Improving your writing while prioritizing security
We go beyond basic data encryption and offer an alternative way to process data – on your company server. Our clientele comes from security-focused domains: government, banking and finance, healthcare, legal services. Explore the measures we take to safeguard your data and trust.
Security and data privacy compliance
Meeting the highest standards for data privacy and security.
GDPR
We adhere to GDPR regulations and maintain transparency in our data processing practices. For more information on our handling of personal data, please read our Privacy Policy.
HIPAA
To ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), we strongly advise clients to explore our on-premises solution. With this option, all client data remains entirely within their environment, giving them full control.
SOC 2 and ISO/IEC 27001
While we do not currently have official security certifications, our operations are in strong alignment with ISO/IEC 27001. We conduct thorough self-assessment and enforce stringent security protocols as part of our commitment to robust security practices.
Product development
Rest assured that texts you transmit to our services aren’t collected. We only retain anonymized statistics for improving our service—no personal or sensitive information.
Besides, we align with secure industry guidelines like OWASP for product development. We regularly scan for vulnerabilities and conduct annual penetration testing using industry best practices to identify and resolve foreseeable attacks and abuse scenarios.
We prioritize annual security and data training for our team, covering protection, privacy, and measures to keep staff security awareness. This commitment maintains a secure environment, upholding data protection standards.
Best security practices
Continuous availability and product evolution are key, but our unwavering focus is on safeguarding data security and privacy.
Robust infrastructure provider
WebSpellChecker hosts its product infrastructure with a multitenant, outsourced cloud computing infrastructure provider—Amazon Web Service (AWS). We leverage AWS’s Application Load Balancer (ALB) along with Virtual Private Cloud (VPC) to help secure our network perimeter.
Data privacy
WebSpellChecker collects and processes user data in strict compliance with GDPR and LGPD and alike data privacy standards enforced globally with similar regulations. Personal data is shared only with user consent, and we do not sell it.
Data encryption
Data in transit is secured using the TLS 1.3 protocol. Data at rest is encrypted using AES-256 and stored on AWS S3 until it is anonymized and deleted.
Self-hosted deployment
The on-premises aka standalone version involves deploying the application within the client's infrastructure, which can be a private cloud or on-premises servers. Contact us to learn more.
Frequently asked questions
Where are your cloud servers located?
Our infrastructure is hosted on Amazon Web Services (AWS) in the Northern Virginia region in the United States.
Is there an option to remove/delete data on the client's request?
Our cloud-based service automates data anonymization and deletion. Clients seeking greater control over data processing may find our self-hosted version better suited to their needs.
Does your product need or collect PII (personal identifying information)?
We collect certain PII (first and last name, email, and telephone number) for account creation and communication. Additional PII or sensitive information may be received via user content or support channels. Notably, we do not collect end-user PII as we don't authenticate them in the service. Our data collection adheres to legal requirements, including GDPR, and is limited to the text processed or checked by the service.
Do you scan information systems for vulnerabilities with automated tools regularly?
Yes, we employ automated tools to regularly scan our information systems for vulnerabilities, both in our cloud environment and for our standalone packages, such as JFrog Xray, AquaSec Trivy, Arachni.
Does your organization follow industry standards or regulatory mandates (e.g., OWASP)?
Our product and services adhere to industry-standard guidelines and regulations, ensuring security, data protection, and accessibility. These include OWASP for web security, GDPR for data privacy, Section 508 and WCAG for accessibility, and ISO 27001 for information security.
Does your team receive security/data training regularly?
We prioritize security and data training, conducting annual sessions for our entire team. These cover crucial topics like data protection and privacy, keeping our team up-to-date on security procedures. This commitment is fundamental to maintaining a secure environment and upholding data protection standards.
Can’t find the answer you’re looking for? Please chat to our team.
Ready to give WProofreader product portfolio a go?
Test drive WebSpellChecker's secure spelling and grammar check solutions right away.
