Helira Energy

Privacy policy

Last updated: 7 July 2026

This policy explains how Helira Energy Private Limited (“Helira”, “we”, “us”) collects, uses, shares, retains and protects your personal data when you use the Helira customer application for residential rooftop solar in Bengaluru. It is written to comply with India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the Consumer Protection Act, 2019. For the purposes of the DPDP Act, Helira is the Data Fiduciary and you are the Data Principal.

1. Who we are

Helira Energy Private Limited is a brand and technology company for residential rooftop solar. Installation is carried out by a Helira-certified System Integrator; the warranty and post-installation accountability stay with Helira. Our registered office is:

No. 31, 11th A Cross, 6th Main, JP Nagar III Phase, Bangalore South, Karnataka — 560078

You can reach us at compliance@helira.in.

2. What personal data we collect, and why

We collect only what we need at each step of your solar journey. The table below sets out the data, the purpose, and the lawful basis under the DPDP Act.

Journey stepData we collectPurposeLawful basis
Register and sign inMobile number, and (if you choose Google or email sign-in) your name and email address. A confirmation that you are 18 years or older.To create and secure your account and send one-time codes on WhatsApp.Your consent
Roof mappingInstallation address, geolocation of your building, and a satellite image of your roof.To detect your roof outline and estimate the system that fits.Consent / performance of the quote you requested
Electricity billYour DISCOM bill image and the details on it — consumer/RR number, units consumed, tariff, sanctioned load, name and service address.To size your system and pre-fill BESCOM net-metering paperwork.Consent
Roof / shading photosPhotographs you upload of your rooftop and surroundings.To assess shading and refine the recommendation.Consent
Booking and paymentBooking amount, payment identifiers, and payment status.To take your 2.5% booking advance and record your order.Performance of contract / legal obligation
KYCAadhaar number, PAN, and a property/address document; the last 4 digits of Aadhaar are shown to you, the rest is encrypted.Identity and ownership verification required for net-metering, your lender and the PM Surya Ghar subsidy.Consent / legal obligation
Subsidy and financingPM Surya Ghar details, bank account (encrypted), a cancelled cheque, and your financing preference.To file your subsidy application and coordinate financing.Consent

Special protection for identity documents. Your full Aadhaar number, PAN, and bank account number are encrypted at rest using AES-256-GCM and are never sent to any artificial-intelligence service. Only your electricity bill and roof / shading photos are analysed by our AI service (see below) — and only after you agree.

3. Who processes your data on our behalf

We use a small set of carefully chosen service providers (Data Processors under the DPDP Act) to run the app. We share only the data each one needs, and each is bound by data-processing terms. Your identity documents (Aadhaar, PAN, bank details) are never sent to any AI provider.

  • Anthropic (Claude AI) — analyses your electricity bill and roof / shading photos to prepare your quote. Never receives Aadhaar, PAN or bank details.
  • Google Maps / Places — address autocomplete, geocoding and satellite imagery for roof mapping.
  • Razorpay — processes your booking payment.
  • Resend — sends transactional email (for example, your sign-in link).
  • Authkey / WhatsApp (Datagen Internet Services Pvt Ltd) — delivers your one-time sign-in codes on WhatsApp.
  • MSG91 — SMS fallback for one-time codes.
  • Cloudflare R2 — encrypted object storage for documents and images.
  • Vercel — hosts and serves the application.
  • Neon — our managed PostgreSQL database (hosted in the AWS Singapore region).
  • UIDAI — the Government of India authority that verifies Aadhaar-based e-KYC where you use it.

We also share your data with government counterparties where it is part of the service you asked for — BESCOM for net-metering and the PM Surya Ghar portal for your subsidy — and with the lender you choose. We do not sell your personal data, and we do not use advertising or tracking cookies.

4. How long we keep your data (retention)

We keep personal data only for as long as the purpose requires, unless the law requires us to keep it longer (DPDP Act § 8(7)). Our targets are:

  • Electricity bills, roof and shading images — up to 36 months after your last activity with us.
  • KYC documents (Aadhaar, PAN, property proof) — up to 60 months (5 years) after our relationship ends, to meet lender and subsidy audit obligations.
  • Booking, payment, invoice and audit records — 8 years, because the Companies Act, 2013 and income-tax law require us to keep books of account and transaction records for that period.

Erasure and statutory retention. When you ask us to delete your account, we anonymise your personal data — your name, email, phone, Aadhaar and PAN are removed from your record — and we purge your uploaded documents and images. We retain the underlying booking, payment, invoice and audit records (with your identity removed) because we are legally obliged to keep them under the Companies Act, 2013 and income-tax law. We cannot delete your account while a booking is in progress — please cancel the booking first.

5. Your rights

Under the DPDP Act, you have the right to:

  • Access a summary of the personal data we hold about you and how we process it;
  • Correct, complete or update your personal data;
  • Erase your personal data, subject to the statutory retention described above — you can do this yourself under “Delete my account & data” on your account page;
  • Withdraw consent at any time (this does not affect processing already carried out on the basis of your earlier consent);
  • Nominate another individual to exercise your rights in the event of death or incapacity;
  • Grievance redressal — raise any concern with our Grievance Officer (below) before approaching the Data Protection Board.

6. Grievance Officer

If you have any question or complaint about how we handle your personal data, please contact our Grievance Officer:

Sadananda V Nayak, Grievance Officer
Helira Energy Private Limited
No. 31, 11th A Cross, 6th Main, JP Nagar III Phase, Bangalore South, Karnataka — 560078
compliance@helira.in

We will acknowledge and respond to your request within 30 days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India established under the DPDP Act.

7. Security

We protect your data with encryption at rest for sensitive documents and identity numbers (AES-256-GCM), encrypted transport (HTTPS), least-privilege access, and audit logging of authentication events. No system is perfectly secure, but we take reasonable security safeguards appropriate to the sensitivity of the data.

8. Children

The Helira app is for adult, owner-occupier customers only. We ask you to confirm that you are 18 years or older when you register, and we do not knowingly process the personal data of anyone under 18.

9. Changes to this policy

We may update this policy from time to time. We will change the “Last updated” date above and, where the change is significant, tell you in the app.