Automate bulk messaging for promotions, alerts, and updates - Explore

Contact us

Security & Compliance Overview

Effective Date: 9 May 2025

This Security & Compliance Overview (“Overview”) sets forth the data protection, security controls, compliance practices, and operational safeguards implemented by VivaConnect Private Limited (“Helo”, “we”, “our”, or “us”) in connection with the Helo.ai communications platform. This Overview is intended to demonstrate our ongoing commitment to the confidentiality, integrity, and availability of data entrusted to us by our Clients and their End Users.

1. Commitment to Security

Helo adopts a defense-in-depth model for security management, incorporating a combination of administrative, technical, and physical controls. Our internal security framework is designed in alignment with globally recognized standards, including ISO/IEC 27001.

Our Security Objectives:

  • Prevent unauthorized access to systems, data, and services;
  • Detect and respond to internal and external threats in real time;
  • Maintain data availability, business continuity, and disaster recovery readiness.

2. Infrastructure and Hosting

We operate on secure, cloud-native environments with distributed architecture, hosted on:

  • Amazon Web Services (AWS India) and Google Cloud Platform (GCP India);
  • Data residency located in certified data centers in Mumbai and Noida;
  • Encrypted communication channels using TLS 1.2 or higher;
  • Role-based access control (RBAC) aligned with the principle of least privilege;
  • Multi-region redundancy and failover capabilities to ensure high availability.

3. Data Security Controls

Helo implements robust data protection and monitoring controls, including:

  • Encryption: AES-256 or equivalent standards used for data encryption at rest and in transit;
  • Audit Logging: System activity, access attempts, and critical actions are logged for audit trails;
  • Backups: Daily encrypted backups with geographically distributed disaster recovery readiness;
  • Monitoring: Continuous monitoring using intrusion detection systems and automated threat alerts;
  • Segmentation: Logical and network segmentation between environments, tenants, and users.

4. Compliance & Legal Frameworks

Helo operates in compliance with various sector-specific and jurisdictional regulatory obligations, including:

  • DLT Compliance: Full compliance with Indian telecom regulations (TRAI) for SMS delivery;
  • Meta (WhatsApp Business Platform): Compliance with Commerce and Messaging Policies;
  • Google RCS: Integration via authorized messaging partners under Google's RCS framework;
  • Data Residency: All data is stored and processed within India unless explicitly agreed otherwise by the Client.

Note: Helo does not currently claim formal certification under GDPR or CCPA. However, we voluntarily apply equivalent principles of data minimization, lawful processing, and individual rights enablement.

5. Employee Access and Training

To mitigate insider risk and maintain operational security:

  • Access to client data is restricted to authorized personnel only, on a need-to-know basis;
  • All employees are contractually bound by non-disclosure agreements (NDAs);
  • Staff undergo regular security awareness training, including simulated phishing exercises and incident drills.

6. Vendor and Subprocessor Risk Management

We follow a formal due diligence process before engaging any third-party vendors:

  • Evaluation of technical, legal, and financial risks prior to onboarding;
  • Execution of Data Processing Agreements (DPAs) with all relevant subprocessors;
  • Ongoing monitoring of subprocessor compliance (see our [Subprocessors List] for details);
  • Periodic reassessments based on audit performance, threat landscapes, and service relevance.

7. Incident Response and Breach Notification

Our incident response protocols are designed for speed, transparency, and accountability:

  • 24/7 detection and escalation workflows for incident handling;
  • Triage and resolution based on severity classification;
  • Clients are notified of confirmed Personal Data Breaches within 72 hours, as contractually required;
  • All incidents are followed by a Root Cause Analysis (RCA) and documented mitigation plan.

8. Client Responsibilities

Clients are responsible for upholding certain aspects of platform security and compliance:

  • Maintaining control of login credentials, API tokens, and administrative access;
  • Ensuring that their use of the platform complies with applicable regulations (e.g., GDPR, HIPAA, local spam laws);
  • Uploading only authorized, compliant, and consented data to the platform for processing and transmission.

9. Audits and Certifications

Helo maintains internal compliance with security best practices and enables external transparency:

  • ISO/IEC 27001-aligned policies and internal documentation;
  • Engagement of independent experts for periodic penetration testing and risk assessments;
  • Clients may request compliance attestations, audit logs, or documentation with reasonable advance notice, subject to confidentiality obligations and scope limitations.

10. Contact Information

For any inquiries related to security, compliance, or incident reporting, please contact:
Email: info@helo.ai
Postal Address:
Vivaplex, C7, Street 22,
MIDC, Opp. Rolta Technology Park,
Andheri (East), Mumbai – 400093, India.

11. Definitions

  • "Client" means the business or legal entity using the Helo.ai platform under an active commercial agreement.
  • "Data Controller" refers to the entity that determines the purposes and means of processing Personal Data.
  • "Data Processor" means Helo, which processes Personal Data on behalf of the Controller in accordance with the DPA.
  • "Personal Data" refers to any information that relates to an identified or identifiable individual.
  • "Subprocessor" means any third-party vendor engaged by Helo to support data processing activities.
  • "Encryption at Rest/In Transit" refers to securing data using cryptographic algorithms while stored or transmitted.
  • "DLT" means Distributed Ledger Technology compliance required under Indian telecom law for message routing and consent validation.
  • "TLS" means Transport Layer Security, a protocol for encrypting internet communications.
  • "ISO/IEC 27001" refers to the international standard for information security management systems (ISMS).
  • "Root Cause Analysis (RCA)" means a structured review conducted post-incident to identify the origin of a fault or vulnerability.