Security
Security is the foundation, not a feature
HelpMesh handles customer support data — among the most sensitive content a business owns. We treat every byte accordingly.
Controls
What we have in place
ISO 27001 alignment
HelpMesh is aligned with the ISO 27001 ISMS controls across infrastructure, application, people, and process layers. Type I attestation on the roadmap.
Encryption everywhere
AES-256-GCM at rest for email content, contact data, and webhook secrets. TLS 1.2+ in transit, enforced at the load balancer. KMS-managed keys, rotated annually.
Multi-tenant isolation
Per-tenant scoping enforced at the Prisma middleware layer using AsyncLocalStorage. Cross-tenant queries are not possible without an explicit super-admin override.
Immutable audit log
Every mutation across the platform writes to an audit log: actor, IP, user-agent, timestamp, before/after. 2-year retention, exportable on demand.
Vulnerability disclosure
security@helpmesh.io is monitored 24/7. We respond within 24h on weekdays, 48h on weekends, and follow a 90-day disclosure window per industry norms.
Data residency
Your data lives in the region you configured. Mumbai (ap-south-1) today; UAE (me-central-1) and EU on the Phase 6.5 roadmap.
Compliance
Regulatory coverage
We support the regulatory frameworks our customers operate under — globally.
| Framework | Jurisdiction | Status |
|---|---|---|
| GDPR | EU + UK | Covered |
| CCPA / CPRA | California | Covered |
| PIPEDA | Canada | Covered |
| PDPL | UAE | Covered |
| PDPL | Saudi Arabia | Covered |
| DPDPA | India | Covered |
| UK-GDPR | United Kingdom | Covered |
| PDPA | Singapore | Covered |
| Privacy Act | Australia | Covered |
| BDSG | Germany | Covered |
| ISO 27001 | Global | Aligned (Type I roadmap) |
| SOC 2 Type II | Global | On Phase 6.5 roadmap |
Trust documents
The paperwork your security team will ask for
Need a security questionnaire filled out?
Send the form to security@helpmesh.io and we will turn it around in 5 business days.