Trust & Security

Authentication & access

Helpty accounts are protected by email/password and Google sign-in. Each account's CRM data (clients, deals, listings, tasks, documents, commissions) is scoped to the owner and any team members they explicitly invite. Database row-level security policies enforce that scoping on every read and write — not just in the browser.

Subscription enforcement

Write access to CRM data requires an active or in-trial subscription. The check runs in the database, so it cannot be bypassed by editing the client.

Hosting & encryption in transit

Helpty runs on managed cloud infrastructure. All traffic between your browser and Helptyis served over HTTPS/TLS. Document and listing-photo uploads are stored in private buckets and are accessed through short-lived signed URLs that expire automatically.

Subprocessors

Helpty relies on a small set of vendors to operate the service:

• Lovable Cloud (Supabase) — application database, authentication, file storage.
• Paddle — Merchant of Record for subscriptions, billing, taxes, and refunds.
• Email delivery provider — transactional emails sent from notify.helpty.site.

Data you put in & retention

You own the data you upload to Helpty. We store it only to operate the service for you. Public listing pages and open-house sign-in pages only expose listings you have explicitly marked as public. You can delete records you create at any time from inside the app.

Privacy requests

To request a copy of your data, correction, or deletion of your account, email AnastasiaTroshechkina@gmail.com. See our Privacy Notice for full details.

Reporting a security issue

If you believe you have found a security vulnerability in Helpty, please email AnastasiaTroshechkina@gmail.com with details and steps to reproduce. Please do not publicly disclose the issue until we have had a chance to address it.