Policies and Procedures

At Help Scout, we take security and privacy seriously. We follow industry-standard security practices that keep your customer data protected and adhere to relevant privacy regulations.

Help Scout is hosted in AWS and maintains high standards for availability, backups and recovery on behalf of its customers.

Compliance

Help Scout is SOC2 Type 2 certified for Security and Availability. To get a copy of our latest report, please get in touch with us at help@helpscout.com.

Penetration Testing

Periodically, an independent security firm executes a white-box penetration test audit across our system and code base. A summary of the results of the latest penetration test can be provided upon request at help@helpscout.com.

HIPAA

Help Scout maintains ongoing compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and is able to process, maintain, and store protected health information for any entities restricted by these regulations. If you require HIPAA compliance, it is necessary to sign a BAA with us.

Report a security bug or vulnerability

If you’ve discovered a security vulnerability or issue, please disclose it directly to us in a responsible manner by sending us an email at help@helpscout.com. Please include as many details as you can so we can identify and assess the issue promptly. You can expect an initial response to your report within 24 hours of submitting it, and we may follow up with you as needed.