Is my data secure and protected?
At HelpDocs we take security and data protection seriously. Here's an overview of some stuff we're doing to keep your data safe.
At HelpDocs we take security and data protection seriously. Here's an overview of some stuff we're doing to keep your data safe.
End to End Encryption
All accounts come with SSL as standard on the HelpDocs subdomain. You can also optionally enable SSL on your custom domain with one click. Our SSL connections are terminated directly on our application servers, so your traffic's encrypted the whole way. We don't use any third party providers or middleware here, so your data's always safe.
Databases Encrypted at Rest
We encrypt our databases at rest. That means all your data's securely locked when it's not in use.
Frequent Backups
We backup your data every day, and retain months of backups on a rolling deletion schedule. These backups, you guessed it, are encrypted too.
Backup Frequency | Retention Period |
Daily | 7 days |
Weekly | 4 weeks |
Monthly | 3 months |
First Class Hosting
All our servers are based in Google Cloud's Iowa datacenter. We have firewalls around all the instances to protect our servers from bad actors.
Penetration Testing
We conduct regular penetration tests to mitigate against common (e.g. OWASP Top Ten etc.) and emerging threats.
Access to your Data
Account data is strongly namespaced to your account. Unless you choose to make your documentation public other customers will never have access to your data. You're also able to restrict certain content to certain users with our access control features: data will only be shared with those you choose.
Some members of the HelpDocs team do have access to your data. We'll access your data as part of support requests and in case of urgent service issues. Otherwise we'll always ask your permission before accessing your account. Any staff members that have access to your data are subject to strict confidentiality agreements. All data access is audited.
We will respond to subject access requests, request to modify your personal information, requests to delete your own personal data or that of your users, and requests to stop processing all personal data within 10 days of request.
SLA
We don't offer an SLA on our shared hosting plans. If you require an SLA, we may be able to offer one on an Enterprise plan. Get in touch with support if this is something you're interested in.
That said, you can check our historical uptime on our public status page here. It's updated every few minutes.
Privacy Program
In addition to our terms and public privacy policy HelpDocs has a documented internal privacy program that's subject to regular internal reviews. It contains and documents:
- roles, responsibilities, and governance
- privacy policies/procedures
- review and monitoring processes to ensure continuous improvement
- details of the appointed Data Protection Officer
- privacy by design and adherence to default principles of privacy when features are built or updated
- retention schedule for personal data
- privacy training/awareness program
- records for the historical and future processing of personal data
We do not process high risk data and are not required to Data Privacy Impact Assessments.
Incident & Breach Management
We have a formal and documented incident management and data breach response plan. This plan is regularly tested.
In the event of a data breach we will inform any affected parties as soon as is reasonably possible upon becoming aware.
What did you think of this doc?
Anonymizing IP Addresses