Skip to main content
Security

Your data is safe with us

We take security seriously. Here is how we protect your business data, payments, and personal information.

Encryption everywhere

  • In transit: All connections are encrypted. Every page and API call is served over HTTPS.
  • At rest: Your data is encrypted in our databases and backups.
  • Secrets: API keys and credentials are stored in secure vaults, never in source code.

EU-based hosting

  • Data residency: Your data is hosted in the EU (Frankfurt region) and stays within the European Economic Area.
  • Backups: Automated daily backups with point-in-time recovery, stored separately from production.
  • DDoS protection: Edge-level protection against distributed denial-of-service attacks.

Payment security

  • Powered by Stripe: All payments are processed through Stripe, a PCI DSS Level 1 certified provider. We never see or store your card details.
  • Strong authentication: Card payments use Strong Customer Authentication (SCA) for an extra layer of verification.

Account security

  • Secure sign-in: Passwords are securely hashed. Google sign-in is available for passwordless access. Accounts lock after repeated failed attempts.
  • Protection built in: Industry-standard defences against cross-site scripting, injection, and session attacks.

GDPR and your data rights

  • GDPR compliant: We process personal data lawfully and transparently. You can request access, correction, or deletion at any time.
  • Data export: Export your contracts, invoices, and time entries as PDFs whenever you want. Your data is never held hostage.
  • Data retention: After account deletion, your data is retained for 90 days (in case you change your mind), then permanently deleted.
  • Cookie consent: Granular, opt-in cookie consent following ICO and PECR guidelines. Analytics and chat are off by default.

Responsible disclosure

Found a security issue? We appreciate responsible disclosure. Please email us directly and we will respond within 48 hours.

security@hellonoa.com
Privacy Policy Cookie Policy Terms of Service

Security questions

Where is my data stored?

Your data is hosted in the EU (Frankfurt region) and stays within the European Economic Area. We use encrypted databases with automated daily backups and point-in-time recovery.

Do you sell or share my data?

No. We never sell, share, or monetise your data. Your information is used solely to provide HelloNoa's services. We comply fully with GDPR and the UK Data Protection Act.

How are payments secured?

All payments are processed through Stripe, a PCI DSS Level 1 certified provider. We never see or store your card details. Card payments use Strong Customer Authentication (SCA) for extra verification.

Can I export or delete my data?

Yes. You can export your contracts, invoices, and time entries as PDFs at any time. If you delete your account, data is retained for 90 days in case you change your mind, then permanently deleted per GDPR.

Is HelloNoa GDPR compliant?

Yes. We process personal data lawfully and transparently. You can request access, correction, or deletion at any time. Our cookie consent follows ICO and PECR guidelines — analytics and chat are off by default.

Lawyer-reviewed templates included

Ready to try HelloNoa?

Your data is safe. Your contracts are lawyer-reviewed. Your payments are protected by Stripe.

Start free Explore the journey
No card required
Free Starter plan
Upgrade anytime