Security Policy

Overview

We understand the importance of protecting your personal information, documents, and payment details. Whether you're placing an order, submitting sensitive materials, or managing your account, you can trust that we take every step to ensure your data is secure.

This Security Policy outlines the technical, organizational, and procedural safeguards we use to protect your information. From secure file storage and encrypted communication to access controls and trusted third-party services, we are committed to providing a safe and trustworthy experience.

While no system is ever completely immune to risk, we continuously monitor, maintain, and improve our infrastructure and practices to meet the expectations of our customers and uphold the confidentiality of every project we handle.

Data Encryption

All data transmitted through our website is secured using HTTPS with SHA-256 encryption provided by Let's Encrypt. This ensures every page load, form submission, document upload, and account interaction is encrypted in transit using strong TLS protocols.

This level of encryption helps prevent data interception or tampering while you're interacting with our site. Whether you're placing an order, checking your status, or downloading a completed translation, your connection is protected.

Secure Hosting Environment

Our website is hosted on DigitalOcean, a cloud infrastructure provider known for its strong security posture. DigitalOcean uses firewalls, active threat monitoring, regular patching, and data center security controls to protect hosted applications.

All our servers are hardened and routinely updated to maintain a secure operating environment. We isolate customer data and follow the principle of least privilege for internal access.

Secure File Storage

Uploaded and translated documents are stored securely using Amazon Web Services (AWS). AWS provides robust storage encryption at rest, replication across availability zones, and industry-leading durability.

AWS is compliant with major certifications and regulations including ISO 27001, SOC 1/2/3, and GDPR. This ensures that your documents are protected with the same infrastructure trusted by leading financial institutions and government agencies.

Access Controls

Access to sensitive customer data is strictly limited to authorized personnel with a legitimate need. Our translators, proofreaders, and internal staff are only granted access to the specific files or information required to complete your project.

All team members are required to sign confidentiality agreements and undergo training on secure data handling. Administrative access to infrastructure is limited, logged, and monitored continuously.

Payment Security

We process all payments securely through PayPal and Braintree, both of which are PCI DSS Level 1 certified—the highest level of compliance for payment processors.

We never store your credit card or banking details on our servers. Payment information is transmitted securely and directly to the processor, protecting your financial data from unauthorized access.

System Monitoring & Updates

We actively monitor our systems to detect unauthorized access, suspicious activity, or performance issues. Automated alerts and manual reviews help us maintain high availability and security standards.

Security patches are applied regularly, and we follow best practices in software development and deployment. Our team stays up to date with the latest vulnerabilities and threat intelligence to minimize risk and respond quickly when needed.

Confidentiality

We understand the sensitive nature of the documents you entrust to us—whether personal, legal, medical, or financial. We treat your information with the utmost care and confidentiality.

All translators and staff are contractually obligated to maintain strict confidentiality. Your files are never shared or used for any purpose other than completing your order, and we do not disclose customer data to third parties without explicit consent.

Third-Party Services

We work only with carefully selected third-party providers who meet high standards of security, reliability, and regulatory compliance. This includes providers for hosting, file storage, payment processing, and analytics.

Before integrating any service, we review their security practices and data handling policies. We prioritize working with vendors that hold certifications such as PCI DSS, SOC 2, ISO 27001, and GDPR compliance to ensure your data is protected throughout the entire ecosystem.

Compliance

We are committed to protecting your privacy and handling your data responsibly. We strive to follow industry best practices in data protection, security, and transparency.

Our goal is to ensure that your information is handled with care, and that you feel confident in the way we manage, store, and use your data. If you have questions or requests related to your personal information, we're happy to work with you to address them promptly.

Contact Us

If you have any questions about this Security Policy or would like to report a security concern, please contact us.