Helpfruit is built and managed by Theta. Theta is a trusted New Zealand-based IT consultancy and product development company with strong governance in everything we do. Our dedicated cyber security team works with the Helpfruit product team to ensure the best protections are in place for security and data privacy.
Theta is certified as compliant with ISO 27001, the gold standard in information security management. This extends to all our products, including Helpfruit too. Our certificate can be found here.
The Helpfruit application is a SaaS web application hosted in Microsoft Azure data centres in Australia. This means that it inherits all the security controls available in Microsoft Azure, such as physical security of the data, disaster recovery and encryption. We use the Azure security best-practice controls and continuously monitor the application for confidentiality, integrity, and availability. All Helpfruit Azure private resources comply with Azure’s built-in audit for ISO:27001:2022 security controls.
All Helpfruit data is encrypted in transit and at rest. The web-facing components of Helpfruit are further protected by the Cloudflare Web Application Firewall. Cloudflare’s CDN and WAF help shield us from DDoS attacks as well as prevent a range of common exploits.
Helpfruit accounts can optionally make use of Microsoft Office 365 logins. This enables multi-factor authentication via Microsoft’s login controls if enabled (recommended).
Our Secure Development methodology ensures we build, test and maintain secure products. This means that Helpfruit is regularly tested to ensure it is free from common vulnerabilities, including those described in the OWASP Top 10.
All code is scanned at the time of compilation and 3rd party libraries checked to ensure no known security issues are introduced. Regular, automated scans with a PCI-accredited security scanning solution provide external assessments of the solution on a regular cadence, alerting in the case any problems arise.
External automated attack surface monitoring scans are run weekly using Glasstrail to look for any new issues. In addition to automated scans, we have completed multiple, independent penetration tests on the product including the website and mobile apps.
Helpfruit has strong built-in controls that help you manage the privacy of data you collect. This includes:
The Helpfruit Privacy Policy and Terms and Conditions outline our security and data privacy settings and obligations.
Need a PDF copy of our security standards? You can request it here.