Security
Security is our most important product feature. HELAÜLOOM encrypts vault content in transit and at rest, with optional client-side encryption before upload. Only you can see your vault content. Our team cannot read it. We use TOTP and passkey authentication, PostgreSQL row-level security in production (see RLS programme), rate limiting, safe error handling, and append-only audit logs.
Medical & health data. Medical history, medications, and physician contacts are encrypted with AES-256-GCM and protected by the same access-logging and audit-trail standards used in HIPAA-covered systems. We apply these HIPAA-aligned safeguards voluntarily, as a luxury-tier commitment to your family’s most sensitive information, though HELAÜLOOM is not a HIPAA-covered entity.
Responsible disclosure. Report vulnerabilities to security@helauloom.com. See our security.txt and security policy for contact details and safe harbour language.
PGP public key
Our production public key is published below and at /pgp/security.asc. Verify the fingerprint before encrypting sensitive reports.
Fingerprint: 64E3 B23D 29E3 B872 EDD9 6A43 9E0A E0F5 D957 5077 · Download /pgp/security.asc
-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBGotjP4BEACsxPx7iocx0RmlaDZlc8FrrlDz87vSRMcJbsya1nlICZmq gvLAckTMzgdxs3xS8OtPnPVtrSnhJ4baCDXZ4JO5RZABAr686f0a+GhqL3yk w0nPGbB6o+z2xGvZxbaheJ8+oJDxKFjocQQ2JOwrqgKvowALVZryD+X+FWk3 wK4br1y8UBlwUSBXr/Tw919YKar5RZXqSq/fYjHkOYnzNO8KOIR1UNnhG0Kt y3+ImFuF2KHOn+v6FX2t8rvJgMPfe4VlwMcQBAgPxglCjfIsCU4TxY61/YFV 7GAyZv8kN/r/aLyu5ttYa1tPiiGOKUc79ARCAxSqB6tCfnuNbSazWFUdlk2L bUGsUK8LcK2wKcNniZLBhjDu/aKXI4c9k3kqzuRJjN+3zrn5BgA6lzTPfIOU hszg1yCHN6k90BwGJi/1uDTHyeti2y1BDh4J/LfqRmhfJISBZNuZoyc2TJDT 7inNPtahXmSMXfmPX3CreUpVRveCobb318dIszasGdu1VG4IJDOP8wGJQ+6k 1rtvZsaRq8HFylSV3fDxZUX67h9+qz85QVKb6PK4Ch0jmNFwdWzA0gUzaOsW F3wsacvi2J4eAHvFSOG7g5pfULFIWno3wZn/L6UfD1nbAoRtGoZ7rJ3FOEzq RgfrOvOEgW/LK/qr4F8POV8Sed1MLHAjNM/XmwARAQABzSxIRUxBw5xMT09N IFNlY3VyaXR5IDxzZWN1cml0eUBoZWxhdWxvb20uY29tPsLBigQQAQgAPgWC ai2M/gQLCQcICZCeCuD12VdQdwMVCAoEFgACAQIZAQKbAwIeARYhBGTjsj0p 47hy7dlqQ54K4PXZV1B3AAACGBAAmA7t108oRlVJKYs119eoe9I81nm9F/xy eqjtorphD7DBXdzP57bvImLWCviFij7wkJlRw/y42CVsxn3BfFgpbyP7/Dj1 genL7ahmQw/VJ9Hl2MofgFLmQSdD69S+zuwGqj1yprHMhx8/doNWb3vRX87o uO9AxWwRHR2Bq2LMzKE1zGm84oiIvc9mkQ/bk0r/st9TJKjtD3CFW1HO23DR smUhlFekPnF25IS+Rfx4OckmTxTWz34u5ceRbbJOc2vvISnOp9Rv7VQAMnLi