Security at HelpYard
HelpYard takes the security of our platform and the data of our customers seriously. This page describes our security practices and how to report vulnerabilities.
Reporting a vulnerability
If you have discovered a security vulnerability in HelpYard’s platform, website, or infrastructure, please disclose it responsibly by contacting our security team.
Contact: security@helpyard.ae
We ask that you:
- Give us reasonable time to investigate and address the issue before public disclosure
- Avoid accessing, modifying, or deleting data that does not belong to you
- Do not exploit a vulnerability beyond what is necessary to demonstrate it
- Do not perform denial-of-service attacks or social engineering
We commit to:
- Acknowledging your report within 2 business days
- Providing a status update within 10 business days
- Notifying you when the vulnerability has been resolved
- Not pursuing legal action against researchers acting in good faith
Security practices
- Encryption in transit: All data is encrypted using TLS 1.2 or higher
- Encryption at rest: Database storage uses AES-256 encryption
- Access control: Role-based access control (RBAC) with Row-Level Security (RLS) at the database layer
- Security headers: HSTS, CSP, X-Frame-Options, and other headers enforced on all pages
- DDoS protection: Cloudflare network-level protection
- Authentication: Supabase Auth with secure session management
Scope
The following are in scope for vulnerability reports:
app.helpyard.ae— operations platformhelpyard.ae— marketing website- API endpoints under
app.helpyard.ae
The following are out of scope:
- Social engineering attacks against HelpYard staff
- Physical security attacks
- Third-party services (Supabase, Cloudflare, Resend)
Contact
For security inquiries: security@helpyard.ae
See also: /.well-known/security.txt