WebSpellChecker security center

We are dedicated to improving your writing while prioritizing security. That’s why we go beyond basic data encryption and offer an alternative way to process data – on your company server. Our clientele comes from security-focused domains: government, banking and finance, healthcare, legal services.

Explore the measures we take to safeguard your data and trust.

Request our security whitepaper

Compliance with security and data privacy standards

GDPR

We adhere to GDPR regulations and maintain transparency in our data processing practices. For more information on our handling of personal data, please read our Privacy Policy.

HIPAA

To ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), we strongly advise clients to explore our on-premises solution. With this option, all client data remains entirely within their environment, giving them full control.

SOC 2 and ISO/IEC 27001

While we do not currently have official security certifications, our operations are in strong alignment with ISO/IEC 27001. We conduct thorough self-assessment and enforce stringent security protocols as part of our commitment to robust security practices.

Photo by Brooke Cagle on Unsplash

Secure product development

Rest assured that texts you transmit to our services aren’t collected. We only retain anonymized statistics for improving our service—no personal or sensitive information.

Besides, we align with secure industry guidelines like OWASP for product development. We regularly scan for vulnerabilities and conduct annual penetration testing using industry best practices to identify and resolve foreseeable attacks and abuse scenarios.

We prioritize annual security and data training for our team, covering protection, privacy, and measures to keep staff security awareness. This commitment maintains a secure environment, upholding data protection standards.

Best security practices we follow for service provision

Continuous availability and product evolution are key, but our unwavering focus is on safeguarding data security and privacy.

Robust infrastructure provider

WebSpellChecker hosts its product infrastructure with a multi-tenant, outsourced cloud computing infrastructure provider — Amazon Web Service (AWS). We leverage AWS’s Application Load Balancer (ALB) along with Virtual Private Cloud (VPC) to help secure our network perimeter.

Data privacy

WebSpellChecker collects and processes user data in strict compliance with GDPR and LGPD and alike data privacy standards enforced globally with similar regulations. Personal data is shared only with user consent, and we do not sell it.

Data encryption

Data in transit is secured using the TLS 1.3 protocol. Data at rest is encrypted using AES-256 and stored on AWS S3 until it is anonymized and deleted.

On-premise deployment

The on-premise aka standalone version involves deploying the application within the client's infrastructure, which can be a private cloud or on-premise servers. Contact us to learn more.

Frequently asked questions

Where are your cloud servers located?

Our infrastructure is hosted on Amazon Web Services (AWS) in the Northern Virginia region in the United States.

Is there an option to remove/delete data on the client's request?

Our cloud-based service automates data anonymization and deletion. Clients seeking greater control over data processing may find our on-premise version better suited to their needs.

Does your product need or collect PII (personal identifying information)?

We collect certain PII (first and last name, email, and telephone number) for account creation and communication. Additional PII or sensitive information may be received via user content or support channels. Notably, we do not collect end-user PII as we don't authenticate them in the service. Our data collection adheres to legal requirements, including GDPR, and is limited to the text processed or checked by the service.

Do you scan information systems for vulnerabilities with automated tools regularly?

Yes, we employ automated tools to regularly scan our information systems for vulnerabilities, both in our cloud environment and for our standalone packages, such as JFrog Xray, AquaSec Trivy, Arachni.

Does your organization follow industry standard guidelines or regulatory mandates in the development and operation of your product (OWASP etc)?

Our product and services adhere to industry-standard guidelines and regulations, ensuring security, data protection, and accessibility. These include OWASP for web security, GDPR for data privacy, Section 508 and WCAG for accessibility, and ISO 27001 for information security.

Does your team receive security / data training regularly?

We prioritize security and data training, conducting annual sessions for our entire team. These cover crucial topics like data protection and privacy, keeping our team up-to-date on security procedures. This commitment is fundamental to maintaining a secure environment and upholding data protection standards.

Ready to give our secure product portfolio a go?

Want to test drive WebSpellChecker's secure spelling and grammar check solutions?

Try it now