Security
Security Overview
HelloBonjour is designed to protect appointment operations, customer records, intake, payments, AI-assisted workflows, and business operations with practical controls for modern service businesses.
Last updated June 2026
Data protection
Sensitive operational and customer data is protected with application-level controls, encrypted transport, protected storage patterns, encrypted sensitive-field storage where implemented, and limited access by role and purpose.
Access controls
Dashboard access supports authenticated user accounts, role-aware workflows, multi-factor authentication for privileged and sensitive workflows, business membership controls, support-access approval, and account-level language preferences.
Payments
Payment workflows rely on supported payment processors. HelloBonjour avoids storing raw card details and uses processor-backed payment method handling where card-on-file or payment collection features are enabled.
Operational safeguards
We use sanitized logging, rate limiting, secure upload handling, authenticated record and file access checks, audit logs, retention workflows, import preview steps, and internal review patterns to reduce accidental exposure and abuse.
AI and regulated data
AI, SMS, voice, and website-knowledge features include guardrails for booking scope and regulated-data posture. Public AI is blocked by default for regulated-data businesses unless deliberately enabled with the right approvals.
Compliance status
The product includes controls and evidence templates that support readiness work, but this overview is not a certification statement. HIPAA, PIPEDA, PHIPAA, Law 25, and SOC 2 claims require legal scope decisions, vendor agreements, operating evidence, and auditor review where applicable.
Responsible disclosure
If you believe you found a security issue, contact security@hellobonjour.ca with enough detail for us to investigate.