Data security is critical for organizations, period. And with the explosion of data and reporting all over the world, securing sensitive information is not just important, it’s non-negotiable. Data security breaches have serious consequences for businesses - including legal action, financial penalties, and reputational damage.
In a recent study by Cisco, 94% of organizations reported they would reduce, or even stop interacting with organizations if their data was not adequately secured; this translates to the critical need for robust data protection.
As a leading solution for reporting auomation, BI Helper's infrastructure and workflows have been designed to ensure the security of your data at each stage of the process, enabling you to focus on using your data, rather than worrying about its safety.
This blog explores BI Helper's comprehensive security measures, answering key questions about data access, cloud infrastructure, payment security, and compliance standards. With BI Helper, you can be confident that your data is secure all the way from user login to report delivery.
Table of Contents
- Does BI Helper Access and Store My Data?
- How Does BI Helper Filter Reports Without Full Data Access?
- What Compliance Standards Does BI Helper Meet?
- How Does BI Helper Ensure Payment and Account Security?
- How Does BI Helper Handle Secure Email Distribution?
- DMARC Compliance for Authentication
- TLS Encryption for Data Transmission
- S/MIME and PGP for Advanced Encryption
- BI Helper’s Security Features at a Glance
Does BI Helper Access and Store My Data?

BI Helper is designed to work with minimum customer data access and retention. BI Helper opens your Power BI report in embedded read-only mode, applies filters to it, and produces PDFs. It has no access to your Power BI data model or to its underlying data sources.
Bi Helper handles data storage in different licensing plans as follows:
- Standard License: No data is stored. All PDFs are automatically deleted after they are emailed.
- Premium and Enterprise Licenses: PDFs are encrypted to AES 256 standards and stored is the user's S3 bucket. They are only accessible to authenticated users for 5 days via our SFTP server and deleted thereafter.
How Does BI Helper Filter Reports Without Full Data Access?

BI Helper uses Microsoft OAuth2 integration to fetch an access token for your Power BI report. The above schematic shows the handshake protocols to make the connection between the application (BI Helper) and your Power BI report.
OAuth2 tokens are encrypted in BI Helper using the industry-standard AES 256 protocol, which is not human-readable. They are decrypted solely during job execution, providing an additional layer of security against unauthorized access.
What Compliance Standards Does BI Helper Meet?

Keeping user data secure begins with being compliant with security standards like SOC 2 and HIPAA.
- SOC 2 Compliance: BI Helper runs periodic SOC 2 audits to test its application controls for security, availability, and confidentiality.
- HIPAA Compliance: BI Helper executes Business Associate Agreements (BAAs) with healthcare industry clients to ensure that they (and we!) are compliant with HIPAA regulations.
How Does BI Helper Ensure Payment and Account Security?

BI Helper incorporates multiple layers of security to protect user credentials and payment information:
- Multi-Factor Authentication(MFA): This ensures that no unauthorized access will be granted to the platform.
- Payment Processing: All payment transactions are covered by PCI-compliant third-party providers, ensuring proper handling of sensitive financial data.
- Session Security: BI Helper uses cookie theft protection to authenticate each session login, preventing unauthorized access.
How Does BI Helper Handle Secure Email Distribution?
Report distribution via email is a critical component of automated workflows. BI Helper uses Amazon Simple Email Service (SES) to ensure secure and reliable email delivery.
1. DMARC Compliance

BI Helper provides its clients with the ability to configure branded sending domains. This helps centralize the Mail From domain while increasing email deliverability and removing the 'sent via amazonses.com' routing. Authentication protocols like SPF and DKIM protect against email spoofing, ensuring that the origin of outgoing mail is legitimate.
2. TLS Encryption

To safeguard email transmissions, BI Helper employs opportunistic TLS encryption by default. This ensures that emails are encrypted whenever possible during transmission. For enterprise users with stricter security requirements, mandatory TLS can be enforced, guaranteeing encryption for all outgoing messages and maintaining the confidentiality of sensitive information.
3.S/MIME and PGP Options

BI Helper supports advanced encryption methods such as S/MIME and PGP for securely delivering highly sensitive reports. These methods ensure that only the intended recipients with the appropriate decryption keys can access the contents of the emails, offering an additional layer of protection for confidential communications.
BI Helper’s Security Features at a Glance
Application Security: OAuth2, MFA, Cookie Theft Protection, CSRF Protection, SSL Certification
Infrastructure Security: AWS VPC, private subnets, Guard Duty, Security Hub, and WAF monitoring
Data Encryption: AES 256 encryption for storage, client-configured keys for additional security
Email Security: DMARC compliance, TLS encryption, S/MIME, and PGP email options
Compliance Standards: SOC 2, HIPAA compliance, AWS Cloud adherence
Ready to secure your reporting processes? Start your journey with BI Helper today.