Privacy Policy

What we collect, what we don’t, and why it matters.

Last updated: April 2026

Sections
Our philosophy This website Helix Meridian Sable Contact data Third-party services Retention & deletion Changes

Our philosophy on privacy

Halzer Group's approach to data collection is minimal by design, not by policy. Before we build any feature that could collect user data, we ask whether the product would be meaningfully better if it did. In most cases, the answer is no - and we do not collect the data. This is not a philosophical position about data in the abstract. It is a practical observation that the products we build are better when users can trust them completely, and that trust requires that users know their data is not leaving their device.

The short version: Helix, Sable, and Meridian (when used in local mode) process your data on your device. None of your professional documents, health data, or personal writing is transmitted to Halzer Group's servers. We do not sell data. We do not use data for advertising. We do not build profiles.

Where server-side processing is necessary - as with Meridian's web application, where drawing sets must be transmitted for processing - we describe those practices specifically and apply appropriate technical safeguards.

This website (halzergroup.com)

The halzergroup.com website does not use tracking cookies. It does not use analytics scripts. It does not use advertising pixels. It does not fingerprint your browser or device. It does not log IP addresses associated with individual visits.

We receive standard server access logs that record the pages requested, the time of the request, and the referring URL. These logs are used for infrastructure monitoring and security purposes. They are not linked to individual identities and are retained for a maximum of 30 days before deletion.

Google Fonts is loaded from Google's CDN. When your browser loads halzergroup.com, it makes a request to Google's servers to retrieve the Cormorant Garamond and DM Sans font files. Google may log this request as part of its standard CDN operations. This is the only third-party server contact made when loading this website. We cannot control Google's data practices for CDN requests, but this contact is limited to font file delivery and does not include any identifiable information about your visit to our pages.

Helix

All health data processing in Helix happens on your device. This is not a setting or a toggle - it is the architecture.

  • HealthKit data is accessed through Apple's authorized HealthKit APIs. It is read from your device's HealthKit store, processed by Helix's local biomarker model on your device, and never transmitted to Halzer Group or any third party.
  • Lab results you import into Helix are processed locally by Helix's PDF parsing pipeline. The extracted values are stored in Helix's local database on your device. The original PDFs and the extracted data are never transmitted.
  • Apple Watch and wearable data is synthesized on-device through HealthKit's background delivery mechanism.
  • The biomarker model that analyzes your data runs on the Neural Engine of your iPhone. Model parameters (which define how the model analyzes data) may be updated when you update the app. Your personal data is never used to update a shared model.

Helix does not require an account. There is no login. There is no server-side component that processes your health data. Your health data is never uploaded, synchronized, or backed up by Helix to any external service. If you use iCloud backup, your device's iCloud backup may include the Helix app database - this is governed by Apple's iCloud privacy policy, not Halzer Group's.

Helix collects no data from your device that could identify you, and transmits no data from your device to any server.

Meridian

Meridian is available as a macOS application and as a web application. The data practices differ between these contexts.

Meridian for macOS processes drawing sets locally whenever possible. Document parsing - the process of building a semantic model from a drawing set - runs on the Mac. Code cross-referencing is performed against a local code database that is updated with each app update. In standard local mode, drawing sets are not transmitted to Halzer Group's servers.

Meridian for Web requires drawing sets to be uploaded to Halzer Group's servers for processing, as the computation is performed server-side and results are returned to the browser. Drawing sets uploaded to Meridian's web application are:

  • Transmitted over HTTPS with TLS 1.3 encryption.
  • Processed on servers in the United States.
  • Retained for the duration of the active review session plus 30 days, after which they are permanently deleted from our servers.
  • Not accessed by Halzer Group employees except for technical support requests explicitly initiated by the account holder.
  • Not used to train models or improve products without explicit opt-in consent.

Meridian accounts (required for the web application) collect: email address, organization name, and usage metadata (number of reviews run, project types). This data is used to operate and improve Meridian and is not shared with or sold to third parties.

Sable

Sable's corpus indexing and voice modeling happen locally on your Mac. This is the core architectural requirement that makes Sable's privacy model possible.

  • Your documents - drafts, briefs, research, and any files you add to your Sable library - are indexed by Sable on your Mac using on-device ML models. The index and the voice model derived from your writing are stored in Sable's local application data on your Mac. They are never uploaded to Halzer Group's servers.
  • The voice model Sable builds from your writing is stored locally and is specific to your device and your Apple ID. It does not contribute to a shared model. It is not accessible to Halzer Group.
  • Co-authoring suggestions generated by Sable are produced on your device. Sable does not send your documents or prompts to external AI APIs.

Your documents are not uploaded. Your voice model is not transmitted. Nothing in your Sable library leaves your Mac.

Sable does not require an account. Crash reports and anonymous usage statistics (feature interactions, session lengths) may be collected if you opt in during installation. This data does not include document content, excerpts, or any information about the contents of your library. You can opt out of crash reporting and usage statistics at any time in Sable's preferences.

Contact data

When you contact Halzer Group by email at contactus@halzergroup.com, we retain the email and any information you provide in it for as long as necessary to respond and to maintain a record of the communication. Contact data is not shared with third parties and is not used for marketing.

We do not operate a mailing list or newsletter. We do not add contacts to any marketing lists.

Third-party services

Halzer Group uses a small number of third-party services in operating its products and website:

  • Google Fonts CDN - used to serve web fonts on halzergroup.com. Subject to Google's privacy policy.
  • Apple HealthKit - Helix accesses HealthKit through Apple's authorized APIs. Subject to Apple's privacy policy.
  • Apple App Store - Distribution platform for Helix, Sable, and Meridian for macOS. Subject to Apple's privacy policy.
  • Infrastructure and hosting providers - Halzer Group's servers and web hosting are operated through infrastructure providers. These providers may process IP addresses and server access logs as part of providing infrastructure services.

We do not use advertising networks. We do not use data brokers. We do not use analytics platforms that track individual users across websites.

Retention and deletion

For on-device applications (Helix in standard mode, Sable), all data is stored on your device and is under your control. Deleting the application removes all application data from your device. Halzer Group holds no server-side copy of your data.

For Meridian web application users, drawing sets are retained for a maximum of 30 days after the last active review session, then permanently deleted. Account data (email address and organization name) is retained for the duration of the account. To request deletion of your Meridian account and all associated data, email contactus@halzergroup.com with the subject line "Account Deletion Request." Deletion is completed within 14 business days.

Server access logs from halzergroup.com are deleted after 30 days.

Email correspondence is retained until no longer necessary for business or legal purposes. To request deletion of personal data held in correspondence, contact us at the email above.

Changes to this policy

If we make material changes to this privacy policy, we will update the "Last updated" date at the top of this page. We will not change our core practices - on-device processing for Helix, Sable, and Meridian macOS; no tracking on this website - without clear notice to users.

Questions about this policy or data practices: contactus@halzergroup.com

Halzer Group LLC - Washington, D.C.