Helios/Legal

Privacy Policy

Last Updated: May 17, 2026

Section1. Overview

This Privacy Policy explains how Helios by SAGEA handles information in connection with its identity verification infrastructure, APIs, SDKs, dashboards, and enterprise deployments ("Helios" or the "Services").

1. Overview

Helios is designed with enterprise privacy and data minimization principles in mind.

Depending on deployment configuration, Helios may operate:

  • entirely within customer-owned infrastructure
  • through private deployments managed by the customer
  • through SAGEA-managed API infrastructure

Data handling practices differ depending on deployment type.

2. On-Premises Deployments

For on-premises deployments:

  • all end-user and customer data remains within the customer's infrastructure
  • SAGEA does not collect or retain biometric data, KYC documents, identity records, or verification sessions
  • SAGEA does not maintain persistent access to customer databases or environments after deployment unless explicitly requested for support purposes

The customer acts as the data controller and is solely responsible for compliance with applicable privacy and data protection laws.

3. API and Managed Infrastructure

For customers using SAGEA-managed APIs or hosted infrastructure, Helios may temporarily process submitted data solely to provide the requested verification services.

SAGEA may collect limited operational metadata including:

  • API request timing
  • infrastructure performance metrics
  • anonymized usage statistics
  • crash logs and diagnostic traces
  • abuse prevention signals

This telemetry is used strictly for:

  • maintaining service reliability
  • debugging and incident response
  • infrastructure monitoring
  • abuse detection
  • improving platform stability

SAGEA does not:

  • sell customer or end-user data
  • use customer data for advertising
  • retain end-user verification media beyond operational processing needs
  • use customer or end-user data to train AI models without explicit written consent

4. Data Retention

For managed deployments, data retention periods depend on contractual agreements and infrastructure configuration.

By default:

  • operational telemetry may be retained for limited periods for reliability and security purposes
  • submitted verification media and customer end-user data are not persistently retained unless explicitly configured by the customer

Customers deploying Helios on-premises control their own retention policies entirely.

5. Security Measures

SAGEA implements commercially reasonable administrative, technical, and organizational safeguards designed to protect Helios infrastructure and systems.

These may include:

  • encrypted transport channels
  • role-based access controls
  • infrastructure isolation
  • audit logging
  • secure deployment practices
  • restricted internal access policies

No method of transmission or storage can be guaranteed fully secure.

6. International Processing

Depending on deployment architecture, data may be processed in infrastructure regions selected by the customer or specified in enterprise agreements.

Customers are responsible for ensuring lawful cross-border processing where applicable.

7. Customer Responsibilities

Customers are responsible for:

  • obtaining all legally required user consents
  • maintaining lawful grounds for processing
  • providing required disclosures to end users
  • configuring Helios in compliance with applicable regulations

8. Children's Privacy

Helios is not intended for use by children under the age required by applicable law unless expressly authorized within regulated institutional contexts.

9. Changes to This Policy

SAGEA may update this Privacy Policy periodically. Updated versions become effective upon publication.

10. Contact

Privacy and compliance inquiries may be directed to:

Additional information is available at the SAGEA Trust Center.