Textline is committed to controlling security risks and protecting customers. Our security team employs coordinated strategies to ensure data security is prioritized.
Textline’s data is encrypted in transit and at rest. All HTTP traffic is encrypted using Secure Socket Layer (SSL) connections, and traffic is only accepted on port 443. Textline’s SSL status can be verified here. All data and associated keys stored at rest in our databases are encrypted using the industry-standard AES-256 algorithm. Static files, such as images and other documents, are persisted using AWS S3 storage and encrypted before being stored.
All application traffic is proxied through Cloudflare using a Full (strict) SSL/TLS end-to-end encrypted connection, utilizing origin certificates to ensure non-repudiation of the application’s source. All of Textline’s application and database storage is safely contained within Amazon Web Services’ (AWS) infrastructure, which is accredited by ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), and PCI Level 1. More information about AWS security can be found here.
Textline continuously monitors its infrastructure-as-a-service (IAAS), software-as-a-service (SAAS) environments, and web application to detect potential security incidents in real time. Our security staff quickly responds to security alerts using the U.S. Department of Energy’s six-step process for incident handling.
Textline employees must be explicitly authorized to access company information systems before access is permitted. Access is strictly provisioned according to job function and is removed upon a change in job function or termination. Multifactor authentication is enforced for all Textline employees.
Textline uses third-party testers to identify web vulnerabilities. If web vulnerabilities are found, we fix the vulnerability, and third party testers confirm successful remediation.
Textline performs thorough background checks on all new employees to ensure that customer data is handled with care.