HelixGate is designed for organisations where security, compliance, and auditability are non-negotiable. Every architectural decision — from infrastructure isolation to database-level immutability — reflects that.
Every customer gets their own dedicated environment — a separate database, a separate application stack, a separate network boundary. Cross-tenant data access is architecturally impossible, not merely prevented by application logic.
Each customer runs on a dedicated server with its own application stack: separate database, separate API instance, separate ingress. Migration 043 explicitly removed all tenant_id columns — there is no cross-tenant code path in the application at all.
Data encrypted at rest with AES-256-GCM. All communications encrypted in transit via TLS 1.3. Per-tenant keys for sensitive data (TOTP secrets, backups). Credentials stored in a dedicated secrets manager — never in config files or environment variables.
Every state-changing operation logs to an append-only table with a Postgres trigger that raises an exception on any UPDATE or DELETE — even by a database administrator. Compliance evidence that cannot be tampered with.
You don’t have to trust us — you can audit the schema. Audit immutability is enforced at the database layer, not the API. Not the application. Not “best effort”. The same trigger runs in every tenant.
-- Prevents UPDATE or DELETE on audit_log.
-- Enforced by Postgres. Not by the application.
CREATE OR REPLACE FUNCTION audit_immutable()
RETURNS TRIGGER AS $$
BEGIN
RAISE EXCEPTION 'audit_log rows are immutable';
END;
$$ LANGUAGE plpgsql;
CREATE TRIGGER audit_no_update
BEFORE UPDATE OR DELETE ON audit_log
FOR EACH ROW EXECUTE FUNCTION audit_immutable();
-- Even superuser cannot bypass without disabling the trigger,
-- and every attempt is itself logged elsewhere.Defence in depth across every layer. Each control is documented, tested, and audit-logged.
Time-based one-time password MFA enforced for admin accounts. MFA challenge state encrypted at rest, expires automatically. Configurable per organisation.
66+ feature keys assignable to groups, with feature-level permissions across configurable roles — from read-only viewer to platform administrator. All changes audited.
Access tokens are short-lived. Refresh tokens rotate cryptographically on every use, aligned to NIST SP 800-63B AAL2. Reuse detection triggers automatic session revocation across all sessions.
Repeated failed login attempts trigger automatic server-side lockout. Lockout events logged to the immutable trail. Independent of network-level rate limiting for defence in depth.
Industry-standard adaptive hashing. Configurable complexity and expiry policies enforced per organisation. First-login and post-admin-reset password changes mandatory before access is granted.
Global XSS sanitisation middleware on all API request bodies. Parameterised queries throughout — no raw SQL string concatenation. SQL injection is not possible by design.
Core records are never permanently destroyed. Deleted items archived with a deletion marker, preserving the historical record. Permanent deletion from core tables is prohibited.
AES-256-GCM with memory-hard key derivation. Cannot be restored without the backup passphrase. 90-day retention to isolated cloud storage. Backup operations themselves audit-logged.
Every authentication event, permission change, failed access, and admin action logged with actor, IP, user agent, method, endpoint, and outcome. Logs are immutable and retained per policy.
Automated scheduled purge of user data past your configured retention limits. Audit-log anonymisation for departed users — their entries remain, personal identifiers are pseudonymised. Purge operations audit-logged.
Architecture aligned to support customers pursuing SOC 2 Type II and ISO 27001 certification, and to meet UK GDPR processor obligations. Built-in EU AI Act tooling for AI governance. OWASP Top 10 mitigations applied across the platform.
Enterprise security teams need commitments, not architecture diagrams. Here are the operational guarantees behind the controls.
Annual third-party penetration testing against OWASP Top 10 and NIST guidelines. Results available to Enterprise customers under NDA. Internal security tooling runs continuously.
Security incidents acknowledged within 2 hours. Initial assessment and severity classification within 24 hours. Customer notification for confirmed breaches within 72 hours per UK GDPR Article 33.
Customer data permanently deleted within 30 days of contract termination. A 30-day data export window precedes deletion. Deletion confirmation issued on request.
AES-256-GCM with per-tenant keys for sensitive data (TOTP secrets, backups). TLS 1.3 on all connections. Keys managed server-side with rotation on schedule.
DPA included on Enterprise tier, available on request for Business tier. Covers UK GDPR processor obligations, sub-processor list, data handling, breach notification procedures.
Continuous data protection with RPO measured in minutes. Point-in-time recovery to any second. Per-tenant cryptographic isolation. Tiered retention with lifecycle management.
We take security vulnerabilities seriously. If you discover a potential issue, please disclose it responsibly — giving us the opportunity to address it before public disclosure.
We request a minimum 90-day coordinated disclosure window from the date of your report.
Include a clear description of the vulnerability, steps to reproduce, and a potential impact assessment.
For sensitive findings, request our PGP key before sending technical details. We will provide it on request.
We request a minimum 90-day coordinated disclosure window from the date of your report.
We’ll walk you through our security architecture in detail — physical isolation, immutable audit trails, and compliance controls — tailored to your organisation’s requirements.