent PIPEDA applies. PIPEDA is Canada’s federal private-sector privacy law governing the collection, use, and disclosure of personal information in the course of commercial activity, and it is structured around ten fair information principles.

This PIPEDA Policy explains how Helios handles personal information relating to Canadian individuals and Canadian-facing commercial activity on the Helios platform, including account registration, profile creation, expert and company participation, communications, support, transactions, trust and safety reviews, and related platform operations. This Policy should be read together with the Helios Privacy Policy, Terms of Service, Trust & Safety Policy, and any applicable product, payment, verification, or safety notices.

1. Scope and Application

This Policy applies to personal information collected, used, or disclosed by Helios in the course of commercial activity where PIPEDA applies. In general, PIPEDA applies to private-sector organizations that collect, use, or disclose personal information in the course of commercial activity.

For purposes of this Policy, “personal information” generally means information about an identifiable individual, subject to legal exceptions under applicable law.

This Policy is intended to provide a clear explanation of Helios’s privacy practices under PIPEDA, but it does not limit any additional protections Helios may provide under other privacy laws, contractual commitments, or internal policies.

2. Accountability

Helios is responsible for personal information under its control and maintains internal measures designed to support privacy compliance. PIPEDA’s accountability principle requires organizations to be responsible for personal information under their control and to designate an individual or individuals accountable for compliance.

Helios may designate a privacy lead, privacy contact, or other responsible personnel to oversee privacy governance, respond to privacy inquiries, coordinate incident handling, support access and correction workflows, and monitor compliance with this Policy and related privacy requirements.

Helios may use third-party service providers to support hosting, analytics, customer support, identity verification, payment processing, security, communications, and other operational functions. Where Helios transfers personal information to service providers for processing, Helios remains responsible for that information under PIPEDA’s accountability principle and may use contractual, technical, and organizational measures appropriate to the sensitivity of the information and nature of the processing.

3. Identifying Purposes

Helios identifies the purposes for which personal information is collected before or at the time of collection, except where otherwise permitted or required by law. This aligns with PIPEDA’s identifying-purposes principle.

Helios may collect, use, or disclose personal information for purposes including:

  • Creating, administering, and securing Helios accounts
  • Building and displaying user, expert, company, vendor, association, student, or partner profiles
  • Enabling marketplace participation, including gigs, quick tasks, service requests, consultations, communications, and transactions
  • Verifying identity, authority, eligibility, business affiliation, credentials, or profile legitimacy
  • Processing payments, payouts, billing events, refunds, tax-related workflows, and transaction support through Helios or its service providers
  • Responding to support requests, platform inquiries, and operational communications
  • Maintaining platform integrity, investigating misconduct, preventing fraud, enforcing policies, and protecting users, Helios, and third parties
  • Improving platform features, matching systems, search, discoverability, and operational performance
  • Complying with legal, regulatory, tax, audit, dispute-resolution, recordkeeping, and law-enforcement response obligations
  • Establishing, exercising, or defending legal claims or rights

Where Helios requests information for a specific use case, Helios may provide additional just-in-time notice, in-product disclosure, onboarding explanation, or contextual language to further explain the applicable purpose.

Helios seeks consent for the collection, use, and disclosure of personal information where required by applicable law. Under PIPEDA, consent is a core principle, and the Office of the Privacy Commissioner of Canada states that consent should be valid and meaningful.

Depending on the context, Helios may rely on express consent, implied consent, or another lawful basis recognized under applicable law. Helios generally seeks consent through account registration flows, privacy notices, service request forms, application or verification submissions, in-product actions, communications with Helios, acceptance of platform terms, or other clear user actions.

Helios aims to make its privacy disclosures understandable and reasonably tailored to the context, sensitivity of the information, and reasonable expectations of the individual. Where information is more sensitive, or where the context warrants heightened clarity, Helios may request more explicit forms of agreement or confirmation.

Helios may collect, use, or disclose personal information without consent where permitted or required by applicable law, including in certain legal, security, investigative, fraud-prevention, emergency, or compliance circumstances.

