Skip to content
← Trust center

Last updated:

Summary

Helios is an AI-native Work OS. Because the AI operates the same UI your team does, our security model has to be tight at every layer — not just at the front door. This page is the long version. The shorter business-facing version is at /trust.

We hold ourselves to: every action audit-logged, every permission scoped, every AI session traceable, every secret rotated, and every external claim (/compliance) verifiable. If something on this page is wrong, please tell us at security@heliosworks.com.

1. Authentication

Methods shipped today

  • Email + password — Better-Auth backed; argon2id hashing.
  • Passkeys (WebAuthn) — full passkey enrollment + sign-in flow.
  • Two-factor authentication — TOTP, backup codes, email OTP, push 2FA (stable API contract).
  • OAuth providers — Google, GitHub, Microsoft, Apple, Discord.
  • OIDC SSO — generic OpenID Connect for any conforming IDP (Okta, Auth0, Keycloak).
  • SAML 2.0 — full samlify-backed SP with /api/auth/saml/login, /acs, /metadata endpoints.
  • LDAP / Active DirectoryPOST /api/ldap-signin with group → role sync.
  • Magic-link sign-in — env-gated for orgs that prefer passwordless.
  • Trusted devices — remember-this-device flag with revocable history.

Session handling

  • HttpOnly, SameSite=lax, Secure cookies (HSTS via Cloudflare in front).
  • Session cookie cache enabled with 60-second maxAge for hot-path speed. requireAuth still re-resolves impersonation + role on every request.
  • Force-revocation (iam.user.revokeSessions) takes effect within 60 seconds; aggressive flows can call auth.api.revokeSession() to clear the cookie immediately.
  • New-device alerts include geo (city-precision via Cloudflare headers).
  • Login history viewable per user; admin can revoke any session.

Auth provider configuration

Provider credentials live in platform_settings.auth_config (jsonb, root-only writable). NOT in .env. Rotate from the SaaS console without redeploying.

2. Authorization (IAM)

The unbreakable rule: every user-performable operation has a permission key. Policies are objects, not inline checks.

  • Permission catalog — every permission registered in packages/auth/src/roles.ts with a one-line description. Visible to admins in Settings → Permissions.
  • Standard role blueprints — Owner / Admin / Manager / Employee / Client. Seeded per org. Editable.
  • Custom roles — bundle permissions however you want. Set as default for a user type or assign per-user.
  • Scope suffixes:own / :team / :any. List handlers use these to scope query results, not just gate calls.
  • platform:* permissions — root-only, never granted to tenant roles by blueprint.
  • Audit log — every permission grant / revocation logged.

3. AI security

Per the /ai architecture page:

  • AI tokens are separate from user sessions. 24-hour default expiry. Rate-limited independently. Revocable per session.
  • AI inherits the delegating user’s permissions. Cannot escalate. Cannot impersonate. Cannot create API keys.
  • Dangerous actions (dangerous: true) require explicit confirmation. No bypass.
  • Every AI call records actor_type='ai', the delegating actor_id, the session_id, the input_hash, the output_hash, and the IP.
  • AI cannot run raw SQL. Cannot access the filesystem. Cannot make HTTP calls outside the action registry.
  • Prompt injection: system prompts are loaded from code (not the DB) so they can’t be poisoned. User-supplied text is delimited before being fed to the AI.

4. Encryption

In transit

  • TLS 1.3 everywhere. Cloudflare in front; HSTS preloaded.
  • WebSocket connections use wss://.
  • Outbound email signed with DKIM per tenant.

At rest

  • Database disk encryption (managed by the Postgres provider).
  • Per-row secrets storage uses AES-256-GCM with envelope keys.
  • File attachments stored encrypted in S3-compatible object storage.

Key management

  • Envelope keys rotated quarterly.
  • Platform secrets in a managed secrets manager (AWS Secrets Manager / Vault for self-hosted).
  • .env is gitignored and never logged. Auth provider credentials live in platform_settings.auth_config, not .env.

5. Audit log [#audit]

Every state-changing action writes one immutable row to audit_log. Includes:

  • actor_typeuser, ai, or system.
  • actor_id — for AI calls, the delegating user.
  • session_id — for AI calls, the AI session.
  • input_hash + output_hash — for deterministic replay.
  • ip + user_agent.
  • The exact action invoked (e.g. recruitment.offer.send) and the diff of state changed.

Retention

  • Free tier: 90 days.
  • Starter: 1 year.
  • Business: 3 years.
  • Enterprise: 7 years + export API.

6. Dangerous actions [#dangerous-actions]

Out of the box, the following action classes are marked dangerous: true:

  • Any outbound message-send: email.outbound.send, support replies, recruitment offers.
  • Any deletion: module.entity.delete.
  • Payroll finalize + disbursement.
  • Account merges, permission grants, role assignments.
  • Org-level destructive ops: saas.organization.delete, iam.user.revokeSessions.

You can mark additional actions dangerous per org via the SaaS console.

7. Vulnerability disclosure [#vulnerability-disclosure]

If you find a vulnerability, please email security@heliosworks.com with:

  1. A description of the issue and its impact.
  2. Reproduction steps (proof-of-concept welcome).
  3. Your name / handle if you’d like to be credited.

We commit to acknowledging within 24 hours and to a status update within 5 business days. We don’t have a paid bounty program yet; we credit responsible disclosure on this page once the issue is fixed.

8. Sub-processors

We list every third-party that processes customer data at /sub-processors, with the country, the data processed, and the contract type. Changes to the list are published 30 days in advance via the changelog.

9. Compliance roadmap

  • GDPR — operational (data subject requests, DPA self-serve at /dpa).
  • HIPAA mode — operational; gates session timing, audit detail, encryption requirements per org.
  • SOC 2 Type II — readiness on roadmap. Phrased honestly: we run the controls; we have not yet completed an audit. We will not say “SOC 2 certified” until we are.
  • ISO 27001 — under evaluation for 2026.

See /compliance for the full breakdown.

10. Reporting an incident

Customer-impacting incidents are posted to status.heliosworks.com within 15 minutes of detection, with updates every hour until resolved. A post-incident review is published in the changelog within 14 days.

Subscribe to our changelog.

One email every ~2 weeks. Honest product notes, no marketing pitches.

We email you only when there's something honest to say. Unsubscribe in one click.