Live Chat Visual Assist Platform Pricing Documentation Security
Sign in Request access
Email Security

Encrypted vault. Searchable cache.
Zero plaintext at rest.

Per-tenant envelope encryption, OAuth-scoped access with minimal permissions, and cryptographic verification on every inbound delivery. Your email data is locked down at every layer.

Visual Assist Live Chat Email
Message encryption

Envelope encryption. Per-tenant keys. Zero plaintext at rest.

Every email body is encrypted before storage using a per-tenant data encryption key (DEK). The primary database never holds plaintext message content.

Per-tenant keys

Wrapped DEKs

Each organization gets its own data encryption key, stored encrypted and unwrapped only at runtime.

AES-256-GCM

Unique IV per message

Every message encrypted with a cryptographically random 12-byte IV. Tampered ciphertext fails decryption.

Separated layers

Ciphertext + search split

Database stores only ciphertext. A separate, isolated search index enables full-text queries.

Key rotation

Zero-downtime

Old and new DEKs coexist via versioning. Rotation generates a new key without re-encrypting existing messages.

Secure Email

Send sensitive data without exposing it

Secure Email keeps the message body and attachments in an encrypted vault. The recipient gets a notification, verifies their identity, and reads the content in a protected thread.

Encrypted vaultMessage content and attachments are encrypted at rest. Nothing sensitive lands in the recipient's mailbox.
Email verificationRecipients verify their identity via email before content is revealed. No account required.
Time-limited accessConfigurable expiry. After the window closes, the secure thread is no longer accessible.
Full audit trailEvery view, download, and reply is logged with timestamp, IP, and device. Complete chain of custody.
OAuth & token security

Scoped access. Encrypted tokens. Instant revocation.

Gmail integration requests the mailbox scope required for SMTP-based shared inbox delivery. Refresh tokens are encrypted at rest and rotated automatically.

SMTP-capable scope

mail.google.com

Gmail requires the full mail scope for SMTP XOAUTH2. Used only for connected inbox sync, send, and labels.

Token encryption

AES-256-GCM

Refresh tokens are encrypted at rest before storage. Plaintext tokens never persist.

Auto-rotation

Refresh cycle

When Google issues a new refresh token, helpr replaces the old one atomically.

Per-inbox revocation

Instant disconnect

Tokens are revocable per-inbox. Disconnecting immediately invalidates all stored credentials.

Inbound security

Verified delivery. Sanitized HTML. Remote images controlled.

Inbound email is delivered via authenticated push notifications. Every delivery is cryptographically verified before processing.

Cryptographic verification

  • RS256 signature validation on every inbound delivery
  • Issuer and audience claims verified on each request
  • Expired or malformed tokens rejected immediately
  • Replay protection via monotonic history tracking

Content sanitization

  • Scripts and event handlers stripped from HTML
  • Dangerous protocols (javascript:, data:) removed
  • External images blocked to prevent tracking pixel IP leaks
  • Quoted text stripped before encrypted storage
Access controls

Per-inbox permissions. Role-based visibility.

Email inboxes support granular access controls so agents only see the conversations they should. Visibility is enforced at every layer — API, WebSocket, and UI.

  • Per-inbox agent access: organization, team, or restricted
  • Inbox member roles control who can configure vs. reply
  • Sidebar visibility scoped to assigned inboxes only
  • Conversation assignment limits visibility to assigned agents
  • Admin override for full inbox access when needed
  • Access changes take effect immediately across all sessions
Inbox membershipAgents must be explicitly added to an inbox before they can see its conversations. No default access.
Visibility tiersThree levels — org, team, and restricted — control who sees each inbox in the sidebar and search.
Data lifecycle

Soft delete. Grace period. Hard purge.

Deleted email data follows a controlled lifecycle. Nothing disappears instantly and nothing lingers forever.

  • Soft delete with 60-day grace period for recovery
  • Search index purged immediately on deletion
  • Ciphertext permanently removed after grace period
  • Inbox deletion cascades to all conversations and messages
  • Attachments cleaned up with parent messages
  • Audit trail preserved with redacted identifiers post-deletion
Soft deleteDeleted conversations retained for 60 days. Search index purged immediately. Accidental deletions can be recovered.
Hard purgeAfter 60 days, a scheduled job permanently removes all ciphertext, IVs, and key references.
FAQ

Frequently asked questions

Are email bodies encrypted?
Yes. Every email body is encrypted with AES-256-GCM using a per-tenant data encryption key (DEK) before storage. There is zero readable email content in the database at rest.
What Gmail permissions does helpr request?
Helpr requests the Gmail mail.google.com scope because Gmail SMTP XOAUTH2 requires it for per-recipient outbound delivery. We use it only for the connected inbox: sync, send, labels, and delivery tracking.
Can helpr read my entire mailbox?
No. Helpr only processes new messages that arrive after the account is connected. Historical messages are not bulk-imported.
How does Secure Email work?
When you send a secure email, the message body and attachments are stored in an encrypted vault. The recipient receives a notification email with a link. They verify their identity via email, then read and reply in a protected thread. Nothing sensitive ever sits in their mailbox.
What happens if I disconnect an email account?
Disconnecting immediately revokes stored OAuth tokens and stops inbound sync. Existing conversations remain encrypted. You can optionally delete all associated conversations.
How are OAuth tokens protected?
OAuth refresh tokens are encrypted with AES-256-GCM before storage. Tokens are automatically rotated when Google issues replacements, and can be revoked instantly per-inbox.

Questions about security?

Contact our security team for architecture reviews, compliance documentation, or penetration test coordination.

Contact security team Request access