Legal

Security & Systems Policy

Textgrid’s Security Practices

Textgrid is committed to ensuring that the data stored in the Textgrid platform is accessible only by authorized individuals. Security best practices are employed consistently and evolve to meet the needs of our customers.

When you sign up for a Textgrid Account you agree to our standard SLA. If you need a customized SLA for your account, please reach out to support@textgrid.com.

Platform Architecture

Textgrid’s physical infrastructure is hosted and managed within Microsoft Azure’s secure data centers and utilize the Azure technology.

Textgrid consists of messaging services built on the .Net Framework, and run in Azure’s Virtual Machines.

Risk Assessment

Microsoft continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Microsoft Azure’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

 

Textgrid itself has not pursued independent certifications.

Policy around Software Security Updates

System configuration and consistency is maintained through standard images, configuration management software, and the deployment of changes and fixes as required.

Customer Data Security

Customer application phone number and messaging data is stored in an SQL Server running on the Azure Virtual Machine. This database is secured by standard system and authorization policies. Access to the database is restricted to authorized personnel only, for purposes of administration and support.

Customer application certificates and keys are stored in encrypted form in the SQL Server running on the Azure Virtual Machine.

Application Data

Textgrid provides SSL encryption to protect data transmission over the wire from external entities to the Textgrid API layer. Textgrid does not maintain databases that are utilized for production application use by the customer. These databases are provisioned, configured and maintained by the customer only.

Application Logs

Textgrid captures and stores Application Logs in an off-site database. This database is secured by standard system and authorization policies. Access to the database is restricted to authorized personnel for the purposes of administration and support only.

Operational Policies

Textgrid employees do not access customer data or customer environments as part of day-to-day operations. When customers need support, authorized employees are able to view customer data when specifically requested.

All company employees are trained to understand that customer data privacy and confidentiality is paramount. Under no circumstances is customer data ever disclosed to a third-party. Only a limited subset of employees have the ability to view customer environments and stored data.

Access is routinely evaluated to ensure those rights are retained only when necessary by job function. Textgrid maintains a policy for removing access for employees that are no longer associated with its operations.