Security at Helpwan
We know that when you trust us with your workforce data, you're placing your company's most valuable asset in our hands. We take that responsibility personally. Here is exactly how we keep your data safe, secure, and private.
GDPR Compliant
EU Data Residency
Encrypted at Rest & Transit
MFA Enforced
Data Residency & GDPR
- All data is stored and processed exclusively in the EU.
- Fully GDPR compliant with established lawful basis for processing and robust support for data subject rights.
- Personally Identifiable Information (PII) is encrypted at rest in our database.
- PII is actively scrubbed from all application and system logs.
Encryption
- HTTPS/TLS everywhere — all data is encrypted in transit between our servers and your browser.
- Sensitive data, including PII and user-generated content, is strongly encrypted at rest.
- We maintain an A+ rating on SSL Labs and an A rating on SecurityHeaders.
Access Control & Auth
- Multi-Factor Authentication (MFA) is strictly enforced on all infrastructure accounts.
- We operate on a least-privilege model — team members only have access to systems necessary for their role.
- All infrastructure access is strictly restricted, monitored, and regularly audited.
Infrastructure Security
- Servers receive automatic security updates and patches without human intervention.
- Automated dependency vulnerability scanning runs continuously.
- Regular, verified backups of all data to ensure high availability and disaster recovery readiness.
- Services are distributed across highly reputable, enterprise-grade cloud providers.
Monitoring & Incident Response
- Comprehensive logging and real-time monitoring across our entire stack.
- Real-time alerting mechanisms trigger immediately upon detecting anomalous activity.
- Well-documented and tested incident response procedures are in place.
Application Security
- Dependency vulnerabilities are automatically flagged and patched in our CI/CD pipeline.
- Protected by Cloudflare's Web Application Firewall (WAF) and enterprise DDoS mitigation.
Responsible Disclosure
We believe in the value of the security research community. If you believe you have found a security vulnerability in our platform, please let us know. You can report via our security.txt
