Security at Typewise

Your data stays within your own tenancy. We never pool customer data to improve base AI models used by others.

Conversations, tickets, and agent interactions are processed in isolation. Nothing flows between customer environments.

If you choose to fine-tune a model, it is trained exclusively on your data and deployed only within your environment.

The AI processes requests in real time and stores nothing afterwards. Ideal for highly sensitive data environments.

Sensitive personal data (names, card numbers, IDs) can be automatically masked before the AI ever processes it.

Our program follows the criteria set forth by the ISO 27001 Framework ‒ a widely recognized international information security standard.

Our organization undergoes independent third-party assessments to test our security and compliance controls on a regular basis.

We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.

Roles and responsibilities related to the protection of customer data are well defined. All team members must review and accept all security policies.

Team members go through employee security awareness training covering industry standard practices such as phishing and password management.

All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.

We perform background checks on all new team members in accordance with local laws.

All of our services are hosted with Amazon Web Services (AWS), which employs a robust security program with multiple certifications.

All of our data is hosted on AWS databases located in the European Union. Your data stays in the EU.

All databases are encrypted at rest, ensuring your data is protected even in the event of unauthorized physical access.

Our applications encrypt all data in transit using TLS/SSL only ‒ no unencrypted connections are permitted.

We perform continuous vulnerability scanning and actively monitor for threats across our infrastructure.

We actively monitor and log various cloud services to detect and respond to anomalies in real time.

We use AWS backup services to reduce any risk of data loss, with monitoring services that alert the team immediately.

We have a process for handling information security events which includes escalation procedures, rapid mitigation, and communication.

Access to production systems follows the principle of least privilege ‒ team members only have access to the systems and data they need.

Multi-factor authentication (MFA) is enforced for all internal systems and cloud infrastructure access.

All access to production environments is logged and monitored. Access logs are retained and reviewed regularly.

We conduct regular access reviews to ensure that access rights remain appropriate and are revoked promptly when no longer needed.

All third-party vendors are assessed for security and compliance before being onboarded. We evaluate their security posture and certifications.

We maintain Data Processing Agreements (DPAs) with all vendors who process personal data on our behalf, in accordance with GDPR.

Vendor relationships are reviewed on a regular basis to ensure continued compliance with our security and privacy standards.