WebSpellChecker security center
We are dedicated to improving your writing while prioritizing security. That’s why we go beyond basic data encryption and offer an alternative way to process data – on your company server. Our clientele comes from security-focused domains: government, banking and finance, healthcare, legal services.
Explore the measures we take to safeguard your data and trust.Request our security whitepaper
Compliance with security and data privacy standards
To ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), we strongly advise clients to explore our on-premises solution. With this option, all client data remains entirely within their environment, giving them full control.
SOC 2 and ISO/IEC 27001
While we do not currently have official security certifications, our operations are in strong alignment with ISO/IEC 27001. We conduct thorough self-assessment and enforce stringent security protocols as part of our commitment to robust security practices.
Secure product development
Rest assured that texts you transmit to our services aren’t collected. We only retain anonymized statistics for improving our service—no personal or sensitive information.
Besides, we align with secure industry guidelines like OWASP for product development. We regularly scan for vulnerabilities and conduct annual penetration testing using industry best practices to identify and resolve foreseeable attacks and abuse scenarios.
We prioritize annual security and data training for our team, covering protection, privacy, and measures to keep staff security awareness. This commitment maintains a secure environment, upholding data protection standards.
Best security practices we follow for service provision
Continuous availability and product evolution are key, but our unwavering focus is on safeguarding data security and privacy.
Robust infrastructure provider
WebSpellChecker hosts its product infrastructure with a multi-tenant, outsourced cloud computing infrastructure provider — Amazon Web Service (AWS). We leverage AWS’s Application Load Balancer (ALB) along with Virtual Private Cloud (VPC) to help secure our network perimeter.
WebSpellChecker collects and processes user data in strict compliance with GDPR and LGPD and alike data privacy standards enforced globally with similar regulations. Personal data is shared only with user consent, and we do not sell it.
Data in transit is secured using the TLS 1.3 protocol. Data at rest is encrypted using AES-256 and stored on AWS S3 until it is anonymized and deleted.
The on-premise aka standalone version involves deploying the application within the client's infrastructure, which can be a private cloud or on-premise servers. Contact us to learn more.
Frequently asked questions
Our infrastructure is hosted on Amazon Web Services (AWS) in the Northern Virginia region in the United States.
Our cloud-based service automates data anonymization and deletion. Clients seeking greater control over data processing may find our on-premise version better suited to their needs.
We collect certain PII (first and last name, email, and telephone number) for account creation and communication. Additional PII or sensitive information may be received via user content or support channels. Notably, we do not collect end-user PII as we don't authenticate them in the service. Our data collection adheres to legal requirements, including GDPR, and is limited to the text processed or checked by the service.
Yes, we employ automated tools to regularly scan our information systems for vulnerabilities, both in our cloud environment and for our standalone packages, such as JFrog Xray, AquaSec Trivy, Arachni.
Our product and services adhere to industry-standard guidelines and regulations, ensuring security, data protection, and accessibility. These include OWASP for web security, GDPR for data privacy, Section 508 and WCAG for accessibility, and ISO 27001 for information security.
We prioritize security and data training, conducting annual sessions for our entire team. These cover crucial topics like data protection and privacy, keeping our team up-to-date on security procedures. This commitment is fundamental to maintaining a secure environment and upholding data protection standards.