Security — HeyBen

Security at HeyBen

We take the protection of your data and your clients' data seriously. Here's how we approach it.

🔒
Encryption

All data encrypted in transit via TLS and at rest using AES-256.

🏗️
Secure Infrastructure

Hosted on SOC 2 Type II compliant cloud infrastructure with regular audits.

👤
Access Controls

Role-based access, multi-factor authentication, and audit logging throughout.

Data Encryption

All data transmitted between your browser and HeyBen is encrypted using TLS 1.2 or higher. Data stored on our servers — including uploaded documents, ticket data, and account information — is encrypted at rest using AES-256 encryption.

Infrastructure & Hosting

HeyBen is hosted on cloud infrastructure provided by industry-leading providers that maintain SOC 2 Type II compliance, physical security controls, and redundant availability zones. Our infrastructure is designed for high availability and data durability.

Access Controls

  • Role-based access control limits what each user can see and do within the platform
  • Multi-factor authentication (MFA) is available for all accounts
  • Administrative access to production systems is restricted to authorized personnel only
  • All access to sensitive systems is logged and auditable
  • Principle of least privilege applied to all internal system access

Payment Security

All payment transactions are processed by Xendit, a licensed payment service provider regulated by the Bangko Sentral ng Pilipinas (BSP). HeyBen does not store full card numbers, CVV codes, or bank credentials on our servers. Payment data is handled entirely within Xendit's PCI-DSS compliant environment.

Data Handling Practices

HeyBen is designed as a benefits operations tool for broker service teams. It is not designed or intended to store protected health information (PHI). Users are instructed not to include PHI such as diagnosis codes, medical records, or claim numbers in service requests or communications.

Uploaded knowledge base documents (plan guides, SBCs, etc.) are stored securely and used only to power AI responses within your account. We do not use your uploaded content to train models for other customers.

A note on compliance: HeyBen is not currently certified as a HIPAA-compliant platform. We are actively working toward formal compliance certifications. Our data processing practices are designed to comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173). If you have specific compliance requirements, please contact us at [email protected] to discuss your needs.

Vulnerability Management

  • Regular security reviews and dependency audits
  • Automated vulnerability scanning on application code and dependencies
  • Prompt patching of known vulnerabilities upon identification

Incident Response

We maintain an incident response plan to detect, contain, and remediate security incidents. In the event of a data breach affecting your account, we will notify you in accordance with the requirements of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, including notification to the National Privacy Commission (NPC) where required.

Employee Security

  • Security awareness training for all personnel
  • Background checks for employees with access to production systems
  • Strict access controls and audit logs for all privileged operations

Contact Us

To report a security vulnerability or ask questions about our security practices, contact us at [email protected]. We take all security reports seriously and will respond promptly.

You may also write to us at: YourFunnelGuy Marketing OPC, Apitong St. Evergreen Executive Village, Antipolo City, Rizal, Philippines 1870.

This page was last updated April 2026. Security practices are reviewed and updated regularly.