Yes. Enterprise clients operating in jurisdictions with specific data transfer requirements can request a DPA. Contact info@whitehelmet.com.

No. WhiteHelmet does not use client-uploaded project data to train AI models without explicit written consent.

Your data remains accessible during any post-cancellation grace period defined in your contract. After this period, data is securely deleted unless otherwise agreed. Contact your account manager for specifics.

WhiteHelmet's AI-generated outputs, including compliance analyses, reports, and observations, are intended to support internal decision-making. They do not constitute certified professional or legal advice. Clients are responsible for verifying outputs with qualified professionals before formal submissions.

WhiteHelmet uses end-to-end encryption, role-based access controls, multi-factor authentication, and continuous monitoring. In the event of a confirmed breach, affected clients are notified in accordance with applicable law.

WhiteHelmet follows OWASP methodology for global security standards and adheres to the National Cybersecurity Authority (NCA) requirements in the Kingdom, and is SOC 2 Type II certified, independently audited based on the AICPA's Trust Services Criteria covering Security, Availability, and Confidentiality.