Virtual Freelance Solutions
ServicesHow It WorksPricingResourcesSample DashboardContactBook a Discovery Call

Security & governance

Security, Access, and Support Governance

Working with an outsourced support team is a trust decision. This page lays out how VFS handles access, permissions, documentation, QA, escalations, and continuity for the brands we operate inside Shopify, Zendesk, Gorgias, and Help Scout — in plain language, no overpromises.

Tool access control

Agents access your stack through accounts you create and own. Credentials are never shared in plain text — access is provisioned per-user through your helpdesk, Shopify, and any third-party tools (Recharge, Klaviyo, Stripe, 3PL portals). Access is removed when an agent rolls off the account.

Role-based permissions

Permissions are scoped to the role. Agents get the minimum access required for their workflow — ticket handling, refunds within a policy threshold, address edits — and admin actions like discount creation, app installs, or staff management stay with the brand or a designated lead.

Client-approved SOPs

Every SOP — refund limits, dispute responses, supplier escalations, brand voice rules — is written with you and signed off before agents go live with it. Changes are versioned, dated, and reviewed in monthly ops sessions, so the operation only runs on rules you have approved.

QA review

A written QA rubric reviews a weekly sample of each agent's tickets — policy adherence, accuracy, tone, completeness, tagging. Low-CSAT and high-risk categories (refunds, disputes, escalations) are weighted heavier. Scorecards and coaching notes are shared with you.

Escalation rules

Documented escalation paths define what an agent handles, what goes to a team lead, and what is routed back to the brand. Edge cases, threats, legal mentions, and anything outside the approved SOP are flagged and escalated instead of guessed.

Documentation

SOPs, macros, escalation paths, and tagging conventions live in a shared knowledge base that you have access to. Nothing critical lives only in an individual's head — onboarding a new agent reuses the same source of truth.

Continuity planning

Pods are staffed with backup coverage, and SOPs are written so a trained agent can step in without losing context. Time-off, illness, and rotation are planned around so the queue does not stall when one person is out.

Data handling expectations

Agents work inside your tools — customer data stays in your Shopify, helpdesk, and supporting systems, not on local machines or personal accounts. We follow your data handling policy and any platform-specific rules (Shopify, Stripe, your helpdesk). We do not currently hold formal security certifications such as SOC 2 or ISO 27001 and will not claim otherwise.

What we don't claim

Honest about scope.

  • We do not currently hold SOC 2, ISO 27001, or HIPAA certifications. If your procurement requires them, tell us early so we can be honest about fit.
  • We do not offer legal indemnities around data handling beyond what is in the engagement agreement.
  • We do not guarantee specific CSAT, refund-rate, or dispute-win-rate outcomes. We commit to the operating rhythm — SOPs, QA, reporting — that supports those metrics.

How it works

See the full support operations model

Audit, SOP build-out, agent onboarding, QA, escalation, reporting, and continuous improvement.

Read more

Integrations

Tools we operate inside

Shopify, Zendesk, Gorgias, Help Scout, Recharge, Stripe, Klaviyo, and more — under your approved permissions.

See integrations

Talk to us

Have a specific access or governance question?

Book a discovery call and we'll walk through how access, SOPs, and escalations would be set up for your stack.

Book a discovery call