TextExpander Security

Enterprise-grade security to keep your data safe.

We employ a number of different security features
and practices to protect you and your organization’s data.

SOC 2 and SOC 3

TextExpander maintains a SOC 2 and SOC 3 security certification, and our app and database servers run atop SOC 2 and SOC 3 certified infrastructure. TextExpander undergoes regular third-party independent security audits, and we can provide our SOC 2 and SOC 3 report upon request.


Data at rest is encrypted using AES-256. Data in transit is encrypted via TLS v1.2 or later. Rated A and A+ by SSL Labs (as of 2021-09-01).


GDPR-compliant. CCPA-compliant. We promptly handle privacy-related requests, including erasure (“right to be forgotten”). We list our sub-processors and the business purposes for which we employ them.


Security training is an important part of both onboarding new staff and continuing education. Staff with access to customer data undergo background checks. TextExpander is engineered using a secure software development lifecycle process.


TextExpander maintains detailed security policies, including but not limited to: Access Control, Backup & Restoration, Change Management, Data Integrity, Incident Management, Network Security, Risk Assessment, and Server Security.


TextExpander strives for no unscheduled downtime, and TextExpander performs its primary function (expanding snippets) even when offline. We’re transparent about our system status. We maintain business continuity and disaster recovery plans.

Have more security questions? Visit our Trust page.

Have a question about security? Ask us.

Have an ethical vulnerability report? Let us know.