Data Privacy Framework

Helix3 Labs Privacy Policy EU-U.S. Data Privacy Framework Privacy (and UK Extension) and Swiss – U.S. Data Privacy Framework

Last updated June 6, 2024

Helix3 Labs is a Data Processor

Helix3 Labs (doing business as Gleen or Gleen AI, and hereby referred to as “Gleen”) is a generative AI platform and a data processor. As a data processor, Gleen ingests knowledge on behalf of its business customers, receives questions from its customers end users, and responds to those questions. In this capacity, Gleen acts on the instructions of its business customers and does not own or have independent rights to or control of the personal data it receives and/or processes on their behalf. For such data processing, Gleen enters into agreements with its business customers in the EU, the UK and Switzerland, specifying that the business customer recognizes that it is a data controller or another data processor under data protection laws and is in compliance with all relevant and applicable data protection laws.

Gleen Adheres to Data Privacy Framework Principles

Gleen participates in the Data Privacy Framework (DPF) as set forth by the US Department of Commerce regarding the collection, use and retention of personal data from European Economic Area (“EEA”) member countries, including the European Union (EU), the United Kingdom (and Gibraltar) (“UK”) and Switzerland.

Specifically, Gleen has certified that it adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) with respect to all personal data submitted by its business customers in reliance on the DPF.

As such, Gleen is committed to the DPF Principles of: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability, as well as sixteen supplemental principles (as applicable) that explain and augment those seven privacy principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit

Data Privacy Framework Principles

Notice and Choice

If you are a prospective Gleen customer and communicate with Gleen, we may collect personally identifiable information from you and about you, including the email addresses of those who communicate with us via email, information volunteered by you, such as survey information and/or site registrations, name and business address, business telephone number, and potentially a business fax number. We also may collect information about your company’s interests in and use of our various programs and services. Gleen does not collect any sensitive personal information. By providing any personal information to us by these means, you will fully understand and will clearly consent at the time of collection to the transfer of such personal information to, and the collection and processing of such information in, other countries or territories. Any such transfer and processing by us will be in accordance with our Privacy Policy and the DPF Principles.

We may also use information we collect on our website to personalize the content, improve the content of our web page, and/or to provide you with product or service offers. We use “cookies” to operate the website (“essential cookies”) and other cookies to help us evaluate how our visitors use and navigate our website on an aggregate basis, including the number and frequency of visitors to each web page and the length of their visits. You may indicate your consent to nonessential cookies by clicking on our Cookie Notification during your first visit to this website and agree to each use of such information.

A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.

We also use third party analytics providers to collect information about your use of certain products and services, like Google Analytics. Google uses cookies to collect information about the products and services usage and to report website trends to us, without identifying individual end-users or visitors to Gleen.

EU, UK and Swiss individuals have rights to access personal data about them and to limit use and disclosure of their personal data. With our DPF certification, Gleen has committed to respect those rights. If you would like to request that we not continue to use information we collect about you for the marketing purposes described herein, please contact us at

You also have the ability to change your mind and accept or decline cookies at any time by modifying the settings in your browser, or by returning to the Cookie Notification on our website.

Where personal information is collected by Gleen through means other than this website, the notice will be provided in clear and conspicuous language when you are first asked to provide such information. To the extent that Gleen acts solely as a data processor when processing personal data on behalf of its business customers (EU, UK or Swiss data controllers), Gleen acts only on the instructions of such controllers and does not control or share such personal data without direction from the relevant data controller. In those instances, and to the extent provided for by applicable law, Gleen may rely on its data controllers to satisfy the notice and consent principles under relevant and applicable data protection law, and will only act on the instructions of that controller.

Accountability for Onward Transfers – Third Parties Who May Receive Personal Data

Gleen uses a limited number of third party service providers to assist us in providing services to our customers such as, helping with certain technical operations, transmission of data, and data storage services. These third parties may process or store personal data in the course of providing their services. Gleen maintains contracts with these third parties restricting their access, use, and disclosure of personal data in compliance with our DPF obligations. To the extent provided by the DPF principles, Gleen remains responsible and liable under the DPF if a third party that Gleen engages to process personal information on its behalf does so in a manner inconsistent with the DPF Principles, unless Gleen proves it is not responsible for the matter giving rise to the damage.

Security, Data Integrity and Purpose Limitation

Gleen handles EU, UK and Swiss citizens’ personal data with appropriate care and safeguards. Gleen has security measures in place to help protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

In addition, any data processing will be carried out with reasonable and appropriate security measures specified in the processing agreement between Gleen and its customers. Gleen will not disclose to third parties the personal data processed, except as permitted or required by the agreement between Gleen and the third party, the EU DPF (and UK Extension), or Swiss DPF, or other applicable data protection law.

Gleen may be required to disclose personal information collected on its website site or processed for Gleen business purposes in response to legal process, for example, in response to a court order or a subpoena. We also may disclose such information in response to a law enforcement or other government agency’s request, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, to comply with legal requirements, or as otherwise required by or law.

In addition, we may share information in the event of a bankruptcy, or a merger, acquisition, joint venture, or other business combination involving us.

Recourse and Enforcement

The U.S. Federal Trade Commission has jurisdiction over Gleen’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Gleen makes a specific commitment to remedy any problems that may arise from an alleged failure of compliance with the above principals and to resolve complaints about our collection of or use of your personal information. EU, UK and/or Swiss individuals with inquiries or complaints regarding Gleen compliance with the EU – U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles or this policy should first contact our company by mail, e-mail, or telephone at:

Helix3 Labs, Inc.
Attention: Legal
4900 Hopyard Road, Suite 100
Pleasanton, CA 94588

In addition, we may share information in the event of a bankruptcy, or a merger, acquisition, joint venture, or other business combination involving us.

Gleen will respond within 45 days. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed such complaint to your satisfaction, you may contact JAMS, an independent third-party dispute resolution body based in the United States. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Gleen commits to refer to JAMS any unresolved complaints concerning our handling of personal data received in reliance on the DPF. You may visit for more information or to file a complaint. JAMS has committed to provide recourse services at no cost to you. If neither Gleen nor our dispute resolution provider resolves your complaint, you may have the possibility, under certain conditions, to invoke binding arbitration through the Data Privacy Framework Panel.