Security

Encryption

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Database connections are encrypted end-to-end. Sensitive fields like API keys and payment tokens receive an additional layer of application-level encryption.

Infrastructure

• Hosted on cloud infrastructure with SOC 2 Type II certified providers
• Automated daily backups with point-in-time recovery
• Multi-region redundancy for high availability
• DDoS protection and Web Application Firewall (WAF)

Access Control

Row-level security ensures your data is completely isolated from other users at the database level. All authentication tokens are short-lived and automatically rotated.

Authentication

• Secure password hashing handled by Supabase Auth
• Session management with automatic expiration
• Brute-force protection with rate limiting

Compliance

• GDPR-aligned — full data export and deletion rights
• CCPA-aligned — California consumer privacy rights

Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly to security@helmbill.app. We take all reports seriously and will respond within 24 hours. We do not pursue legal action against researchers who report vulnerabilities in good faith.

Questions

For security-related questions, contact security@helmbill.app.