HelixGate is designed for organisations where security, compliance, and auditability are non-negotiable. Every architectural decision we have made — from infrastructure isolation to database-level immutability — reflects that.
Last reviewed: April 2026
Every HelixGate customer gets their own dedicated environment — a separate database, a separate application stack, and a separate network boundary. Your data is never co-mingled with another customer's. There is no shared multi-tenant database, no shared application layer, and no shared file storage. Physical isolation is the foundation of our security model.
Each customer runs on a dedicated server with its own isolated application stack. A separate database, a separate API instance, a separate ingress layer. Cross-tenant data access is architecturally impossible — not merely prevented by application logic.
Data is encrypted at rest using AES-256. All communications are encrypted in transit using TLS 1.3. Credentials and secrets are managed via a dedicated secrets management system — never stored in configuration files or environment variables where they could be exposed.
Every state-changing operation is logged to an append-only audit table. A database-layer immutability constraint raises an exception if any attempt is made to modify or delete an audit record — even by a database administrator. Compliance evidence that cannot be tampered with.
Time-based one-time password (TOTP) MFA enforced for admin accounts. MFA challenge state is encrypted at rest and expires automatically. MFA policy is configurable per organisation.
Granular RBAC with feature-level permissions across eight configurable roles — from read-only viewer to platform administrator. All permission changes are audited with actor, timestamp, and old/new values.
Access tokens are short-lived. Refresh tokens rotate on every use with cryptographic binding — aligned with NIST SP 800-63B AAL2 guidance. Token reuse is detected and triggers automatic session revocation across all active sessions.
Repeated failed login attempts trigger an automatic account lockout enforced server-side. Lockout events are logged to the immutable audit trail. Applied independently of network-level rate limiting for defence-in-depth.
Passwords are stored using industry-standard adaptive hashing algorithms. Configurable complexity and expiry policies are enforced per organisation. First-login and post-admin-reset password changes are mandatory before access is granted.
Global XSS sanitisation middleware applied to all API request bodies before processing. Parameterised queries throughout — no raw SQL string concatenation. SQL injection is not possible by design.
Core records are never permanently destroyed. Deleted items are archived with a deletion marker, preserving a complete historical record. Permanent deletion from core tables is prohibited — enforced at the application layer and captured in the audit trail.
Platform backup files are encrypted using AES-256 with memory-hard key derivation. Encrypted backups cannot be restored without the backup passphrase. Backup and restore operations are audit-logged with actor identity and timestamp.
All authentication events, permission changes, failed access attempts, and administrative actions are logged with actor identity, IP address, user agent, HTTP method, endpoint, and outcome. Logs are immutable and retained per your configured policy.
Automated scheduled purge of user data past your configured retention limits. Audit log anonymisation for departed users — their audit entries remain but personal identifiers are pseudonymised. Purge operations are themselves audit-logged.
HelixGate implements enterprise-grade backup and recovery strategies designed to meet the most demanding compliance frameworks. Your governance data can be recovered from any failure scenario — from a single record to a complete platform restore.
Database changes are captured continuously and shipped to encrypted off-site storage within minutes. Recovery point objectives (RPO) are measured in minutes, not hours — ensuring minimal data loss in any disaster scenario.
Restore your platform to any point in time, down to the second. Whether it's recovering from accidental deletion, data corruption, or a failed deployment — your data can be rolled back precisely.
Automated full-platform snapshots capture everything — database, uploaded files, and configuration. Complete disaster recovery from a single encrypted archive, tested and verified on schedule.
All backups are encrypted at rest using AES-256 with managed key rotation. In-transit encryption via TLS 1.2+. Application-level backups add a second encryption layer with memory-hard key derivation.
Each tenant's backups are cryptographically isolated with dedicated access policies. No tenant can access another tenant's backup data — enforced at the infrastructure level, not just the application layer.
Recent backups are available for instant recovery. Older backups transition to cost-optimised archival storage automatically. Retention policies are configurable per compliance requirements — ISO 27001, NIST, or your own policy.
HelixGate's architecture is designed to support customers pursuing SOC 2 Type II and ISO 27001 certification, and to meet UK GDPR requirements as a data processor. The platform also includes built-in EU AI Act compliance tooling for organisations with AI governance obligations. We apply all OWASP Top 10 mitigations across the platform.
We take security vulnerabilities seriously. If you discover a potential security issue in HelixGate, we ask that you disclose it responsibly — giving us the opportunity to address it before any public disclosure.
We commit to:
Please do not publicly disclose vulnerabilities until we have had a minimum 90-day window to address them.
Include a clear description of the vulnerability, steps to reproduce, and potential impact assessment.
For sensitive findings, request our PGP key before sending technical details. We will provide it on request.
We request a minimum 90-day coordinated disclosure window from the date of your report.
Enterprise security teams need commitments, not just architecture diagrams. Here are the operational guarantees that back our technical controls.
Annual third-party penetration testing against OWASP Top 10 and NIST guidelines. Results available to Enterprise customers under NDA. Internal security assessment tooling runs continuously.
Security incidents acknowledged within 2 hours. Initial assessment and severity classification within 24 hours. Customer notification for confirmed breaches within 72 hours per UK GDPR Article 33.
Customer data permanently deleted within 30 days of contract termination. A 30-day data export window is provided before deletion. Deletion confirmation issued on request.
AES-256-GCM encryption with per-tenant keys for sensitive data (TOTP secrets, backups). TLS 1.3 on all connections. Keys managed server-side with rotation on schedule.
DPA included on Enterprise tier and available on request for Professional tier. Covers UK GDPR processor obligations, sub-processor list, data handling, and breach notification procedures.
Architecture designed for SOC 2 Type II readiness. ISO 27001-aligned controls. Formal certification programme planned as customer base scales. Current controls satisfy the technical requirements of both frameworks.
We'll walk you through our security architecture in detail — physical isolation, immutable audit trails, and compliance controls — in a demo tailored to your organisation's requirements.