Security

Encryption

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Database connections are encrypted end-to-end. Sensitive fields like API keys and payment tokens receive an additional layer of application-level encryption.

Infrastructure

• Hosted on SOC 2 Type II compliant cloud infrastructure
• Automated daily backups with point-in-time recovery
• Multi-region redundancy for high availability
• DDoS protection and Web Application Firewall (WAF)
• 99.9% uptime SLA for Pro and Team plans

Access Control

Row-level security ensures your data is completely isolated from other users at the database level. Team accounts support role-based access control (RBAC) with admin, member, and viewer roles. All authentication tokens are short-lived and automatically rotated.

Authentication

• Secure password hashing with bcrypt (cost factor 12)
• Two-factor authentication (2FA) available for all accounts
• OAuth 2.0 support for Google and GitHub sign-in
• Session management with automatic expiration
• Brute-force protection with rate limiting and account lockout

Compliance

• GDPR compliant — full data export and deletion rights
• CCPA compliant — California consumer privacy rights
• SOC 2 Type II certification (in progress)
• Regular third-party security audits and penetration testing

Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly to security@helmbill.app. We take all reports seriously and will respond within 24 hours. We do not pursue legal action against researchers who report vulnerabilities in good faith.

Questions

For security-related questions, contact security@helmbill.app.