Your data and our systems are protected and resilient by design

Helpfruit is built and managed by Theta. Theta is a trusted New Zealand-based IT consultancy and product development company with strong governance in everything we do. Our dedicated cyber security team works with the Helpfruit product team to ensure the best protections are in place for security and data privacy.

ISO 27001 security standard compliance

A close-up of a sealDescription automatically generated

Theta is certified as compliant with ISO 27001, the gold standard in information security management. This extends to all our products, including Helpfruit too.

Robust data centre security

The Helpfruit application is a SaaS web application hosted in Microsoft Azure data centres in Australia. This means that it inherits all the security controls available in Microsoft Azure, such as physical security of the data, disaster recovery and encryption. We use the Azure security best-practice controls and continuously monitor the application for confidentiality, integrity, and availability. All Helpfruit Azure private resources comply with Azure’s built-in audit for ISO:27001:2013 security controls.  

Multiple layers to protect your data

All Helpfruit data is encrypted in transit and at rest.  The web-facing components of Helpfruit are further protected by the Cloudflare Web Application Firewall. Cloudflare’s CDN and WAF help shield us from DDoS attacks as well as prevent a range of common exploits.

Helpfruit accounts can optionally make use of Microsoft Office 365 logins. This enables multi-factor authentication via Microsoft’s login controls if enabled (recommended). 

Secure development and scanning

Our Secure Development methodology ensures we build, test and maintain secure products. This means that Helpfruit is regularly tested to ensure it is free from common vulnerabilities, including those described in the OWASP Top 10.   

All code is scanned at the time of compilation and 3rd party libraries checked to ensure no known security issues are introduced.  Regular, automated scans with a PCI-accredited security scanning solution provide external assessments of the solution on a regular cadence, alerting in the case any problems arise.  

External automated attack surface monitoring scans are run weekly using Glasstrail to look for any new issues.  In addition to automated scans, we have completed multiple, independent penetration tests on the product including the website and mobile apps.

Enterprise-grade privacy controls

Helpfruit has strong built-in controls that help you manage the privacy of data you collect. This includes: 

  • Data retention – we provide full control over data retention. Customers can choose specific retention policies to align with their needs – e.g. you can specify a 30-day retention for chatbot interactions and a 90-day retention for live chat.
  • Block list words/terms – you can add certain words to a block list so that if a member of the public uses them in communications with you, your staff are not exposed to that word/term.
  • Control over what is collected - we give customers control over what data that is collected, so only the necessary amount of data is collected.
  • Admin access – fine grained security roles in the platform let you grant access to people for specific roles. We support Microsoft O365 logins for Helpfruit accounts which means easier onboarding and offboarding when people leave your organization. 

Our policies

The Helpfruit  Privacy Policy and Terms and Conditions  outline our security and data privacy settings and obligations.  

Need a PDF copy of our security standards? You can request it here.