Security & Privacy

Last updated: 7/10/2025

Overview

At Helse Research, we prioritize the security of your data and intellectual property. While we're trusted by numerous organizations globally, we maintain transparency about our ongoing security evolution. We recommend careful evaluation of our security measures for your specific needs.

Infrastructure Security

Our infrastructure is built on enterprise-grade cloud providers with comprehensive security measures. We implement multiple layers of security controls:

  • End-to-end encryption for data in transit and at rest
  • Regular security audits and penetration testing
  • Continuous security monitoring and threat detection
  • Automated security patches and updates
  • Geographic data residency controls

Data Processing

Services with Data Access

OpenAI Integration

We utilize OpenAI's models with a zero data retention agreement. All interactions are encrypted and processed in compliance with our privacy standards.

Google Cloud's Vertex API

Gemini models are accessed through Google Cloud's secure infrastructure, with strict data handling protocols.

Supabase Backend

Document data is stored in our Supabase infrastructure with enterprise-grade security measures. View their privacy policy.

Ancillary Services

  • Stripe - Handles payment processing with PCI compliance
  • Vercel - Hosts our web infrastructure without data access

Access Controls

Internal Controls

  • Principle of least privilege access
  • Mandatory multi-factor authentication
  • Regular access reviews and audits
  • Network-level security controls
  • Secure secret management

User Account Security

  • Strong password requirements
  • Optional two-factor authentication
  • Session management and automatic timeouts
  • Login attempt monitoring and protection

Compliance & Certifications

We maintain compliance with industry standards and regularly undergo third-party security assessments. Our security program includes:

  • Annual penetration testing
  • Regular vulnerability assessments
  • Compliance with GDPR and CCPA requirements
  • Industry standard security frameworks

Account Security

Data Retention & Deletion

You maintain full control over your account data. Account deletion can be initiated through Settings → Advanced → Delete Account. Upon deletion:

  • All associated data is immediately marked for deletion
  • Complete removal is guaranteed within 30 days
  • Backup retention follows strict security protocols

We do not use customer data for AI model training or any purposes beyond providing our service.

Security Reporting

We take security concerns seriously and encourage responsible disclosure:

  • Submit vulnerabilities through our GitHub Security page
  • Contact us at security@helseresearch.com
  • 15-business-day response commitment
  • Public security advisories for transparency
  • Critical incident notifications via email