Compliance & Legal Pulse
Single surface to verify legal-doc currency, compliance evidence, security program alignment, and incident-response readiness. Built for underwriting prep + audit response.
Active Admins
—
helpwin_admins WHERE active
Vendors Tracked
—
helpwin_vendor_dependencies
SMS Opt-outs
—
helpwin_sms_opt_outs (TCPA preserved)
Recent Purge Runs (30d)
—
helpwin_deletion_log
This dashboard reads from live tables. Numbers reflect the current production state. Last underwriting framing line: "HelpWin minimizes retained data to the smallest operational set needed to deliver website hosting, scheduling, lead management, payments, and notifications. We do not store unnecessary customer data, we purge stale records, and we want cyber and E&O coverage sized to the actual data footprint and service flow."
Deployed legal documents
Draft · attorney polish pending
Privacy Policy
helpwin site/privacy.html
View deployed
Draft · attorney polish pending
Terms of Service
helpwin site/terms.html
View deployed
Draft · attorney polish pending
Data Processing Addendum
helpwin site/dpa.html
View deployed
Draft v1 · pending counsel review
Acceptable Use Policy
L:/Businesses/HelpWin/docs/compliance/acceptable-use-policy.md
Not yet HTML-deployed; lives as markdown in repo.
Execution-ready (R3 + Exhibit C)
Operating Agreement
L:/Businesses/HelpWin/HelpWin-LLC-Operating-Agreement.md
Pending: signature + notarization, post-LLC filing.
Live · CIS Controls IG1 aligned
Cybersecurity Program
helpwin site/docs/runbooks/cybersecurity-program.md
Ohio Data Protection Act safe-harbor framing.
Compliance evidence map
Every claim in the deployed legal docs maps to a backing file or technical control. Full map at L:/Businesses/HelpWin/docs/compliance/compliance-evidence-map.md.
✓Multi-tenant RLS on every helpwin_* tablephase1_security_hardening.sql
✓Admin role data-driven via helpwin_admins20260503010000_helpwin_admins_table.sql
✓Webhook idempotency (Square)20260420054234_webhook_idempotency.sql
✓Anon-write blocked on bookings (default-deny RLS)20260428000100_close_anon_insert_bookings.sql
✓SMS consent + opt-out trackinghelpwin_sms_opt_outs + sms_consent column
✓Sentry PII scrubbing (phone / email / customer_name / IP)workers/sentry-config.js scrubPii()
✓Service-role key env-bound only on Workersverified 2026-05-02 via grep
✓CSP report-only deployed (refinement workflow)_headers + _worker.js
~Data retention policy: ARCHITECTURE done, IMPLEMENTATION partial (purge worker live, SUPABASE_SERVICE_KEY pending)data-retention-policy.md + helpwin-purge worker
~CORS tightening: 2 of 8 candidate workers tightened; rest are wildcard-by-design due to cross-origin client embedaudit finding 2.19
!Insurance bind: PENDING (R-503 catastrophic-impact gap, hard-gates first client per OA §14.1.1)Phase 5 deliverable
!Attorney polish on Privacy / Terms / DPA / AUPMonth 1 post-LLC filing
!Sentry alert rules: 6 rules from vendor-outage-playbook.md §2.3 not yet configuredPhase 1.5 (browser-required)
!External uptime monitor (UptimeRobot) not yet provisionedPhase 1.5 (browser-required)
Incident-response readiness
✓Consolidating IR runbook (6-stage flow + severity matrix + customer notification templates)incident-response.md
✓Disaster recovery runbook (multi-vendor / data loss / account compromise)disaster-recovery.md
✓Vendor outage playbook (per-vendor matrix)vendor-outage-playbook.md
✓Topical runbooks (13): billing-stopped, bookings-not-appearing, client-data-deletion, client-locked-out, database-recovery, secret-rotation, sms-not-delivering, worker-deployment-rollback, mfa-setup, security-awareness-training, workstation-hardening, asset-and-account-inventory, cybersecurity-programhelpwin site/docs/runbooks/
~First IR drill: tabletop exercise scheduled before client #1 onboardingfirst-100-days.md
!Quarterly IR tabletop cadence: not yet scheduledpost-launch
Compliance calendar
The HelpWin Compliance Calendar (Google Calendar) holds 27 unique events with VALARM blocks across [OA] [TAX] [LEG] [SEC] [INS] [OPS] categories. Notion HelpWin Compliance Dashboard mirrors always-on rules + decision tier reference + stub items.
Open Google Calendar
Open Notion Dashboard
Tax Aid tab