Security at Trint

At Trint, we have always made our customers’ data security and privacy a priority. Our automated transcription software handles very important and confidential audio and video files and produces equally important and confidential transcripts, which is why we always maintain the highest standard of security when handling these files.

In short, our security position is this: no one sees your data but you. To provide a more in-depth look at how Trint deals with customer data, we’ve outlined some of our data security and privacy practices in detail below.

ISO 27001 Forms the Bedrock of our Security

The International Organization for Standardization (ISO) creates guidelines and specifications for the regulation of global standards. The ISO 27001 was created by the ISO to provide a global standard for an information security management system (ISMS).

ISO 27001 requires the management team to implement three broad practices:

• Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis

Trint’s security practices are currently aligned with ISO 27001 and we expect formal certification in Q3 2018.

How we keep your data secure

Data transfer and storage

Trint uses HTTPS (using TLS 1.2) for secure data upload, export and transfer. Data is encrypted at-rest using AES 256.

Physically, Trint stores your data in data centers owned and operated by Amazon Web Services. These data centers deliver the very highest levels of physical and infrastructure security; more information can be found here.

Usage and activity tracking and reporting

Trint does not presently generate usage reports for individual users, but usage and activity monitoring are available for Enterprise clients. These reports are available to Team plans upon request by contacting hello@trint.com.

Data retention and deletion

If you delete Trints from your account, they are not permanently removed but are hidden from view. We do this so that we can retrieve deleted files for you later upon request. Your Trint-related data (media files and associated transcripts) are permanently deleted if and when you request we delete your Trint account. Users can request Trint permanently deletes files on demand by contacting support@trint.com.

Trint Employees

At Trint, we know that effective security begins with our employees, so we use market leaders in personnel and data security to protect against vulnerabilities and internal threats. Some of the tools and services we use:

• OnFido to perform background checks on employees
• 1Password to securely generate and manage passwords
• F-Secure to guard against malware
• CyberSmart to enforce our employee computer equipment hardening policy

In addition, employees are required to use single-sign on and two-factor authentication wherever these are supported.

Third-Party APIs

Trint partners with third-party software providers to give the best possible customer experience. Before integrating with any company, Trint performs a review of their privacy protocols to ensure they have equally rigorous protection standards.

When agreeing to the Terms of Use upon joining Trint, a user is agreeing to the sharing of certain information with third-party APIs that are vital to Trint’s functionality. Trint uses the following as part of delivering its service:

• Auth0 for authentication and delivery of single-sign on capability
• Transloadit for transcoding media files
• Filestack for file selection and uploading
• Stripe for billing and payment
• Various analytics services; see our Privacy Policy for more information

Billing and Payment Security

Billing and payment are processed through a PCI-DSS-certified third-party payment processor, Stripe, which uses high-level encryption to protect all payment details entered.

Trint Support and other Trint personnel will not be able to view all billing information entered in the system. The following is visible to authorized Trint personnel:

• Account holder email
• Account subscription
• Account billing history
• Last 4 digits of card on file
• Address of card on file
• Invoices issued to the customer
• Any error codes produced by failed payments

If at any point you believe you have been wrongly charged, please reach out to our Support Team at support@trint.com.

Data backup and retention

Trint provides a backup and restore plan in the event of data center or system-wide events. Backups are performed 4 times per day. Trint retains backups for one year.

Business Continuity and Disaster Recovery

Trint implements a highly available and fault-tolerant service that can recover from events in a data center or other disaster.

The Trint service is hosted on AWS and architected using either clustered services or serverless implementations as relevant to the use case.

Trint maintains a business continuity and disaster recovery plan. In the event of a natural disaster, a combination of our backup strategy and infrastructure-as-code techniques would enable us to bring up a replacement environment in either a new AWS availability zone or region within a few hours.