5. Limiting Collection

Helios limits its collection of personal information to what is reasonably necessary for the purposes identified by Helios and collects such information by fair and lawful means, consistent with PIPEDA’s limiting-collection principle.

Depending on how an individual uses the platform, Helios may collect categories of information such as:

  • Name, email address, telephone number, username, job title, and company affiliation
  • Profile content, expertise, certifications, service descriptions, portfolio materials, project examples, business information, and related marketplace details
  • Communications submitted through forms, messaging tools, support channels, verification processes, reports, or safety workflows
  • Payment-related, payout-related, billing-related, and transaction-related information processed directly or through service providers
  • Identity or business verification information where needed for safety, fraud prevention, marketplace integrity, or policy enforcement
  • Technical, device, log, and usage information
  • Content, files, attachments, technical data, manuals, CAD-related materials, and other information voluntarily uploaded or submitted through platform features
  • Any other information the individual chooses to provide in connection with use of Helios

Helios does not intend to collect personal information beyond what is reasonably necessary for legitimate platform, legal, safety, and operational purposes.

6. Limiting Use, Disclosure, and Retention

Helios uses and discloses personal information only for the purposes for which it was collected, for uses that are reasonably related to those purposes, or as otherwise permitted or required by law. PIPEDA includes a specific principle requiring organizations to limit use, disclosure, and retention.

Helios may disclose personal information to service providers, payment and payout providers, verification vendors, hosting and infrastructure providers, analytics vendors, communications vendors, security providers, professional advisers, insurers, auditors, counterparties involved in requested transactions or engagements, and authorities or third parties where disclosure is required or permitted by law.

Helios may also disclose information in connection with legal claims, investigations, fraud prevention, protection of rights and safety, business transfers, financing, merger, acquisition, reorganization, insolvency proceedings, or sale of some or all assets, subject to applicable legal requirements.

Helios retains personal information only for as long as reasonably necessary for the identified purposes, to meet legal or regulatory obligations, to resolve disputes, to maintain appropriate records, to enforce agreements and policies, to protect platform integrity, or to support legitimate business and security needs. Helios may then delete, anonymize, de-identify, aggregate, or securely dispose of information in accordance with applicable retention practices and technical limitations.

7. Accuracy

Helios takes reasonable steps to ensure that personal information is as accurate, complete, and up to date as necessary for the purposes for which it is to be used, consistent with PIPEDA’s accuracy principle.

Individuals are responsible for ensuring that information they submit to Helios is truthful, current, and complete, and for updating their account or profile information where appropriate. Helios may also request updated documentation or clarification where accuracy is important for verification, safety, transaction integrity, or compliance.

8. Safeguards

Helios protects personal information using safeguards appropriate to the sensitivity of the information. PIPEDA’s safeguards principle requires organizations to protect personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification, while recognizing that the specific safeguards may vary depending on the context and sensitivity.

Helios may use administrative, technical, contractual, and physical safeguards such as access controls, least-privilege permissions, authentication measures, encryption in transit and where appropriate at rest, environment segregation, secure development and operational practices, vendor controls, logging, monitoring, confidentiality obligations, workforce training, incident response procedures, and secure retention or disposal measures.

No method of transmission over the internet, electronic storage method, or security control is completely secure. Accordingly, while Helios works to protect personal information using measures appropriate to the circumstances, Helios cannot guarantee absolute security.

9. Openness and Transparency

Helios makes information available about its privacy practices through this Policy, the Helios Privacy Policy, contextual notices, trust and safety materials, help content, and direct communications where appropriate. PIPEDA’s openness principle requires organizations to make specific information about their privacy policies and practices readily available.

Helios may provide additional explanations concerning particular features, categories of processing, or specific transactions where doing so would improve clarity, consent quality, or user understanding.

10. Access and Correction Rights

Subject to identity verification, legal limitations, and any applicable exceptions, individuals may request access to personal information Helios holds about them and may request correction of inaccurate or incomplete personal information. Under PIPEDA’s individual-access principle, individuals generally have the right to access personal information held by an organization and to challenge its accuracy and completeness.

