Enterprise Grade Security
SOC2 Type II Compliant
Halp currently holds a report on compliance for the SOC2 Type II standard which includes an audit by a third-party and our philosophy and approach for information security management, risk assessment, and third-party risks. For more information and to get a copy of the report, please visit https://www.atlassian.com/trust/compliance/resources/soc2.
GDPR & CCPA Compliant
The General Data Protection Regulation (GDPR) is a comprehensive European Union privacy regulation that gives EU citizens and other individuals in the EU authority over their own personal data. The GDPR seeks to harmonize existing data protection laws across Europe and standardize data protection rules. GDPR is a major step forward in protecting privacy rights.
Data Security Features
Robust Data Encryption
All data is encrypted at rest with full disk encryption using industry standard AES-256 bit encryption. We rotate our keys annually. Our application is hosted and managed by Amazon Web Services, which complies with the strictest security standards, including ISO 27001, SOC 3, PCI DSS Level 1, and MTCS Level 3. All data in transit is sent over TLS v1.2.
Secure Authentication
When connecting to Slack, Microsoft Teams, Zendesk, and Jira, we adhere to OAuth 2.0. OAuth is the industry standard for authorizing secure access to external applications without providing them with your password. Halp does not store any passwords and you can revoke OAuth tokens at any time.
Privacy and Visibility
Access to ticket information is limited based on a user's role. End users can see tickets they create or follow, and agents can see tickets for the queues where they are a member. Queue membership is synced with your chat platform, to provide seamless user management and authorization controls without extra layers of settings.
Secure Software Development Lifecycle
Halp's Software Engineering team obsesses over security. We follow OWASP secure coding practices. Every pull request is reviewed for possible attack vectors and vulnerabilities. We evaluate every vendor to ensure that they are GDPR compliant and use industry standard security principles.
Internal Policies and Penetration Testing
Our team follows a comprehensive set of security policies that includes a strict adherence to breach disclosures, business continuity plans, and an extensive incident management policy. We background check all employees and enforce a security training program. We complete annual 3rd party penetration testing with independent contractors.
Industry Standard Vendors
Halp uses industry standard vendors when appropriate. We use Stripe to handle credit card and ACH payments. We use AWS S3 for file storage.
Have more questions?
Contact security@halp.com to request access to our SOC2 report, our most recent 3rd party audit report, or a full list of our vendors and sub-processors.