TextExpander Security

Enterprise-grade security to keep your data safe.

We employ a number of different security features and
practices to protect you and your organization’s data.

SOC 2 and SOC 3

TextExpander maintains a SOC 2 and SOC 3 security certification, and our app and database servers run atop SOC 2 and SOC 3 certified infrastructure. TextExpander undergoes regular third-party independent security audits, and we can provide our SOC 2 and SOC 3 report upon request.

Encrypted

Data at rest is encrypted using AES-256. Data in transit is encrypted via TLS v1.2 or later. Rated A and A+ by SSL Labs (as of 2021-09-01).

Standardized communication

GDPR-compliant. CCPA-compliant. We promptly handle privacy-related requests, including erasure (“right to be forgotten”). We list our sub-processors and the business purposes for which we employ them.

People

Security training is an important part of both onboarding new staff and continuing education. Staff with access to customer data undergo background checks. TextExpander is engineered using a secure software development lifecycle process.

Policy

TextExpander maintains detailed security policies, including but not limited to: Access Control, Backup & Restoration, Change Management, Data Integrity, Incident Management, Network Security, Risk Assessment, and Server Security.

Reliability

TextExpander strives for no unscheduled downtime, and TextExpander performs its primary function (expanding snippets) even when offline. We’re transparent about our system status. We maintain business continuity and disaster recovery plans.

HIPAA Compliance

TextExpander is compliant with HIPAA (Health Insurance Portability and Accountability Act) Security, Privacy, and Breach Notification rules. For more information, or if you require a BAA, you can learn more here.

Have more security questions? Visit our Trust page.

Have an ethical vulnerability report? Let us know.