RiskHelper.ai

Privacy Policy

Effective date: 31 March 2026

1. Introduction

RiskHelper.ai is operated by Risk Helper LLC. This Privacy Policy explains what personal data we collect, why we collect it, how it is used, and your rights in relation to that data.

This policy covers the web application available at app.riskhelper.ai and the marketing site at riskhelper.ai (together, “the Service”).

We are committed to being transparent about the data we handle. Because we build privacy risk assessment tools, we hold ourselves to a higher standard of data minimisation and disclosure than is strictly required by law.

2. Who This Service Is For

The Service is intended solely for users who are 18 years of age or older. It is not directed at children.

From Phase 2 onward, age is enforced via a declaration checkbox at registration. In the current phase (Phase 1), there is no account registration. By using the Service you confirm that you are at least 18 years old.

Note: our assessments discuss children’s data risk as a subject matter (for example, whether a product is accessed by children). The assessments do not collect, process, or store children’s personal data. See Section 13 (COPPA) for more detail.

3. What Data We Collect and Why

We collect three categories of data:

  • Analytics data — collected automatically when you visit the Service, subject to your consent. See Section 4.
  • Contact form data — collected only if you voluntarily submit the contact form. See Section 5.
  • Mailing list consent — recorded only if you opt in to product updates via the contact form. See Section 6.

Assessment answers you enter during a session are processed server-side to generate your results and are never stored, logged, or retained after your session ends. They are not personal data in the ordinary sense — they describe your organisation, not you personally.

4. Analytics — Umami Cloud

We use Umami Cloud (umami.is) for website analytics on both app.riskhelper.ai and riskhelper.ai.

What Umami Cloud collects

Umami Cloud collects: page views, custom events (such as assessment started or assessment completed), referrer URL, browser type, device type, and country.

Umami Cloud does not store IP addresses. Umami Cloud does not use cookies for tracking. This makes it a privacy-preserving analytics solution by design.

Consent gate

On app.riskhelper.ai, the Umami analytics script is loaded only after you accept the cookie consent banner. Your consent preference is stored in a first-party cookie named rh_consent. No analytics data is collected if you decline or have not yet responded to the banner.

On riskhelper.ai, Umami’s cookieless tracking operates without a consent gate as no cookies or personal data are collected.

Legal basis

Legitimate interests (privacy-preserving, cookieless analytics that do not store IP addresses), with the consent gate applied as an additional control on app.riskhelper.ai.

Phase 2 migration

After our Supabase infrastructure is running in Phase 2, analytics will migrate to a self-hosted instance of Umami, eliminating the Umami Cloud third-party processor relationship entirely. This policy will be updated at that time, and the connect-src Content Security Policy directive will be updated to reflect the new endpoint.

5. Contact Form

If you submit the contact form at app.riskhelper.ai/contact, we collect your name, email address, organisation (optional), reason for contact, and message.

What we collect

  • Name
  • Email address
  • Organisation (optional)
  • Reason for contact
  • Message

How we use it

Your details are used solely to respond to your enquiry. Contact form submissions are transmitted to contact@riskhelper.ai via our transactional email processor (Resend). They are not shared with third parties for their own purposes.

Legal basis

Legitimate interests — responding to an enquiry you have initiated.

6. Mailing List — Product Updates

When you submit the contact form, you have the option to opt in to occasional product updates about Risk Helper tools and features.

What we collect

If you opt in, we record your email address, the time of your consent, and the source (contact form). This record is stored in our database (Upstash, US).

How we use it

Your email will be used to send occasional product updates about Risk Helper. We will not use it for unrelated marketing or share it with third parties for their own purposes.

Unsubscribing

You can unsubscribe at any time by contacting us at support@riskhelper.ai. We will remove your email from the mailing list promptly.

Legal basis

Consent — the opt-in checkbox on the contact form is unchecked by default and requires a deliberate action to select.

7. Legal Basis for Processing (GDPR)

Processing ActivityLegal Basis
Umami Cloud AnalyticsLegitimate Interests
Contact Form — Enquiry ResponseLegitimate Interests
Contact Form — Mailing List Opt-inConsent

8. Data Residency

Assessment answers are processed server-side on Vercel (US regions) and are not stored after the session.

Contact form data is processed via Resend (US). Mailing list consent records are stored in Upstash (US).

Umami Cloud stores analytics data on its own infrastructure. Please refer to Umami’s privacy policy for their specific residency details.

9. Data Retention

  • Assessment Answers: Not retained. Discarded immediately after processing.
  • Contact Form Submissions: Retained only as long as needed to respond to your enquiry.
  • Mailing List Consent Records: Retained until you unsubscribe or request deletion.
  • Analytics Data: Anonymized data held according to Umami Cloud’s retention policy.

10. Your Rights (GDPR)

If you are located in the UK or European Economic Area, you have the following rights under the UK GDPR and EU GDPR respectively:

  • Access — request a copy of the personal data we hold about you.
  • Erasure — request deletion of your personal data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Correction — request that inaccurate data be corrected.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Withdraw consent — where processing is based on consent (mailing list), you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@riskhelper.ai. We will respond within 30 days.

11. CCPA — California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you specific rights:

  • The right to know what personal information is collected about you.
  • The right to delete personal information we hold about you.
  • The right to opt out of the sale or sharing of your personal information.
  • The right to non-discrimination for exercising your privacy rights.

We do not sell or share your personal information. We do not sell personal data to third parties, and we do not share it with third parties for cross-context behavioural advertising purposes.

Do Not Sell or Share My Personal Information: Because we do not sell or share personal information, no opt-out mechanism is required. If this changes in the future, we will update this policy and provide an opt-out mechanism before the change takes effect.

To submit a CCPA request, contact us at support@riskhelper.ai. We will respond within 45 days (with one 45-day extension where reasonably necessary).

12. PIPEDA — Canadian Users

If you are accessing the Service from Canada, your personal data is handled in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

You have the right to access your personal information and to challenge its accuracy. You may also request information about how your personal information has been used or disclosed.

Our designated privacy contact for Canadian requests is: support@riskhelper.ai. We will respond within 30 days.

13. COPPA

The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. Our platform is restricted to users 18 and older.

Some of our assessments discuss children’s data risk as a subject matter — for example, evaluating whether a product or service is accessed by children. However, the assessments themselves do not collect, process, or store children’s personal data.

If we discover that we have inadvertently collected personal information from a child under 13, we will delete it immediately. If you believe we may have collected such information, please contact us at support@riskhelper.ai.

14. Policy Updates

We will update this policy when our data processing activities change — for example, when new features or processing activities are introduced in future phases. We will always update the effective date at the top of this page when changes are made.

For material changes — changes that significantly affect your rights or the data we process — we will notify registered users by email before the change takes effect (Phase 2 onwards, when account registration is available). In Phase 1, we will post changes to this page. We recommend checking this page periodically.

Continued use of the Service after a policy update constitutes acceptance of the updated terms.

15. Contact Us

For any privacy-related questions, requests, or concerns — including requests to exercise your rights under Section 10, CCPA requests under Section 11, or PIPEDA requests under Section 12 — please contact us at:

support@riskhelper.ai

Risk Helper LLC

We aim to respond to all privacy enquiries within 30 days. If your request is complex or you have submitted multiple requests, we may extend this period by up to an additional 30 days and will notify you of the extension.