Information Security

Information security is a top priority atHello Customer. Hello Customer is an ISO27001 certified company, and we are proud to provide a state-of-the-art SAAS product in a secure environment. 

ISO 27001

Hello Customer is an ISO/IEC 27001:2013 certified organisation. The ISO 27001 standard helps us manage the processes and procedures that guarantee the security of our products and services. You can find our public ISO27001 certificate here.

Data & GDPR

Hello Customer provides a strictly isolated environment for each customer. That means that your data is never combined with that of other customers. All data is encrypted both at rest (AES-256) and in transit (SSL/TLS).

The Hello Customer external and internal API’s data handling is based on privacy-first principles, retaining only the information that is needed to provide our features.

In addition, our system puts you in control of the lifecycle of each participant/respondent inside the Hello Customer platform. That means that you have control over the creation and deletion of
any item,
allowing you to handle data retention not only in accordance with GDPR, but also your company’s policies.

Infrastructure Security

Our systems run on Microsoft Azure. The Hello Customer systems are hosted inside data centers located in Amsterdam, Netherlands and DublinIrelandMicrosoft maintains a high level of security, including the following certifications:

  • SOC 1 / ISAE 3402
  • SOC 2
  • SOC 3
  • FISMA, DIACAP, and FedRAMP
  • CSM Levels 1-5
  • PCI DSS Level 1
  • ISO 9001 / ISO 27001

The (s)FTP(s) server runon a virtual private cloud, in which internal components are fully shielded from outside access in accordance with the principle of least privilege. 

Each customer environment is accessible only through a dedicated domain (https://xxxxx.hellocustomer.app, controlled by a secure gateway into the VPC. If desired, security measures such as IP whitelisting can be applied to your customer-specific domain to further shield access from the outside world.

Hello Customer periodically undergoes black box penetration testing, conducted by an independent third party on a yearly basis. In addition, we work together with our customers to set up an additional pentest in case this is preferred. A high-level overview of the outcomes of previous pentests is available to our customers upon request.

Application Security

The internal and external API’s are available through HTTPS only. Authentication and authorisation are provided through the OAuth 2.0 protocol, which allows for secure, scoped access to different functionalities offered by the platform.

Authentication is provided by Auth0, which has attained broad information security certification as well.

Secure Development

With our products being developed further every
day, our focus is on
delivering added value for our customers and code quality. That means we put a strong emphasis on secure development procedures. Hello Customer leverages unit-, integration- and end-to-
end test suites, ensuring that all
functionality is tested thoroughly on every code change.

Secure development goes beyond just shipping
good quality code: it also means
monitoring existing functionality closely to detect any remaining areas for improvement. Each production deployment has an active health checking system and a detailed error logging system is in place.

Internal Security

Hello Customer maintains an employee handbook for information security, which is part of the onboarding process and revisited periodically during refresher sessions.

This handbook includes best-practice policies for passwords, device management, information storage... All authorisations, procedures and practices are reviewed quarterly.

Contact information

For general questions about our system, infrastructure and information security, please reach us at meetus@hellocustomer.com. For inquiries related specifically to data protection and privacy, you can sent an email to dpo@hellocustomer.com