Security

Last Updated: May 28, 2026

Our Commitment to Security

Security is foundational to how we build and operate Helonic. We understand that construction drawings and project data are sensitive, and we are committed to protecting the confidentiality, integrity, and availability of every customer's data. This page describes the safeguards and practices we maintain across our platform and organization.

Compliance

Helonic is SOC 2 compliant. Our controls are independently assessed against the SOC 2 Trust Services Criteria for security, and we maintain our program on an ongoing basis.

Data Encryption

  • All data is encrypted in transit using TLS 1.2 or higher
  • All data is encrypted at rest using AES-256 encryption
  • Secrets and API keys are managed through a dedicated secrets management system and are never stored in plaintext

Infrastructure Security

  • Our infrastructure is hosted on industry-leading cloud providers with their own robust physical and network security controls
  • Infrastructure is provisioned and managed through version-controlled infrastructure-as-code to ensure consistency and auditability
  • Network access is restricted through firewalls, security groups, and the principle of least privilege
  • Automated, redundant backups protect against data loss

Access Control

  • Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis
  • Multi-factor authentication is required for access to critical systems
  • Access is reviewed regularly and revoked promptly when no longer required
  • Strong authentication and session management protect user accounts

Monitoring and Logging

  • Systems are continuously monitored for availability, performance, and suspicious activity
  • Audit logs are maintained for access to sensitive systems and data
  • Alerts notify our team of anomalous or unauthorized activity

Application Security

  • Code changes are reviewed before being deployed to production
  • Dependencies are monitored for known vulnerabilities
  • We follow secure development practices throughout our software lifecycle

Data Privacy

We do not sell your data. Customer content is used solely to provide and improve the Service, and is handled in accordance with our Privacy Policy. You retain ownership of the construction drawings and content you upload.

Incident Response

We maintain an incident response process to detect, respond to, and recover from security events. In the event of an incident affecting your data, we will investigate promptly and notify affected customers in accordance with applicable laws and our contractual commitments.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability or have a security concern, we want to hear from you. Please contact us at:

founders@helonic.com