When responding to an access or correction request, Helios may take reasonable steps to verify the identity and authority of the requester, clarify the scope of the request, protect the privacy and rights of others, and comply with applicable legal obligations. Where Helios cannot provide access in full, Helios may explain the basis for any limitation or refusal as permitted or required by law.

11. Challenging Compliance and Complaints

Individuals may contact Helios with questions, concerns, or complaints about Helios’s handling of personal information or Helios’s compliance with this Policy. PIPEDA includes a principle allowing individuals to challenge an organization’s compliance with its privacy obligations.

Helios may request additional information reasonably necessary to understand, verify, investigate, and resolve a complaint. Helios may also maintain internal complaint-handling and escalation procedures designed to support fair and consistent review.

12. Cross-Border Processing and Service Providers

Helios may store or process personal information in jurisdictions outside an individual’s home province, territory, or country, including through cloud services, support operations, infrastructure providers, or other service providers. Where Helios uses third-party processors, Helios remains accountable for personal information under its control and may implement contractual and operational safeguards appropriate to the circumstances.

As a result, personal information may be subject to the laws of the jurisdiction in which it is processed or stored, including lawful access requirements applicable in that jurisdiction.

13. Breach Response and Notification

If Helios becomes aware of a breach of security safeguards involving personal information under its control, Helios may investigate, contain, document, and remediate the incident. Under PIPEDA’s breach regime, organizations must report certain breaches of security safeguards to the Office of the Privacy Commissioner of Canada, notify affected individuals where the breach creates a real risk of significant harm, and keep records of all breaches of security safeguards.

Where applicable, Helios may assess factors such as the sensitivity of the information involved, the probability of misuse, the scope of exposure, and the likelihood of significant harm in determining whether notification or reporting obligations are triggered. Helios may also notify other organizations, institutions, insurers, vendors, or authorities where appropriate and permitted by law in order to reduce risk, support containment, or meet legal obligations.

14. Children, Minors, and Sensitive Information

Helios expects users to provide only information they are authorized to provide and to avoid submitting unnecessary sensitive personal information unless specifically required for a legitimate platform process. Where a feature, transaction, or safety process may require more sensitive information, Helios may apply additional handling, restriction, or review measures appropriate to the circumstances.

If Helios learns that personal information has been provided in a manner inconsistent with applicable law, platform rules, or authorization requirements, Helios may restrict access, remove content, request clarification, or take other appropriate operational or safety action.

15. Third-Party Services and Platform Counterparties

Helios may integrate with, rely on, or direct users to third-party services for payments, payouts, communications, infrastructure, identity verification, analytics, or other functions. Those third parties may operate under their own privacy terms and legal obligations. Where Helios acts as the platform intermediary rather than the independent controller for a third party’s practices, the third party’s own policies may also apply.

In addition, where users voluntarily interact with other users, clients, experts, vendors, associations, or partners through Helios, personal information shared in connection with those interactions may be processed by the receiving party according to its own legal obligations and policies, subject to Helios’s platform rules and any applicable agreements.

16. Updates to This Policy

Helios may update this PIPEDA Policy from time to time to reflect changes in legal requirements, platform functionality, operational practices, service-provider relationships, or risk-management measures. When Helios makes material changes, Helios may update the effective date or last-updated date above and may provide additional notice where appropriate.

17. Contact Helios

If you have questions, requests, or complaints relating to this PIPEDA Policy or Helios’s handling of personal information, you may contact Helios at:

Helios Privacy Contact
Email: [Support@helios.supplies]

If applicable law gives you the right to escalate concerns to a privacy regulator, you may also have the right to contact the Office of the Privacy Commissioner of Canada. The OPC oversees compliance with PIPEDA and provides guidance on the Act’s requirements and complaint processes.


Share an Idea or Feedback

peopl-with-lightbulb-icon-2026-01-07-23-53-47-utc copy.jpg

Help us improve Helios, uncover new opportunities, and build what matters most. Share your idea, feedback, suggestion, or recommendation.