Here at Linguix, we believe businesses should always control all their data. Our system can run within your intranet as an on-premise solution. Linguix is compliant with HIPAA Security, Privacy, and Breach Notification rules.
Here, we’ll explain the details of secure data transfer, storage, and processing by Linguix’ state-of-the-art cloud infrastructure.
Linguix applications
Linguix comes in a wide range of client-level apps, to suit many different platforms:
At Linguix, we base our server infrastructure on a best in its class, highly secure, cloud platform. This in turn is hosted by United States-based Digital Ocean. Only a few of our servers and network ports can be accessed from the Internet. These accessible servers are protected by a firewall and load balancers. Everything that processes user data is operated in Linguix’s private network. That network is based inside our highly secure cloud platform.
Text processing software
Linguix processes that analyze text have three main components:
Data remains encrypted, both when it is being transferred to our service, and in storage:
The data for each Linguix user is kept segregated from other user’s data. Users must log into their own Linguix account in order to access their data. This way, all requests for client data must be authenticated and authorized.
Data remains encrypted, both when it is being transferred to our For our customers that require additional security and privacy in order to ensure compliance with local regulations, like GDPR, we provide on-premise installations.
This option assumes that:
At Linguix, our contractors, full, and part-time employees must comply with rigorous security protocols if they can access our internal systems. They also must comply if they have access to Linguix offices.
All employees are required to agree to, and follow, Linguix’s Internal Data Security and Privacy policies before they can access internal systems.
Then, they are required to take privacy and security training every year.
This training discusses many different privacy and security topics, which include acceptable data use, phishing and social engineering, policies governing the use of company-owned devices, and malware-prevention techniques. We also cover our physical security protocols and incident-reporting procedures.
After an employee stops working at LInguix, their access to Linguix systems is immediately revoked by the IT department. This process is standardized, and includes the disabling of all accounts.
At Linguix, we have a professional security team. Members include both in-house employees and security consultants, and this team owns and runs the Linguix security program. The overall security level is supported through several initiatives and best practices:
Linguix will always respond to bug reports by careful triage and an efficient resolution. Customers who want to conduct their own penetration tests of our applications may request permission. They simply need to contact their Linguix account representative.
At Linguix, our development and platform teams leverage industry-leading services to determine personnel roles and access policies, perform the management of accounts, certificates, encryption and keys.
They also practice careful trade secret management, collect and monitor security logs, and maintain firewalls and network access permissions.
Code is logged into a version control system. All code changes are peer reviewed and integration tested.
All applications, libraries and other development products are scanned for known vulnerabilities. Any required fixes are made promptly. All development teams have a regular schedule of security reviews with our security and platform team.
Any time an employee gains access to any Linguix internal systems, authentication is required. Our internal system authentication is managed through single-sign-on, combined with mandatory 2-factor authentication.
At Linguix, only company-managed devices can connect to our corporate network. Our company observes the principle of least privilege. All requests for access to internal systems are documented and approved by the managers and service owners affected. Linguix management regularly conducts reviews of employee access to any systems that hold or process customer data. If an employee no longer needs this access to perform their work, then access is revoked.
As outlined in Linguix’s Privacy Policy, our company carefully observes the privacy of user data.
Since we are committed to the principles of the GDPR, Linguix will never collect personal data without a lawful reason. We also limit the amount of data collected and processed, then delete the data when it is no longer needed to provide services to the client and improve our services.
These uses are outlined in Linguix’s Privacy Policy. Users are able to request the data we have on them by clicking this link. Linguix customers can also remove their personal data from our files at any time. This requires logging into the account, navigating to the Settings page, and deleting the account.
Enterprise customers who wish to delete their account should contact their account representative. In addition, Linguix has various policies and technical controls that keep employees from gaining unauthorized access to customer data which is stored or processed by Linguix.
Production systems have strict access control, so only the engineers who develop and maintain those systems can gain access. This is necessary to ensure that our services are reliable and running. All our production-related systems that employ user content are kept in separate infrastructure from other Linguix services. When it is necessary to access these systems, Linguix uses private keys and ensures only authorized employees work on these sensitive areas.
Sometimes, Linguix may track anonymized, aggregate statistics by website domain. However, we don’t collect user-specific browsing history from our customers, but respect their privacy. When a customer uses the browser session to edit text, Linguix does need to know what website is being used, so it can use domain-specific services and writing suggestions.
This information, which can include web server access logs or IP addresses, is only kept for a limited time and to allow specific services, such as fraud prevention, to be provided.
For some services and functions, Linguix does use several third-party vendors. These include server hosting, email, customer support, and analytics. Before using a particular vendor, Linguix ensures they employ adequate security.
Linguix also makes sure that the GDPR is adhered to by ensuring that user information is removed from third-party systems when there is no longer a legal reason to retain it. Most importantly of all, Linguix does not sell or rent personal consumer data.