# Overview

Helvia delivers safe and reliable AI to organizations in regulated industries. The platform is independently audited, engineered for the unique risks of conversational AI, and built for production use at scale. This page covers our certifications, how we protect customer data, and the safeguards built into the AI itself.

### Our Approach to Security

Security shapes every product and operational decision at Helvia. Our philosophy is grounded in a few core principles:

* **Privacy by design:** Anonymization, encryption, and least-privilege access are core to how the platform is built
* **Full audit trail:** Every action in the platform is logged, with role-based access and granular permissions to control who can see and do what
* **No training on customer data:** Conversations, configurations, and content remain yours
* **Reliability and backups:** Automated backups and disaster-recovery procedures protect against downtime and data loss
* **Responsible AI:** Conversational AI introduces new categories of risk, from prompt injection to data leakage through model outputs. We invest in safeguards that anticipate these risks rather than react to them.
* **Continuous validation:** Annual external audits, ongoing penetration testing, and an ISO-certified information security management system

### Certifications and Compliance

Helvia commits to trustworthy AI, backed by independent certifications for security, privacy and quality.

<table data-column-title-hidden data-view="cards"><thead><tr><th>Title</th><th>Description</th><th data-hidden data-card-cover data-type="image">Cover image</th></tr></thead><tbody><tr><td><h4><i class="fa-shield-halved">:shield-halved:</i> </h4><h4>ISO/IEC 27001</h4></td><td>Certified information security management system covering risk, controls, and continuous improvement</td><td></td></tr><tr><td><h4><i class="fa-scale-balanced">:scale-balanced:</i> </h4><h4><strong>GDPR</strong></h4></td><td>Full alignment with the EU General Data Protection Regulation</td><td></td></tr><tr><td><h4><i class="fa-medal">:medal:</i> </h4><h4>ISO 9001</h4></td><td>Certified quality management system ensuring repeatable processes and accountability across the organization</td><td></td></tr></tbody></table>

### How Security Is Organized

Security at Helvia is layered across data, roles, observability, and the AI itself. Use the table below to explore each area:

<table><thead><tr><th width="240">Area</th><th>What it covers</th><th>Read more</th></tr></thead><tbody><tr><td>Data privacy and handling</td><td>Encryption at rest and in transit, anonymization, retention, and data minimization</td><td><a data-mention href="/pages/SVpjoCEZQ7RBZrQLnjCN">/pages/SVpjoCEZQ7RBZrQLnjCN</a></td></tr><tr><td>Audit logs and access control</td><td>Event logging, role-based access and granular permissions</td><td><a data-mention href="/pages/DURBut8QiPDp8oKLXwIe">/pages/DURBut8QiPDp8oKLXwIe</a> and <a data-mention href="/pages/kxnr1ajS9Gjq7Jw7PGFP">/pages/kxnr1ajS9Gjq7Jw7PGFP</a></td></tr><tr><td>End-user authentication</td><td>Authenticating end users mid-conversation using OIDC</td><td><a data-mention href="/pages/giftQQYt7HR1lWFXxNN6">/pages/giftQQYt7HR1lWFXxNN6</a></td></tr><tr><td>AI safety and guardrails</td><td>PII redaction, content validation guardrails, and safe integration with LLM providers</td><td><a data-mention href="/pages/NCmeyKOAApS42HBw4N7V">/pages/NCmeyKOAApS42HBw4N7V</a></td></tr><tr><td>SSO and login</td><td>Workspace login options, including single sign-on (SSO) with enterprise identity providers</td><td><a data-mention href="/pages/betjRwrrF193mQTpS0nq#login-settings">/pages/betjRwrrF193mQTpS0nq#login-settings</a></td></tr><tr><td>Observability</td><td>Full visibility into LLM input and output for every conversation step</td><td><a data-mention href="/pages/qJszHvG38xpzQX3yGZyL">/pages/qJszHvG38xpzQX3yGZyL</a></td></tr></tbody></table>

### AI Safety and Data Handling

Running an AI agent platform demands safeguards beyond those of a generic SaaS application. The platform protects sensitive information at every stage of the conversation, from user input through model invocation to response delivery.

* **Encrypted transmission:** Data is encrypted in transit to and from third-party LLM providers
* **Anonymization before model invocation:** Personal data and structured identifiers can be anonymized or pseudonymized before being sent to the LLM
* **Full LLM auditing:** Every input sent to and output received from LLM models is logged and reviewable
* **Guardrails against malicious prompts:** Build validation steps into your agent workflow to detect malicious commands and prevent unchecked user prompts from reaching the model

### Frequently Asked Questions

<details>

<summary><strong>Where is my data stored?</strong></summary>

All our services and databases are operated within the European Union.

</details>

<details>

<summary><strong>Is my data encrypted?</strong></summary>

Yes. All data in transit is protected using TLS, and data at rest is encrypted using AES-256. Passwords are hashed using modern, industry-standard algorithms and are never visible to administrators.

</details>

<details>

<summary><strong>Is Helvia GDPR compliant?</strong></summary>

Yes. Helvia aligns with the EU General Data Protection Regulation and has an appointed Data Protection Officer overseeing compliance. For details on what data we collect and how we process it, see our [privacy policy](https://helvia.ai/privacy).

</details>

<details>

<summary><strong>Does Helvia use my data to train its AI models?</strong></summary>

No. Helvia does not use customer data to train its AI models. Your conversations, configurations, and content remain yours.

</details>

<details>

<summary><strong>Do third-party LLM providers (OpenAI, Azure, Google) train on my data?</strong></summary>

LLM integrations run on your own provider accounts and API keys, so data-use and training terms are set directly by your contract with the provider. Review your provider's data-use policy and enable any available opt-outs on your account.

</details>

<details>

<summary><strong>Do you use sub-processors?</strong></summary>

Yes. Helvia engages a limited set of sub-processors that support platform operation, each bound by contractual obligations covering data protection and confidentiality. The current list is available on request from `dpo@helvia.ai`.

</details>

<details>

<summary><strong>How long is my data retained?</strong></summary>

Retention is configurable per workspace, with administrators able to set windows for conversations, logs, and exports. &#x20;

</details>

<details>

<summary><strong>Do you conduct regular security audits?</strong></summary>

Yes. Helvia is certified under ISO/IEC 27001:2023 and undergoes annual penetration testing by an independent external provider.

</details>

### Security Resources

<table data-column-title-hidden data-view="cards"><thead><tr><th>Title</th><th>Description</th></tr></thead><tbody><tr><td><h4><i class="fa-user-shield">:user-shield:</i> </h4><h4><strong>Data Protection Officer</strong></h4></td><td>For privacy, GDPR, and data subject requests, contact <code>dpo@helvia.ai</code></td></tr><tr><td><h4><i class="fa-life-ring">:life-ring:</i> </h4><h4><strong>Product and Platform Support</strong></h4></td><td>For everything else, see the <a href="/pages/21r6MM6uyroIfX7xWHV5">Support</a> page for the fastest route to our team</td></tr><tr><td><h4><i class="fa-heart-pulse">:heart-pulse:</i> </h4><h4><strong>Service Status</strong></h4></td><td>Check live uptime and active incident reports at <a href="https://service-status.helvia.ai/">service-status.helvia.ai</a></td></tr></tbody></table>

{% hint style="success" %}
You now have a map of how Helvia protects your data, the certifications behind the platform, and the safeguards built into the AI.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.helvia.ai/security/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.