Security

We take security seriously. Below, you’ll find some of the most frequently asked questions about how we handle security within Helio.

Security FAQ’s

  • All user data is encrypted at rest.
  • All user data is encrypted in transit.
  • Our service is hosted on AWS, to learn more about their security practices, visit: https://aws.amazon.com/security/
  • Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions
  • Firewall and VPN services to help block unauthorized system access
  • User data is stored and encrypted on a network not connected to the internet.
  • Systems access logged and tracked for auditing purposes
  • All changes to user accounts are logged for auditing
  • Regular, off-premise, multi-region, backups.
  • User data is soft-deleted to protect from user mistakes. Data is permanently deleted when the account is scheduled for deletion.
  • All software dependencies are kept up to date and are patched on a regular basis.
  • Stable system updates and security patches are applied at the hardware level when they are released.
  • All user data is served over HTTPS with TLS 1.2 and TLS 1.3.
  • Two factor authentication is available for extra security.
  • All passwords are salted and encrypted.
  • Requests to authorize users in our system are rate limited to protect from malicious traffic.
  • Tester identifying data is stored separately from their responses to preserve their anonymity.
  • We do not store credit card data. All of our payments are processed by Stripe, a company dedicated to PCI-Compliance: https://stripe.com/docs/security/stripe

Need to report a security vulnerability?

Email us at [email protected]

Build something your users truly want