Security White Paper
At Linguix, we protect our client applications with secure, cloud-based infrastructure. This ensures that information is processed quickly and reliably. Always seeking to improve our product, we upgrade our architecture to make the program faster, develop better algorithms, and keep user data safe.
We consider the trust of our customers mission-critical, and place a top priority on user privacy and security.
This document should help you understand how our system is set up, and how we ensure customer security.
Here, we’ll explain the details of secure data transfer, storage, and processing by Linguix’ state-of-the-art cloud infrastructure.
Linguix comes in a wide range of client-level apps, to suit many different platforms:
- ➤ Browser extensions: Google Chrome, Safari, Mozilla, and Edge are all supported.
- ➤ Linguix Web App, which can be used in most browsers.
- ➤ Desktop apps for Mac and Windows.
- ➤ Mobile Keyboards for iOS and Android.
At Linguix, we base our server infrastructure on a best in its class, highly secure, cloud platform. This in turn is hosted by United States-based Digital Ocean. Only a few of our servers and network ports can be accessed from the Internet. These accessible servers are protected by a firewall and load balancers. Everything that processes user data is operated in Linguix’s private network. That network is based inside our highly secure cloud platform.
Text processing software
Linguix processes that analyze text have three main components:
- ➤ Authentication: Linguix users must login with a username and password, or sign in through their Apple, Google, Facebook or Twitter accounts.
- ➤ Document editor. This allows users to create, edit and save their documents in Linguix.
- ➤ Processing: This manages the data connections between client apps, and returns writing corrections and suggestions.
Data encryption and management
Data remains encrypted, both when it is being transferred to our service, and in storage:
- ➤ Connections between client applications and our processing infrastructure are encrypted with current technology (including SSL/TLS 1.2) while remaining compatible with client-supported cipher suites.
- ➤ Our databases, data storage and backups are encrypted when not in use, using the standard AES-256 algorithm.
The data for each Linguix user is kept segregated from other user’s data. Users must log into their own Linguix account in order to access their data. This way, all requests for client data must be authenticated and authorized.
Data remains encrypted, both when it is being transferred to our For our customers that require additional security and privacy in order to ensure compliance with local regulations, like GDPR, we provide on-premise installations.
This option assumes that:
- ➤ The customer will get a dedicated server with own Linguix installation.
- ➤ The custom version of Linguix web app, browser extension for — Chrome that will work only with this dedicated server.
- ➤ No shared access will be possible, the customer's data will be stored on a server in Hetzner Gmbh data center in Germany.
- ➤ Content processed via browser extensions will not be saved in the system even on the on-premise server, only documents stored within the web app, will be visible to corporate admins.
- ➤ The maintenance of this on-prem installation will be performed by Linguix engineers within the support contract.
- ➤ How we protect against internal threats
How we protect against internal threats
Security policies and training
At Linguix, our contractors, full, and part-time employees must comply with rigorous security protocols if they can access our internal systems. They also must comply if they have access to Linguix offices.
All employees are required to agree to, and follow, Linguix’s Internal Data Security and Privacy policies before they can access internal systems.
Then, they are required to take privacy and security training every year.
This training discusses many different privacy and security topics, which include acceptable data use, phishing and social engineering, policies governing the use of company-owned devices, and malware-prevention techniques. We also cover our physical security protocols and incident-reporting procedures.
After an employee stops working at LInguix, their access to Linguix systems is immediately revoked by the IT department. This process is standardized, and includes the disabling of all accounts.
Linguix’s security program
At Linguix, we have a professional security team. Members include both in-house employees and security consultants, and this team owns and runs the Linguix security program. The overall security level is supported through several initiatives and best practices:
- ➤ Developers are trained in information security and secure development practices.
- ➤ The team conducts design and code reviews, with the purpose of detecting potential security vulnerabilities.
- ➤ Firewalls, website security certificates and other measures are carefully managed.
- ➤ Keep security-related event logs, and maintain the tools for analyzing those logs.
- ➤ Implement a secure deployment and monitoring platform, as well as patching up Linguix production services when needed.
- ➤ Device protection tools and services are carefully managed.
- ➤ Penetration testing is conducted regularly
- ➤ Manage vulnerability scanning tools
- ➤ Audits are coordinated, and security certifications are kept current.
- ➤ Predetermined incident reporting procedures are carefully followed.
- ➤ Security related customer inquiries are responded to.
- ➤ Vendor security profiles are reviewed and approved.
Linguix will always respond to bug reports by careful triage and an efficient resolution. Customers who want to conduct their own penetration tests of our applications may request permission. They simply need to contact their Linguix account representative.
Secure software development
At Linguix, our development and platform teams leverage industry-leading services to determine personnel roles and access policies, perform the management of accounts, certificates, encryption and keys.
They also practice careful trade secret management, collect and monitor security logs, and maintain firewalls and network access permissions.
Code is logged into a version control system. All code changes are peer reviewed and integration tested.
All applications, libraries and other development products are scanned for known vulnerabilities. Any required fixes are made promptly. All development teams have a regular schedule of security reviews with our security and platform team.
How we protect data
Authorizing employee access
Any time an employee gains access to any Linguix internal systems, authentication is required. Our internal system authentication is managed through single-sign-on, combined with mandatory 2-factor authentication.
At Linguix, only company-managed devices can connect to our corporate network. Our company observes the principle of least privilege. All requests for access to internal systems are documented and approved by the managers and service owners affected. Linguix management regularly conducts reviews of employee access to any systems that hold or process customer data. If an employee no longer needs this access to perform their work, then access is revoked.
Customer data privacy
Since we are committed to the principles of the GDPR, Linguix will never collect personal data without a lawful reason. We also limit the amount of data collected and processed, then delete the data when it is no longer needed to provide services to the client and improve our services.
Enterprise customers who wish to delete their account should contact their account representative. In addition, Linguix has various policies and technical controls that keep employees from gaining unauthorized access to customer data which is stored or processed by Linguix.
Production systems have strict access control, so only the engineers who develop and maintain those systems can gain access. This is necessary to ensure that our services are reliable and running. All our production-related systems that employ user content are kept in separate infrastructure from other Linguix services. When it is necessary to access these systems, Linguix uses private keys and ensures only authorized employees work on these sensitive areas.
Sometimes, Linguix may track anonymized, aggregate statistics by website domain. However, we don’t collect user-specific browsing history from our customers, but respect their privacy. When a customer uses the browser session to edit text, Linguix does need to know what website is being used, so it can use domain-specific services and writing suggestions.
This information, which can include web server access logs or IP addresses, is only kept for a limited time and to allow specific services, such as fraud prevention, to be provided.
How we share data with third-party vendors
For some services and functions, Linguix does use several third-party vendors. These include server hosting, email, customer support, and analytics. Before using a particular vendor, Linguix ensures they employ adequate security.
Linguix also makes sure that the GDPR is adhered to by ensuring that user information is removed from third-party systems when there is no longer a legal reason to retain it. Most importantly of all, Linguix does not sell or rent personal consumer data.