Protecting your company's sensitive HR information is extremely important to us. We know you have questions about how we’re protecting that information, so what follows are details about some frequently requested information about Twine’s information security.
The Twine application is hosted on the cloud using Heroku as a platform-as-a-service. On Heroku, firewalls are used to restrict access to systems from external networks and between systems internally. Twine databases are hosted by Amazon’s Relational Database Service (RDS), with built-in network and application firewalls. Amazon’s data centers are widely recognized for both physical and network security. You can check out the security pages for Heroku and AWS for more detailed information - but we're sure you'll find they are state-of-the-art.
It goes without saying that software security is very important. That's why we do all of the following to ensure your data is safe:
- Encrypt all your data in transit using TLS.
- Salt and hash all your passwords, so that nobody (not even a Twine employee) can read them - they have to be reset.
- Have an independent penetration test conducted on a quarterly basis.
- Support responsible disclosure. If you identify a vulnerability in our site or services, you can report it to us here.
Access to our systems and your data is restricted only to those who need access in order to provide you awesome support. All our employees have signed condfidentiality agreements, and we have employee termination (AKA: "change management") processes in place.
At Twine, we belive security is the responsibility of everyone who works for us. We train our employees so that they can identify security risks and empower them to take action to prevent bad things from happening.
Privacy and Data Protection
You can view our data protection policy for the finer details. The bottom line up front is: we believe in the confidentiality of your HR information. We retain only the data we need to power our people analytics, and we store it securely.
If you have more in-depth questions about Twine's security program, contact us here - we'd love to chat.