Security

Security your security team will sign off on

SSO, MFA, RBAC, audit log, encrypted at rest, hosted in the UK.

HelpWise was designed for B2B and enterprise from day one. SSO and MFA on the front door, role-based access for what an agent can see, scoped API keys for integrations, HMAC-signed webhooks for outbound, and an audit log that records every change to every record. Hosted on Microsoft Azure UK South.

Start free trial See pricing

14-day Pro trial · no credit card required

A HelpWise sign-in screen with the SSO option, an MFA prompt, and a side panel showing the audit log entries for the last hour with an HMAC-signed webhook delivery confirmation.

What you get

Everything in Security, on every paid plan

Boring security, done right

Most security incidents at a SaaS vendor are not exotic — they are stolen credentials, leaky API tokens, or a webhook receiver someone forgot to lock down. HelpWise leans on a few well-tested controls: SSO so your IdP is the source of truth, MFA so a stolen password is not enough, scoped API keys so a leaked token cannot read other tenants, and HMAC-signed webhooks so receivers can verify the payload is genuine.

Tenant isolation is enforced at every layer. Database queries are scoped by organisation_id; API responses filter by organisation_id; webhook payloads only include the originating tenant's data; cache keys are namespaced. This is verified by automated tests on every release and by a manual review on every change to the data layer.

Audit log, sub-processors and the paper trail

On Enterprise plans, the audit log records every meaningful change — who logged in, who edited a ticket, who changed a setting, who exported data. Filterable by user, by record, by time range. Exports as CSV or via the API for your SIEM. Retention is 12 months by default and can be extended on request.

For procurement, we publish our sub-processor list on request, ship a Data Processing Addendum on every Enterprise contract, and respond to standard security questionnaires (CAIQ, SIG-Lite) within five business days. Read the Privacy Policy and Terms for the full posture; email security@helpwise.net to start a security review.

Frequently asked questions

Things people ask before signing up

Are you SOC 2 or ISO 27001 certified?
Certifications are on the roadmap; we are happy to walk you through the controls we already have and our timeline. The shortcut for most enterprise procurements is the Data Processing Addendum and our standard security questionnaire response, available on request.
Where is customer data stored?
Customer data is stored in Microsoft Azure UK South. Sub-processors (SendGrid, Stripe, Anthropic, Twilio) are listed on request. Where any sub-processor is outside the UK, we rely on appropriate transfer mechanisms (UK IDTA, EU SCCs).
Can we restrict access by IP or country?
Yes. On Enterprise, agent sessions can be restricted to a list of allowed IP ranges or countries, enforced at sign-in and on every API call.

Keep exploring

Related features

MSP Mode

Manage every client from one workspace, but keep their data invisible to each other.

Integrations

Slack, Jira, your CRM and your own back-office — connected, not isolated.

Ticket Management

A clean queue, real SLAs and an audit trail you can actually use.

Back to all features

Try Security on a 14-day free trial

Sign up in under a minute. No credit card. Cancel any time. If HelpWise does not save your team time, do not pay us.

Start free trial Talk to sales