U/MORNXqIyY+2ZMizMUDRtO5fs7Z+q3DWHKfYvjdTWky1XHtvbIPfCwZsWe2 aU6+M7TbYiqI+rWDXkZKjUOCrhkRaugXuo457hmy1w7lyJuU4gPj6IZYXmqw aaCYUSOsxWQNUxSznJUIVXUu9knV+FZTAib73BafbMHG/mUuBM/LfP74ouuP fAiEAChf+dgMZCJYc8mD4Ou4UAyWTtfRr8uvuJI5XibcnlbpFSS4YsNkGa75 sOtoyyjsIO7a1bS3TiKmljHdkdtOYsZcilXKwcpjitIrkV3Shg7abAzP/4eg 9bI5Vcm2NE/mcAFT4h8Um8Dc2IMAH/D30NAn8sDbJiH7SWh6H913jtUE9au2 J4H4dpZYcntwbMqGN6do0XJvJPFEDBz4vM0XYLwN42oTq0cnMqnOwU0Eai2M /gEQALGS+6xwm+LxcsqjYkRgH5Za+SVNL7vpCpQSa8u1xajLvYAyUqAd4fMN zF4UZDhgrRqbKVElOXsBGlgxoFro/k7QIc/WRbIhxhYL4AdUqyp0o52aifLl /WgrcUZLUqHCg2aA6TROuw3kFk4LzKkCv1qNu7qsv2VGH+5tC3ByH0o2ATxQ ++aGgQPS4nhrteVjTIzMYrmq1Xi/vsHKz1kC/glS9D5f5qnCuoHV/qBoFt0G IUVmSeZmGEBus91FERSIIi2CeNY0KacWRElktfoavRLAUgbI5uYRaA8LkYA4 HqfHVJm35tJh4GaSvcnRB2Jp6/oRUjUf1/W4aauybcjLuaPSebxmGUlBc8uC l5zbb1khkNM1OCF8jgBJMZ84Bg+nazFNw94Sx/lwCZXhda7qLiMK9fmQQBFk tfwXGUy/ALiL0Kw4uyChvcrLIPtBWZZrt6f5zHR5vPSFbtYzCbXby/1aMdlo 9P0elIQzYSxCR4xYODfbqYszCwX+oM3Xj692y5THMIOGsMVrW8Y0DGUJPyvi 3ar+qGJsGYE2UBWRPj11ZU8GBIIQpt2meoK8pxa9UXv+Mmn9mIJicnYMTD/E C9dr626x8e0U7HArwHUjI4EDxCNbWsWRaueHd5WqbHUAz+WTKyKtqjaA7elq 7DZcrTUh+4rOv7DAyGqQHeiezZUPABEBAAHCwXYEGAEIACoFgmotjP4JkJ4K 4PXZV1B3ApsMFiEEZOOyPSnjuHLt2WpDngrg9dlXUHcAAFAdD/9/1UjNY6j3 H1speffJYHo8a4b+2OpZU8n5+OfDi6V4otdKoZfJO+dYbsa65v9cDyg+A+1l vxpFia+hOD1y7FGPS/fI8/lYepIwYPki4hpDZ5rBz7yZo4hm+CYYxcEFq0sT MhJqumerH7VNFcf920tEigRRJNabthHS8vqhs6urqV7LGEiCqqawGIMrtxSK xfUk0JdGrh3AjgZ3xG3DIOrAI8SPHj9rYy46BFi3Igd9y5XoShlVN3cFew3U y+tJ3sM8c9DPxmpnC+DxtNJR20tewXhIbQRHeX5tGHlnKAbIqueC2K2vtjC0 IFcX5221mpCKlnIyR0Lzdz2kHbzMGvpkcbulQSub/0LTg2zHjGuMhtbvS/dA qL8QKFrNeSiRfC788/0fo6guZ7wYToVh1w/DZQvG27JNIZCDruzYQ1dDfE3M 9UrJEp0yLCpVp+18bXmMG4a2UYtXAGm10Uqa8vgdJEN9rwm0c4ri2XD9kNRp cHtynhYPFCYf3tX7rIMGNS61lBnb9EVf8Y8zKfXZafK7X6HA9S2lXvsNcnsF fh8eDFVrdOQ6r1A8bf+vwLyfoOr/R4WCWihIjVrlAhhRlHvSftzbC3sp1GN8 BTgzwyFbA6QBPvY+2htfNqhwM8D8X8At7ouSHP+xkDHYqShygNFPvJacx5Qv /CrLggZ93EGhOw== =eyF8 -----END PGP PUBLIC KEY BLOCK-----
Security controls built to SOC 2 Type II standards. AES-256-GCM field-level encryption, MFA and role-based access control, append-only audit logging, and automated backup and restore drills are live in production today. Our independent SOC 2 Type II report is scheduled for Q4 2026. Trust center & enterprise requests.
Penetration testing. Annual third-party assessment, latest report summary and remediation tracker.
Bug bounty. HackerOne programme, invite-only at launch, public scope at GA.