Security
Last updated: June 17, 2026
At HelpMeWrite, we take the security of your account and data seriously. This page explains the security measures we have in place to protect your information and professional communications.
๐ HTTPS encrypted
๐ก๏ธ Supabase authentication
๐ณ PCI-compliant payments
๐ค Claude AI by Anthropic
๐ Vercel global CDN
Infrastructure security
๐
HTTPS encryption
All data transmitted between your browser and HelpMeWrite is encrypted using TLS (Transport Layer Security). We enforce HTTPS across all pages and API endpoints โ unencrypted connections are not permitted.
๐
CDN & DDoS protection
HelpMeWrite is hosted on Vercel's global edge network, which includes built-in DDoS protection, automatic failover, and 99.99% uptime SLA across global data centres.
๐
Automatic security updates
Our infrastructure dependencies are regularly updated to address known security vulnerabilities. We monitor security advisories and apply patches promptly.
๐
Security monitoring
We monitor our systems for unusual activity, failed authentication attempts, and other security indicators. Alerts are reviewed promptly by our team.
Authentication & account security
HelpMeWrite uses Supabase for authentication โ a trusted, open-source backend platform used by thousands of production applications worldwide.
- Password hashing: Passwords are never stored in plain text. All passwords are hashed using bcrypt before storage โ even we cannot read your password.
- Secure session management: Authentication sessions use secure, httpOnly cookies with short expiry windows. Session tokens are rotated regularly.
- Email verification: New accounts require email verification before access is granted, preventing account creation with invalid or stolen email addresses.
- Brute force protection: Repeated failed login attempts trigger automatic rate limiting and temporary lockouts to prevent brute force attacks.
- Secure password reset: Password reset links are single-use, time-limited tokens sent to your verified email address.
Recommendation: Use a unique, strong password for your HelpMeWrite account. We recommend using a password manager.
Payment security
HelpMeWrite uses Stripe for all payment processing โ one of the world's most trusted payment platforms.
- PCI DSS Level 1 compliant: Stripe is certified to PCI DSS Level 1, the highest level of payment security certification.
- We never store card data: Your credit card number, CVV, and expiry date are never transmitted to or stored on HelpMeWrite's servers. All card data is handled entirely by Stripe.
- Tokenization: Stripe uses tokenization โ your payment details are replaced with a secure token that can only be used by HelpMeWrite for your subscription.
- 3D Secure: Where required by your bank, Stripe supports 3D Secure (additional verification step) for extra protection on card payments.
AI & data handling
HelpMeWrite generates emails using Claude, Anthropic's AI model. Here's how your data is handled in the AI pipeline:
- What we send to Anthropic: When you generate an email, we send your profession selection, email type, and the context you provide (your description of what you need) to Anthropic's Claude API.
- What we don't send: We do not send your email address, account details, payment information, or email history to Anthropic.
- Anthropic's data policy: Anthropic does not use API inputs and outputs to train their models by default. For details, see Anthropic's Privacy Policy.
- No email sending: HelpMeWrite generates email copy only. We never have access to your email account, inbox, or outbox.
- Email history storage: Emails you generate are stored in our Supabase database, encrypted at rest, and only accessible to your account.
Data storage & encryption
- Encryption at rest: All data stored in our Supabase database is encrypted at rest using AES-256 encryption.
- Encryption in transit: All data transmitted between our services uses TLS 1.2 or higher.
- Data location: Our primary database is hosted in the United States (Supabase, AWS us-east-1). By using HelpMeWrite, you consent to your data being stored in the US.
- Backups: Supabase performs automated daily backups with point-in-time recovery, ensuring data durability.
Third-party security
We carefully select our third-party providers and only work with services that maintain strong security standards:
- Supabase โ SOC 2 Type 2 certified, HIPAA compliant infrastructure (Security details)
- Stripe โ PCI DSS Level 1, SOC 1 and SOC 2 certified (Security details)
- Anthropic โ Enterprise-grade AI infrastructure with data protection commitments (Privacy policy)
- Vercel โ SOC 2 Type 2 certified hosting with global security monitoring (Security details)
Your security responsibilities
Security is a shared responsibility. To keep your account secure, we recommend:
- Use a strong, unique password for your HelpMeWrite account
- Do not share your account credentials with others
- Log out of HelpMeWrite on shared or public computers
- Be cautious of phishing emails claiming to be from HelpMeWrite โ we will never ask for your password by email
- Contact us immediately if you suspect unauthorised access to your account
Security vulnerability disclosure
We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue in HelpMeWrite, please report it to us at hello@helpmewrite.email before making it public. We commit to:
- Acknowledging your report within 48 hours
- Investigating the issue promptly and keeping you informed
- Crediting responsible disclosures publicly (if you wish)
- Not taking legal action against researchers who follow responsible disclosure guidelines
Contact
For security questions, concerns, or vulnerability reports, contact us at hello@helpmewrite.email. For urgent security matters, please mark your email subject line with [SECURITY].