Last updated: 8 June 2019
At Twimo, we take the security of your data very seriously. This Security Practices document lists the technical, administrative and organisational measures taken by Twimo to safeguard your data and prevent unauthorised access.
InfrastructureTwimo runs on global, best-in-class infrastructure that provides you and the Customer with high levels of availability. Our Services are hosted on infrastructure provided by Subprocessors with long track records of infrastructure security, stringent safeguards and certifications. You can find more information about our Subprocessors here.
Data TransmissionsWe ensure that all your sessions are encrypted. Twimo uses SSL/TLS certificates to create a secure HTTPS connection between your browser and our servers to encrypt all data in transit.
Customer Data BackupsThe protection of Customer Data is a top priority for us. We regularly backup Customer Data on our Services. Backups are run on a daily, weekly and monthly basis. Please note that we do not retain backups of Customer Data beyond a month.
Software InfrastructureWe regularly update our software infrastructure to keep our operating systems, software packages and applications current for production use. We maintain server, application and access logs that provide information pertaining to security, monitoring, availability, access, performance and other information about the functioning of our Services. Our infrastructure is set up for monitoring of critical resources and to alert us of unusual or problematic activity that might need intervention.
Application DesignOur Services are designed keeping the integrity and confidentiality of Customer Data as the central consideration. No one outside your teams can see your profile or Personal Information. No one outside your team has access to the team’s Customer Data.
Activities performed by Users on each element of Customer Data is logged and reported to all the Users in the team via the “Notifications and Team Activity” page within the team for transparency and accountability.
All Customer Data pertaining to a team is deleted when the team is deleted from the Services. The backups that contain Customer Data will cease to exist beyond a month.
Engineering ProcessesAll changes to the Twimo Services, including the introduction of new features or functionality, bug fixes, design changes, software upgrades, etc., go through stringent and detailed code reviews, peer-reviews, unit tests and system tests before they are deployed to production. These reviews and tests always include a mandatory requirement to ensure that the security of Customer Data and our Services remains intact.
Personnel & Confidentiality UndertakingsWe have strict controls in place for access to Customer Data and access is only permitted to certain Twimo employees on a need-to-access basis. Twimo ensures that all employees and contract personnel sign agreements or undertakings that include confidentiality obligations relating to Customer Data that are at least as stringent as those by which we are bound.
SHARED RESPONSIBILITYSecurity is a shared responsibility. You help make the Services secure for yourself, the Customer and all of our users and customers by ensuring that you protect your User Account, use strong and unique passwords, secure your devices, respect the confidentiality of the Customer Data and any other information you access on the Services, share such information only with its intended audience, and follow the User Terms in letter and principle.
AN ONGOING JOURNEYWhen it comes to data security, the goalposts are ever shifting. Given the nature of communications and technology, Twimo cannot guarantee that data, during transmission or when stored on our systems or Services or otherwise in our care, will be absolutely safe from intrusion by others. You can, however, rest assured that we will keep making improvements on a continuous basis to the Services to make them more secure for you and your data.
CONTACTIf you have any questions about our Security Practices, you can email us at firstname.lastname@example.org.