Helios Logo

Data Processing Agreement

Effective Date: March 25, 2025

This Data Processing Agreement ("DPA") supplements the Terms of Service ("Agreement") between Customer ("Customer," "you") and Arc Line and North, LLC ("Arc Line and North," "we," "our," "us"), governing Customer's use of Helios ("Service"). This DPA explicitly defines and limits responsibilities and liabilities concerning data processing activities performed by Arc Line and North on behalf of Customer.

1. Definitions

  • Data Protection Laws: GDPR, CCPA, and other applicable privacy laws.
  • Controller: Entity determining the purpose and means of processing Personal Data (typically Customer).
  • Processor: Entity processing Personal Data on behalf of Controller (Arc Line and North).
  • Personal Data: Information related to an identifiable individual.
  • Personal Data Breach: Unauthorized or accidental access, loss, alteration, or disclosure of Personal Data.

2. Roles and Responsibilities

  • Customer explicitly acts as Controller.
  • Arc Line and North explicitly acts as Processor, processing data strictly in accordance with Customer's documented instructions unless otherwise stated herein.
  • Customer explicitly ensures its data processing instructions comply with all applicable Data Protection Laws.

3. Processing of Personal Data

Arc Line and North will process Personal Data to deliver and improve the Helios Service, including but not limited to:

  • Delivering, maintaining, and enhancing Service functionality.
  • Developing, testing, and improving AI capabilities and analytics.
  • Experimenting and innovating new features or functionalities.
  • General internal business purposes, analytics, and insights generation.

4. Explicit License for Data Usage

Customer explicitly grants Arc Line and North a worldwide, royalty-free, irrevocable license to process, aggregate, anonymize, analyze, and use Personal Data in compliance with applicable Data Protection Laws, explicitly including but not limited to:

  • Service improvement and innovation.
  • AI model training, experimentation, and enhancement.
  • Generating analytics, aggregated reports, insights, and benchmarks.
  • Any lawful internal business or operational purposes typical to the industry.

5. Customer’s Explicit Responsibilities and Indemnification

Customer explicitly represents and warrants:

  • It holds the rights to collect, upload, and process all Personal Data provided to Arc Line and North.
  • Its collection, uploading, and processing of Personal Data fully comply with applicable Data Protection Laws.
  • Customer explicitly indemnifies Arc Line and North fully against all claims, liabilities, or penalties arising from Customer’s non-compliance or unlawful data processing.

6. Arc Line and North’s Explicit Obligations

Arc Line and North explicitly agrees to:

  • Comply with Customer’s documented lawful instructions regarding processing Personal Data, except as otherwise explicitly permitted under this DPA.
  • Maintain industry-standard security measures to safeguard Personal Data.
  • Notify Customer promptly of any verified Personal Data Breach involving Customer’s data.

7. Authorized Sub-processors

  • Customer explicitly provides general authorization for Arc Line and North to engage third-party sub-processors.
  • Arc Line and North explicitly commits to ensuring all sub-processors maintain appropriate data security and privacy practices.
  • Arc Line and North explicitly agrees to notify Customer of new sub-processors, allowing Customer to reasonably object within ten (10) business days.

8. International Data Transfers

  • Customer explicitly consents to Personal Data being transferred and processed in the United States or other jurisdictions as necessary for Helios’ operations.
  • Arc Line and North explicitly ensures all international transfers are subject to GDPR-compliant safeguards (including EU Standard Contractual Clauses).

9. Data Subject Rights

  • Arc Line and North explicitly agrees to reasonably assist Customer in fulfilling its obligations related to data subject requests (access, rectification, deletion, etc.) upon Customer’s request and at Customer’s expense.

10. Security Measures and Audits

  • Arc Line and North explicitly implements robust technical and organizational measures to secure Personal Data.
  • Upon request, Arc Line and North explicitly agrees to provide Customer with summaries of relevant audits or certifications (such as SOC 2 Type II reports) to demonstrate data security practices.
  • Detailed audits by Customer (or an independent auditor) are explicitly allowed annually upon reasonable notice and at Customer's expense.

11. Data Retention and Deletion

  • Arc Line and North explicitly agrees to delete or anonymize Customer Personal Data upon termination of services, except as legally required otherwise or as explicitly permitted herein for continued analytics and aggregated insights.

12. Sensitive Data and Industry-Specific Compliance

  • Customer explicitly agrees it will never upload sensitive or regulated data (e.g., PHI, financial, biometric) without obtaining prior explicit written consent from Arc Line and North.
  • Customer explicitly acknowledges sole responsibility for ensuring industry-specific regulatory compliance (e.g., HIPAA, SEC, FINRA) relevant to Customer’s operations. Arc Line and North explicitly disclaims compliance responsibility for specialized regulations unless explicitly agreed in writing.

13. Beta Features and AI-Processing Disclaimer

  • Customer explicitly acknowledges that Helios may provide beta, experimental, or AI-driven features, and explicitly accepts all related risks.
  • Customer explicitly indemnifies Arc Line and North from liabilities or claims arising from errors, inaccuracies, or adverse outcomes associated with experimental, beta, or AI-driven features.

14. Limitation of Liability

  • Arc Line and North explicitly disclaims liability for indirect, incidental, punitive, consequential, or special damages related to data processing, privacy violations, or breaches, even if advised of possibility.
  • Arc Line and North’s total cumulative liability under this DPA explicitly shall not exceed amounts Customer paid to Arc Line and North in the twelve (12) months prior to the claim.

15. Waiver of Jury Trial and Class Action

  • Customer explicitly agrees that all disputes related to data processing or privacy shall be resolved through individual binding arbitration. Customer explicitly waives all rights to jury trials and class actions.

16. General Terms and Conflicts

  • If conflicts arise, this DPA explicitly supersedes any conflicting terms in other agreements between parties.
  • Amendments to this DPA explicitly require written signatures from both parties.

17. Explicit Acknowledgement of Data Processing Risks

  • Customer explicitly acknowledges and accepts all inherent risks associated with data processing, analytics, AI, experimentation, and use of beta or innovative features provided by Helios.

18. Customer's Explicit Responsibility to Review

  • Customer explicitly agrees it bears sole responsibility for regularly reviewing this DPA to remain informed about terms, rights, and obligations.

19. Contact Information

For all DPA-related inquiries or data protection requests:

Arc Line and North, LLC
Email: support@withhelios.com
Data Protection Officer: Available upon written request via support@withhelios.com

Execution

By using Helios, Customer explicitly acknowledges reading, understanding, and fully accepting this DPA as legally binding and fully integrated into the Helios Terms of Service.