Security & Privacy
Last updated: 7/10/2025
Overview
At Helse Research, we prioritize the security of your data and intellectual property. While we're trusted by numerous organizations globally, we maintain transparency about our ongoing security evolution. We recommend careful evaluation of our security measures for your specific needs.
Infrastructure Security
Our infrastructure is built on enterprise-grade cloud providers with comprehensive security measures. We implement multiple layers of security controls:
- End-to-end encryption for data in transit and at rest
- Regular security audits and penetration testing
- Continuous security monitoring and threat detection
- Automated security patches and updates
- Geographic data residency controls
Data Processing
Services with Data Access
OpenAI Integration
We utilize OpenAI's models with a zero data retention agreement. All interactions are encrypted and processed in compliance with our privacy standards.
Google Cloud's Vertex API
Gemini models are accessed through Google Cloud's secure infrastructure, with strict data handling protocols.
Supabase Backend
Document data is stored in our Supabase infrastructure with enterprise-grade security measures. View their privacy policy.
Ancillary Services
- Stripe - Handles payment processing with PCI compliance
- Vercel - Hosts our web infrastructure without data access
Access Controls
Internal Controls
- Principle of least privilege access
- Mandatory multi-factor authentication
- Regular access reviews and audits
- Network-level security controls
- Secure secret management
User Account Security
- Strong password requirements
- Optional two-factor authentication
- Session management and automatic timeouts
- Login attempt monitoring and protection
Compliance & Certifications
We maintain compliance with industry standards and regularly undergo third-party security assessments. Our security program includes:
- Annual penetration testing
- Regular vulnerability assessments
- Compliance with GDPR and CCPA requirements
- Industry standard security frameworks
Account Security
Data Retention & Deletion
You maintain full control over your account data. Account deletion can be initiated through Settings → Advanced → Delete Account. Upon deletion:
- All associated data is immediately marked for deletion
- Complete removal is guaranteed within 30 days
- Backup retention follows strict security protocols
We do not use customer data for AI model training or any purposes beyond providing our service.
Security Reporting
We take security concerns seriously and encourage responsible disclosure:
- Submit vulnerabilities through our GitHub Security page
- Contact us at security@helseresearch.com
- 15-business-day response commitment
- Public security advisories for transparency
- Critical incident notifications via email