Skip to main content

Security

Security is the foundation, not a feature

HelpMesh handles customer support data — among the most sensitive content a business owns. We treat every byte accordingly.

Controls

What we have in place

ISO 27001 alignment

HelpMesh is aligned with the ISO 27001 ISMS controls across infrastructure, application, people, and process layers. Type I attestation on the roadmap.

Encryption everywhere

AES-256-GCM at rest for email content, contact data, and webhook secrets. TLS 1.2+ in transit, enforced at the load balancer. KMS-managed keys, rotated annually.

Multi-tenant isolation

Per-tenant scoping enforced at the Prisma middleware layer using AsyncLocalStorage. Cross-tenant queries are not possible without an explicit super-admin override.

Immutable audit log

Every mutation across the platform writes to an audit log: actor, IP, user-agent, timestamp, before/after. 2-year retention, exportable on demand.

Vulnerability disclosure

security@helpmesh.io is monitored 24/7. We respond within 24h on weekdays, 48h on weekends, and follow a 90-day disclosure window per industry norms.

Data residency

Your data lives in the region you configured. Mumbai (ap-south-1) today; UAE (me-central-1) and EU on the Phase 6.5 roadmap.

Compliance

Regulatory coverage

We support the regulatory frameworks our customers operate under — globally.

FrameworkJurisdictionStatus
GDPREU + UKCovered
CCPA / CPRACaliforniaCovered
PIPEDACanadaCovered
PDPLUAECovered
PDPLSaudi ArabiaCovered
DPDPAIndiaCovered
UK-GDPRUnited KingdomCovered
PDPASingaporeCovered
Privacy ActAustraliaCovered
BDSGGermanyCovered
ISO 27001GlobalAligned (Type I roadmap)
SOC 2 Type IIGlobalOn Phase 6.5 roadmap

Need a security questionnaire filled out?

Send the form to security@helpmesh.io and we will turn it around in 5 business days.