Security

Security at Helpwan

We know that when you trust us with your workforce data, you're placing your company's most valuable asset in our hands. We take that responsibility personally. Here is exactly how we keep your data safe, secure, and private.

Last updated June 19, 2026

GDPR Compliant
EU Data Residency
Encrypted at Rest & Transit
MFA Enforced
SSL Labs A+ SecurityHeaders A

How we protect your data

The controls below mirror the commitments on our public security posture: EU handling, encryption, restricted access, hardened infrastructure, operational monitoring, and application-level protection.

01

Data Residency & GDPR

Customer data is handled in the EU with GDPR-oriented controls for lawful processing, rights support, and log hygiene.

  • All data is stored and processed exclusively in the EU.
  • Fully GDPR compliant with established lawful basis for processing and robust support for data subject rights.
  • Personally Identifiable Information (PII) is encrypted at rest in our database.
  • PII is actively scrubbed from all application and system logs.
Read our Privacy Policy
02

Encryption

Data is protected in transit and at rest, with external checks for the public surface.

  • HTTPS/TLS everywhere - all data is encrypted in transit between our servers and your browser.
  • Sensitive data, including PII and user-generated content, is strongly encrypted at rest.
  • We maintain an A+ rating on SSL Labs and an A rating on SecurityHeaders.
03

Access Control & Auth

Infrastructure access is restricted, authenticated, monitored, and reviewed.

  • Multi-Factor Authentication (MFA) is strictly enforced on all infrastructure accounts.
  • We operate on a least-privilege model - team members only have access to systems necessary for their role.
  • All infrastructure access is strictly restricted, monitored, and regularly audited.
04

Infrastructure Security

Core services are maintained with automated patching, vulnerability scanning, backups, and trusted providers.

  • Servers receive automatic security updates and patches without human intervention.
  • Automated dependency vulnerability scanning runs continuously.
  • Regular, verified backups of all data to ensure high availability and disaster recovery readiness.
  • Services are distributed across highly reputable, enterprise-grade cloud providers.
05

Monitoring & Incident Response

Operational signals are monitored continuously, with alerting and response procedures ready when issues appear.

  • Comprehensive logging and real-time monitoring across our entire stack.
  • Real-time alerting mechanisms trigger immediately upon detecting anomalous activity.
  • Well-documented and tested incident response procedures are in place.
06

Application Security

Application changes and dependencies are reviewed, patched, and protected by edge security controls.

  • Dependency vulnerabilities are automatically flagged and patched in our CI/CD pipeline.
  • Protected by Cloudflare's Web Application Firewall (WAF) and enterprise DDoS mitigation.

Responsible Disclosure

We believe in the value of the security research community. If you believe you have found a security vulnerability in our platform, please let us know.

Report via security.txt