Security at Help Scout

Help Scout is committed to keeping your data secure, your private information private, and being transparent about our practices as a business. We are happy to work with our customers to answer any questions or address any concerns regarding how we protect their personal data. Below you will find general information and answers to many of our frequently asked questions regarding our security. 

General Security and Privacy Information

The engineering team at Help Scout monitors ongoing security and performance 24 hours a day, 365 days a year. The application is tested on an ongoing basis for security vulnerabilities and should any be found, patches and fixes are deployed quickly after discovery.

We also use a third party service to do PCI scans each quarter and penetration testing at least once a year. We can provide our latest scan and attestation of compliance upon request. Help Scout is also SOC 2 compliant, and we are happy to provide our SOC 2 report upon request — just ask our support team for more information.

All of our policies are publicly available: 

• Terms of Service: https://www.helpscout.com/company/legal/terms-of-service/
• Privacy Policy: https://www.helpscout.com/company/legal/privacy/
• Security: https://www.helpscout.com/company/legal/security/
• Data Processing Amendment (DPA): https://www.helpscout.com/company/legal/dpa/
• Cookie Policy: https://www.helpscout.com/company/legal/cookie-policy/
• List of Sub-processors: https://www.helpscout.com/company/legal/sub-processors/

Frequently Asked Questions

• Is Help Scout compliant with privacy regulations in my country? 

  We comply with major privacy regulations such as GDPR, UK-GDPR, as well as U.S. regulations like CCPA. We also continuously monitor updates across the globe to ensure our practices align with evolving standards. If you have specific compliance questions, please reach out to our team and be sure to specify which regulation you're inquiring about. 

• Can you sign my DPA? 

  We provide an executable version of our DPA but we are not able to sign custom DPAs. 

• Where are Help Scout's servers located?

  Help Scout is hosted on AWS servers in the United States. We have customers all over the world. We evaluate every new sub-processor before implementation, you can find a list of subprocessors here: https://www.helpscout.com/company/legal/sub-processors/

• Is Help Scout HIPAA compliant?

  You can find full details about our HIPAA support at Help Scout and HIPAA.

• How does someone else know I'm using Help Scout? 

  Targeted marketing in the current world of technology is easier than ever! If your team received marketing outreach that indicates they know you're using Help Scout, they have gathered this information without access to our customer database. Data mining tools such as Built With are able to show the details about your website components and email services by scraping publicly available DNS records and your website's code. If you have created any DNS records — such as CNAME or SPF records — that point to Help Scout servers from your domain, you're linking to a Help Scout Docs site from your website, or you have added a Beacon to your website, they can see that you're using Help Scout.