Security Policy Overview
We understand the importance of data security for our customers. ClickHelp employs procedural and technological measures designed to help protect customer data from loss, unauthorized access, disclosure, alteration, or destruction. Measures include encryption, access controls, network protections, logging and monitoring, and secure software development practices. We also apply internal restrictions to limit who inside the company may access data based on role and business need.
Hosting & Facilities
ClickHelp uses high-quality, secure hosting providers with multiple layers of physical and environmental protection (e.g., multi-redundant network connections, access controls, surveillance, fire detection/suppression, and power redundancy).
Our platform is engineered for high availability; current service-level targets are stated in our Terms of Use. Customers can review our key hosting providers on the Trust page.
Data Security (Encryption in Transit)
All portal endpoints are accessible **only** over **HTTPS/TLS (TLS 1.2+)**. ClickHelp-managed domains enforce HTTPS. For custom domains, a valid TLS certificate is **required before activation**. HTTP access is not permitted; until a certificate is installed, a portal remains accessible via a ClickHelp-managed HTTPS domain.
Data Isolation
Our multi-tenant architecture isolates each customer’s portal and data at the storage and application layers. Each portal uses its own logical data container; data is never shared between accounts.
Account Access Security
Account access for Authors and Power Readers is protected by authentication controls.
- Passwords must meet the minimum requirements defined in our **Password Policy** (length and complexity are enforced).
- Passwords are salted and stored using industry-standard one-way hashing algorithms.
- MFA is required for employee access to company systems; SSO/MFA is supported and recommended for customers.
- Credentials are transmitted only over HTTPS/TLS.
Data Usage, Subprocessors, and Ownership
Customers own the content they upload to their portals and are responsible for content licensing. ClickHelp does not sell customer data. We engage vetted subprocessors under our Data Processing Addendum (DPA) to operate and secure the Service; such processors act on our instructions and under contract.
Optional AI features (if enabled by a customer) may transmit limited content to third-party AI providers for processing; these providers are contractually bound to confidentiality and do not use data for model training.
Payment Data
ClickHelp does not store or process payment card information. All payments are handled by our third-party payment processing and e-commerce partners.
Data Backups & Recovery
Portal database backups are performed daily and retained in accordance with our Backup Policy. Backup data is encrypted using AES-256. Backup status is monitored; failures trigger alerts and incident response. Disaster recovery and business continuity procedures are defined and tested periodically.
Additional Measures
We apply least-privilege access, change management with peer review, environment separation (dev/staging/production), logging and monitoring of key systems, vulnerability management, and regular employee security awareness training. Security incidents are handled under our Incident Response Plan, with customer notifications as required.
Contact
Security questions or reports: support@clickhelp.com. Responsible disclosure guidelines are available in our Responsible Disclosure Policy.
Features OverviewFeature-rich cloud platform for your technical writing needs.
User Guides and ManualsCreate professional user guides and software manuals.
