Information Security Policy

Last updated: April 23, 2026

1. Overview

At Helpful Human, LLC, we take the security of information seriously — both ours and yours. This policy outlines the principles and practices we follow to protect data and maintain trust. As an early-stage company, we are building our security posture from the ground up with the same care we bring to everything else.

2. Data Security

We take data security very seriously. All data is encrypted both in transit and at rest. Our infrastructure enforces SSL/TLS encryption for all connections, and HTTPS is required across all of our systems.

3. Email Security

Our email systems are protected by industry-standard authentication protocols including SPF, DKIM, and DMARC to prevent unauthorized use of our domain and ensure the integrity of our communications.

4. Data Handling Principles

We follow these principles when handling any information:

• Minimization — we collect only the information we need
• Purpose limitation — we use information only for the purpose it was provided
• Access control — access to information is limited to those who need it
• Encryption — all data is encrypted in transit and at rest

5. Access Control

Access to our systems and accounts is managed with the following practices:

• Strong, unique passwords for all accounts
• Multi-factor authentication (MFA) where available
• Principle of least privilege for all access
• Regular review of access permissions

6. Incident Response

In the event of a security incident, we will:

1. Identify and contain the incident as quickly as possible
2. Assess the scope and impact of the incident
3. Notify affected individuals promptly if their personal information is compromised
4. Investigate the root cause and implement measures to prevent recurrence
5. Document the incident and our response for future reference

7. Responsible Disclosure

If you discover a security vulnerability in our website or systems, we encourage you to report it to us responsibly. Please contact us at hello@helpfulhuman.xyz with details of the vulnerability. We will:

• Acknowledge receipt of your report within 48 hours
• Investigate and address the issue promptly
• Keep you informed of our progress
• Not take legal action against good-faith security researchers

8. Continuous Improvement

Security is not a destination — it's an ongoing practice. As our company grows and our technology evolves, we will continue to review, update, and strengthen our security measures. This policy will be updated to reflect those changes.

9. Contact

If you have questions or concerns about our security practices, please contact us at hello@helpfulhuman.xyz.