All capitalised terms not defined here are defined in the Privacy Policy.

At Twimo, we take the security of your data very seriously. This Security Practices document lists the technical, administrative and organisational measures taken by Twimo to safeguard your data and prevent unauthorised access.

SECURITY MEASURES

Infrastructure

Twimo runs on global, best-in-class infrastructure that provides you and the Customer with high levels of availability. Our Services are hosted on infrastructure provided by Subprocessors with long track records of infrastructure security, stringent safeguards and certifications. You can find more information about our Subprocessors here.

Data Transmissions

We ensure that all your sessions are encrypted. Twimo uses SSL/TLS certificates to create a secure HTTPS connection between your browser and our servers to encrypt all data in transit.

Customer Data Backups

The protection of Customer Data is a top priority for us. We regularly backup Customer Data on our Services. Backups are run on a daily, weekly and monthly basis. Please note that we do not retain backups of Customer Data beyond a month.

Software Infrastructure

We regularly update our software infrastructure to keep our operating systems, software packages and applications current for production use. We maintain server, application and access logs that provide information pertaining to security, monitoring, availability, access, performance and other information about the functioning of our Services. Our infrastructure is set up for monitoring of critical resources and to alert us of unusual or problematic activity that might need intervention.

Application Design

Our Services are designed keeping the integrity and confidentiality of Customer Data as the central consideration. No one outside your teams can see your profile or Personal Information. No one outside your team has access to the team’s Customer Data.

Activities performed by Users on each element of Customer Data is logged and reported to all the Users in the team via the “Notifications and Team Activity” page within the team for transparency and accountability.

The Customer has the controls it needs to remove Users who should no longer have access to the team’s Customer Data. Only the Customer and the Users it authorises to be Administrators (defined in Customer Terms of Use) have the authority to invite Users to a team and give them access to the Customer Data in the team.

All Customer Data pertaining to a team is deleted when the team is deleted from the Services. The backups that contain Customer Data will cease to exist beyond a month.

Engineering Processes

All changes to the Twimo Services, including the introduction of new features or functionality, bug fixes, design changes, software upgrades, etc., go through stringent and detailed code reviews, peer-reviews, unit tests and system tests before they are deployed to production. These reviews and tests always include a mandatory requirement to ensure that the security of Customer Data and our Services remains intact.

Personnel & Confidentiality Undertakings

We have strict controls in place for access to Customer Data and access is only permitted to certain Twimo employees on a need-to-access basis. Twimo ensures that all employees and contract personnel sign agreements or undertakings that include confidentiality obligations relating to Customer Data that are at least as stringent as those by which we are bound.

SHARED RESPONSIBILITY

Security is a shared responsibility. You help make the Services secure for yourself, the Customer and all of our users and customers by ensuring that you protect your User Account, use strong and unique passwords, secure your devices, respect the confidentiality of the Customer Data and any other information you access on the Services, share such information only with its intended audience, and follow the User Terms in letter and principle.

AN ONGOING JOURNEY

When it comes to data security, the goalposts are ever shifting. Given the nature of communications and technology, Twimo cannot guarantee that data, during transmission or when stored on our systems or Services or otherwise in our care, will be absolutely safe from intrusion by others. You can, however, rest assured that we will keep making improvements on a continuous basis to the Services to make them more secure for you and your data.

CONTACT

If you have any questions about our Security Practices, you can email us at support@twimo.co.