Security & Systems Policy
Textgrid’s Security Practices
Textgrid is committed to ensuring that the data stored in the Textgrid platform is accessible only by authorized individuals. Security best practices are employed consistently and evolve to meet the needs of our customers.
When you sign up for a Textgrid Account you agree to our standard SLA. If you need a customized SLA for your account, please reach out to su*****@te******.com.
Platform Architecture
Textgrid’s physical infrastructure is hosted and managed within Microsoft Azure’s secure data centers and utilize the Azure technology.
Textgrid consists of messaging services built on the .Net Framework, and run in Azure’s Virtual Machines.
Risk Assessment
Microsoft continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Microsoft Azure’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Textgrid itself has not pursued independent certifications.
Policy around Software Security Updates
System configuration and consistency is maintained through standard images, configuration management software, and the deployment of changes and fixes as required.
Customer Data Security
Customer application phone number and messaging data is stored in an SQL Server running on the Azure Virtual Machine. This database is secured by standard system and authorization policies. Access to the database is restricted to authorized personnel only, for purposes of administration and support.
Customer application certificates and keys are stored in encrypted form in the SQL Server running on the Azure Virtual Machine.
Application Data
Textgrid provides SSL encryption to protect data transmission over the wire from external entities to the Textgrid API layer. Textgrid does not maintain databases that are utilized for production application use by the customer. These databases are provisioned, configured and maintained by the customer only.
Application Logs
Textgrid captures and stores Application Logs in an off-site database. This database is secured by standard system and authorization policies. Access to the database is restricted to authorized personnel for the purposes of administration and support only.
Operational Policies
Textgrid employees do not access customer data or customer environments as part of day-to-day operations. When customers need support, authorized employees are able to view customer data when specifically requested.
All company employees are trained to understand that customer data privacy and confidentiality is paramount. Under no circumstances is customer data ever disclosed to a third-party. Only a limited subset of employees have the ability to view customer environments and stored data.
Access is routinely evaluated to ensure those rights are retained only when necessary by job function. Textgrid maintains a policy for removing access for employees that are no longer associated with its operations.