Halp currently holds a report on compliance for the SOC2 Type II standard which includes an audit by a third-party and our philosophy and approach for information security management, risk assessment, and third-party risks. For more information and to get a copy of the report, please email firstname.lastname@example.org
The General Data Protection Regulation (GDPR) is a comprehensive European Union privacy regulation that gives EU citizens and other individuals in the EU authority over their own personal data. The GDPR seeks to harmonize existing data protection laws across Europe and standardize data protection rules. GDPR is a major step forward in protecting privacy rights.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Robust Data Encryption
All data is encrypted at rest with full disk encryption using industry standard AES-256 bit encryption. We rotate our keys annually. Our application is hosted and managed by Amazon Web Services, which complies with the strictest security standards, including ISO 27001, SOC 3, PCI DSS Level 1, and MTCS Level 3. All data in transit is sent over TLS v1.2.
When connecting to Slack, Zendesk, and Jira, we adhere to OAuth 2.0. OAuth is the industry standard for authorizing secure access to external applications without providing them with your password. Halp does not store any passwords and you can revoke OAuth tokens at any time.
Privacy and Visibility
Access to ticket information is limited to a designated group of users and only accessible via their Slack credentials. Users will only be able to see the tickets they have access to in corresponding Slack channels. Halp supports role-based permissions. This means that Halp can only be configured by the specialized Administrator role of your team.
Secure Software Development Lifecycle
Halp's Software Engineering team obsesses over security. We follow OWASP secure coding practices. Every pull request is reviewed for possible attack vectors and vulnerabilities. We evaluate every vendor to ensure that they are GDPR compliant and use industry standard security principles.
Internal Policies and Penetration Testing
Our team follows a comprehensive set of security policies that includes a strict adherence to breach disclosures, business continuity plans, and an extensive incident management policy. We background check all employees and enforce a security training program. We complete annual 3rd party penetration testing with independent contractors.
The full policy packet is available upon request.
Industry Standard Vendors
Halp uses industry standard vendors when appropriate. We use Stripe to handle credit card and ACH payments. We use AWS S3 for file storage.
Have more questions?
Contact email@example.com to request access to our policy packet, our most recent 3rd party audit report, or a full list of our vendors and sub-processors.
As the first conversational platform designed specifically for internal ticketing, Halp is helping companies update their legacy, internal ticketing software for the workplace of today. Our ticketing solution app is built for modern IT teams. The solution enables IT to assign, prioritize, and answer requests from Slack with ease in a chat-based interface. Conversational ticketing results in faster ticket resolution, higher user satisfaction, and increased company productivity. ‘