Your data is private, protected, and never used for model training.

HeyHelp is built with enterprise-grade security across every layer, from authentication to data storage to AI model handling.

Google Verified App

HeyHelp is a Google Verified App, meaning it meets Google’s strict security and data-handling requirements for Gmail integrations.

Verification includes:

• Independent security review
• Compliance with Google’s OAuth and API policies
• Ongoing monitoring and periodic re-verification

You connect securely through Google’s official OAuth flow. HeyHelp never stores your Google password or credentials.

Zero Training on Your Emails

We never train any third-party AI model on your emails, your drafts, your content, or any personal data.

Your data is:

• Never shared with AI providers for training
• Never accessible to other users or systems

Every AI request is handled in a stateless, isolated, non-retained environment.

Secure by Design

We apply a multi-layer, best-practice approach to security:

Encryption

• Encryption at rest and in transit
• Encrypted OAuth tokens stored with industry-standard protections

Authentication

• Google OAuth for login
• No passwords stored by HeyHelp
• Automatic token rotation & revocation

Infrastructure

• Hosted on secure, hardened cloud infrastructure (GCP)
• Private VPC, strict firewalling, and least-privilege access
• Automated security patching and continuous monitoring

Access Controls

• Internal access restricted to a minimal number of senior engineers
• Logged, audited access patterns
• No access to user email content except for processing purposes

AI Model Safety

HeyHelp uses multiple AI models (native + optional Gemini, Anthropic, ChatGPT via BYOK), all integrated with strict isolation:

• Each model call is independent and stateless
• Email content is discarded immediately after processing
• No prompt or output is stored unless you save it inside Gmail
• Tokens are handled without third-party markup or reselling

For BYOK (Bring Your Own Key) users:

• Your API keys are encrypted and never leave our environment
• Requests are routed directly to your chosen model provider
• HeyHelp never intercepts, logs, or stores model responses

Compliance & Best Practices

HeyHelp follows industry-standard frameworks and design principles including:

• SOC 2 aligned internal practices
• CASA Tier 2 compliance for Google Workspace security
• GDPR-aligned data management
• Regular internal security reviews

Your Data, Your Control

You can disconnect HeyHelp at any time.

Disconnecting immediately revokes all tokens and access to your Gmail account.

We do not maintain access after disconnection — all access is handled exclusively by Google’s OAuth system.

Need a security review or DPA?

We support:

• Security questionnaires
• Vendor assessments
• Data Processing Agreements (DPA)
• Custom contractual terms for Enterprise users

Contact: [security@heyhelp.ai]()

Trust is the foundation of HeyHelp

We built HeyHelp to be the most secure AI assistant for Gmail, reliable for individuals and robust enough for teams.

Updated on: 01/12/2025