Security & Privacy

Your research,protected

Security is foundational to everything we build. Learn about our security practices, compliance certifications, and how we protect your research data.

End-to-End Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Even we can't read your research data.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with 99.99% uptime SLA and geographic redundancy.

Two-Factor Authentication

Add an extra layer of security with TOTP-based 2FA. Supports all major authenticator apps.

SSO & SAML

Enterprise plans support Single Sign-On with SAML 2.0 for seamless integration with your identity provider.

Version History

Every change is logged. Recover accidentally deleted files and review who made what changes.

Access Logging

Comprehensive audit logs track all access to sensitive data and administrative actions.

Compliance & Certifications

We maintain industry-standard certifications to ensure your data meets regulatory requirements:

GDPR

Compliant

Full compliance with EU General Data Protection Regulation

HIPAA

Available

Healthcare data protection standards (Enterprise plans)

SOC 2 Type II

Certified

Independent security audit certification

ISO 27001

In Progress

Information security management system

Privacy Commitment

Your privacy is not just a policy—it's a core product principle:

Your Data, Your Control

Export all your data at any time in standard formats. Delete your account and all associated data permanently.

No Data Selling

We never sell, share, or monetize your research data. Your work belongs to you.

Minimal Data Collection

We only collect data necessary to provide our service. No tracking for advertising purposes.

Transparent Processing

Clear documentation of how we process data. No hidden algorithms or undisclosed uses.

Security Tips for Your Account

Use a strong, unique password (12+ characters with mixed case, numbers, symbols)
Enable two-factor authentication for your account
Review team member access regularly and remove inactive users
Use project-level permissions to limit access to sensitive research
Check activity logs periodically for unusual access patterns
Keep your browser and authenticator app updated

Frequently Asked Questions

Where is my data stored?

Data is stored in secure data centers in the United States and European Union. Enterprise customers can select their preferred region to meet data residency requirements.

Who can access my research data?

Only you and team members you explicitly invite can access your data. Our staff cannot access your content without your explicit permission for support purposes.

How do I enable two-factor authentication?

Go to Settings > Security > Two-Factor Authentication and click Enable. Scan the QR code with your authenticator app (Google Authenticator, Authy, etc.) and enter the verification code.

What happens to my data if I cancel my subscription?

You have 30 days after cancellation to export your data. After this grace period, data is permanently deleted from our servers and backups.

Do you have a bug bounty program?

Yes! We run a responsible disclosure program. Security researchers can report vulnerabilities to security@helse.io for potential rewards.

Can I request a security assessment?

Enterprise customers can request detailed security documentation, penetration test results, and custom security reviews. Contact our sales team.

Questions about security?

Contact our security team for detailed information or custom requirements.