Privacy Policy

1. Introduction

This privacy policy explains how Hephaestus Ventures Ltd ("we", "us", "our"), trading as Helios Cap, collects, uses, stores and protects your personal data when you visit helioscap.co.uk (the "Website") and interact with our services.

Hephaestus Ventures Ltd is registered in England and Wales (Company No. 16933457) with its registered office in Cambridgeshire, United Kingdom. We are the data controller for the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

We are committed to protecting your privacy and handling your data in an open, transparent manner. Please read this policy carefully to understand how we look after your personal data.

2. What Data We Collect

We collect and process the following categories of personal data:

2.1 Information you provide directly

• Name — your first name or full name, submitted via our waitlist form.
• Email address — submitted via our waitlist form so we can contact you about the Helios 320 Laser Helmet.

2.2 Information collected automatically

• Usage and analytics data — we use PostHog to collect anonymised usage data such as pages visited, referral source, browser type, device type, approximate geographic location (country/region level), and interaction events. This data helps us understand how visitors use the Website and improve the experience.

We do not collect any special category data (e.g. health data, racial or ethnic origin, political opinions) through the Website.

3. Why We Collect Your Data

We use your personal data for the following purposes:

• Waitlist management — to register your interest in the Helios 320 Laser Helmet and notify you when pre-orders open or when we have important product updates.
• Communication — to respond to enquiries you send us and to provide information you have requested.
• Website improvement — to analyse how visitors use the Website so we can optimise its design, content and performance.
• Legal obligations — to comply with applicable laws, regulations and legal processes.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following lawful bases for processing your personal data:

• Consent (Article 6(1)(a)) — when you voluntarily submit your name and email address through our waitlist form, you consent to us processing that data for the purposes described above. You may withdraw your consent at any time by contacting us at [email protected].
• Legitimate interests (Article 6(1)(f)) — we have a legitimate interest in collecting anonymised analytics data to understand Website usage and improve our services. We have assessed that this processing does not override your rights and freedoms.
• Legal obligation (Article 6(1)(c)) — where we are required to process your data to comply with a legal obligation.

5. How We Store Your Data

Waitlist data (name and email address) is stored server-side in a secure file on our hosting infrastructure. We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction.

These measures include, but are not limited to:

• Restricting access to personal data to authorised personnel only.
• Using encrypted connections (HTTPS/TLS) for all data in transit.
• Regularly reviewing our data handling and storage practices.

6. Third-Party Services

We share personal data only with the following categories of third-party service providers, and only to the extent necessary:

• PostHog— for website analytics. PostHog processes anonymised usage data on our behalf. You can review PostHog's privacy policy at posthog.com/privacy.
• Hosting provider — our Website is hosted on infrastructure that may process your data as part of delivering the service.

We do not sell, rent or trade your personal data to any third party. If we introduce additional third-party services (such as a payment processor for pre-orders), we will update this policy accordingly before any data is shared.

7. Cookies

We do not use advertising or marketing cookies. The only cookies set on the Website are those used by PostHog for analytics purposes. These cookies help us understand how visitors interact with the Website and do not identify you personally.

You can control or delete cookies through your browser settings. Please note that disabling cookies may affect the functionality of certain parts of the Website.

8. International Data Transfers

Some of our third-party service providers may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office (ICO) or an adequacy decision, to protect your data in accordance with the UK GDPR.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected:

• Waitlist data — retained until you request removal, withdraw your consent, or we determine it is no longer needed (for example, after the product has launched and the waitlist is no longer active). We will periodically review retained data and delete it when there is no longer a legitimate reason to keep it.
• Analytics data— retained in accordance with PostHog's data retention policies. This data is anonymised and cannot be used to identify you.

10. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access — you have the right to request a copy of the personal data we hold about you.
• Right to rectification — you have the right to request that we correct any inaccurate or incomplete personal data.
• Right to erasure — you have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it.
• Right to restrict processing — you have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability — you have the right to request that we transfer your personal data to another organisation, or directly to you, in a structured, commonly used and machine-readable format.
• Right to object — you have the right to object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.

11. Children's Privacy

Our Website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will take steps to delete it.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, services or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Where changes are significant, we will make reasonable efforts to notify you (for example, via email if you are on our waitlist).

13. Contact Us

If you have any questions about this privacy policy or our data handling practices, please contact us: