At Parahelp, we prioritize enterprise-level data privacy and security. We understand the importance of the data you entrust to us, and we handle it with the utmost care.

To demonstrate our commitment to data security and privacy, we have partnered with Drata to become SOC 2 Type II certified for our security measures.

Furthermore, we have partnered with Merge to securely handle all integrations to your ticketing system. Merge is a trusted integration provider used by companies like Gong and Drata. Merge holds SOC 2 Type II, ISO 27001, and HIPAA certifications. Merge is also compliant with GDPR and CCPA. For more information about Merge’s security measures, see https://trust.merge.dev/ and https://help.merge.dev/en/articles/5389408-merge-data-encryption-and-storing-standards/.

Security Measures

Customer data

• Parahelp does not store any personal information.

• When processing tickets and associated ticket comments from your ticketing system vendor (e.g., Intercom, Zendesk), we may process personal information if present and applicable in ticket comments. Since Parahelp is not fully SOC 2 Type II verified yet, we have partnered with Merge to handle all ticketing-related data. Merge holds SOC 2 Type II, ISO 27001, and HIPAA certifications. Merge is also compliant with GDPR and CCPA. Parahelp only temporarily processes ticket comments from Merge when analyzing and generating AI responses. Parahelp does not store any ticket comments in our databases.

• Our database is managed by Planetscale, which is SOC 2 Type II certified. See, https://planetscale.com/features/security

  • Default data regions:

    • US, Virginia (us-east-1)

      • Europe, Ireland (eu-west-1)

• We can provide a dedicated database instance for customer data at an additional cost.

AI processed customer data

• We encrypt all AI-processed customer data at rest and in transit using TLS. We remove PII information from all AI-processed data. We do this with AI and redact personal data including but not limited to email address, address, name, etc. Furthermore, we never process or store attachments, including but not limited to images, PDFs, videos, audio files, etc.

• Pinecone manages our vector databases. See https://www.pinecone.io/security/. Pinecone holds SOC II Type 2 and HIPAA certifications and complies with GDPR.

  • Default data regions:

    • US, Virginia (us-east-1)

    • Europe, Ireland (eu-west-1)

  • Pinecone data is stored in single-tenant indexes.

• Algolia manages our keyword-search databases. See https://www.algolia.com/distributed-secure/security-compliance/. Algolia holds SOC II Type 2 and HIPAA certifications and is compliant with GDPR.

  • Default data regions:

    • US, Virginia (us-east-1)

    • Europe, Germany (eu-central-1)

  • Algolia data is stored in single-tenant indexes.

• We might temporarily store recent and ongoing tickets and associated comments assigned to Parahelp for logging and debugging purposes. For logging, we utilize Langfuse. See https://langfuse.com/docs/data-security-privacy. Langfuse holds SOC2 and ISO27001 and is also compliant with GDPR.

  • Default data regions:

    • US, Northern California (us-west-1)

    • Europe, Germany (eu-central-1)

Privacy Measures

• For our Privacy Policy, see https://parahelp.com/privacy-policy.

• For Data Subject Access Request, please contact us at: anker@parahelp.com

• We can provide a DPA (Data Processing Agreement) and subprocessor list upon request.

Compliance Measures

• GDPR: Compliant. DPA (Data Processing Agreement) is available upon request.

• SOC 2 Type II: We have partnered with Drata to become SOC 2 Type II certified.

AI and Safety

* We never use customer data to train any general AI models.

* We can enforce ZDR (Zero Data Retention) for all AI inference upon request.

Contact Us

If you have any questions or want to notify us of any security-related matters, please do not hesitate to contact us at: anker@parahelp.com