At Helpwise, security is our absolute highest priority. In the spirit of openness and transparency, here are some of the security measures we take to protect and defend the Helpwise platform.
We distinguish between data about your users and data about you, yourself. While, for example, your billing information is shared with Stripe, and your profile is accessible to us in our help desk software, any data about your messages are never shared with any external providers, and never leaves our server cluster hosted with Amazon Web Services unless explicitly requested.
Whenever your data is in transit between you (or your users) and us, everything is encrypted, and sent using HTTPS. During a user agent’s (typically a web browser) first site visit, Helpwise sends a Strict Transport Security Header (HSTS) to the user agent that ensures that all future requests should be made via HTTPS even if a link to Helpwise is specified as HTTP. Additionally, we use HSTS preload, guaranteeing that requests are never – not even the very first – made over a non-encrypted connection. Cookies are also set with a secure flag.
Any files which you upload to us are stored and are encrypted at rest. Email content is encrypted at rest. Metadata about messages, conversations, contacts, etc. (all stored in Amazon RDS) are encrypted at rest — they are active in our database. Our backups of your data are encrypted.
Helpwise is hosted on Amazon Web Services. Our database is managed by Amazon RDS, ensuring redundancy, high availability and trustworthy automated, encrypted backups. Amazon Web Services is certified for a growing number of compliance standards and controls, and undergoes several independent third party audits to test for data safety, privacy, and security. Read more about the specific certifications on the AWS compliance page.
We employ several layers to protect against abuse and DoS attacks, such as concurrency limiting (limits number of active requests) and rate limiting (limits number of requests over time). Our servers gracefully queue requests when under high load, and handles them at a safe pace.
On top of our development-related continuous testing, we also conduct periodic third-party manual penetration testing of both our application and infrastructure. You can request a copy of our latest report at email@example.com.
Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.
All credit card transactions are processed via Stripe using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.
Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Send urgent or sensitive reports directly to firstname.lastname@example.org. We’ll get back to you as soon as we can, usually within 24 hours. Please follow up if you don’t hear back. For requests that aren’t urgent or sensitive: submit a support request. Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.
Last updated: 2nd November 2021