Trust
Security
HelioDesk is designed as a hosted support service with scoped customer access and Stripe-hosted card collection.
Payment Security
Card details are collected through Stripe Checkout. HelioDesk does not store full card numbers on its servers.
Access Control
Admin and customer portal sessions are separated. Customer portal access is scoped to the customer's own site, FAQ, leads, and conversations.
Widget Controls
Widget requests are checked against configured site origins so customers can limit where their HelioDesk widget is used.
Operational Practices
We recommend HTTPS-only production deployment, strong admin passwords, private environment variables, restricted server access, and regular backup review.
Report a Concern
Security reports can be sent through the contact page. Please include clear reproduction details and avoid accessing data that is not yours.