To be clear however, the merit of using Trint is that no one can see your transcript - we use machine learning-powered AI which converts your audio into text, thus eliminating the middleman and any need for human involvement on our part.
Our team does not have access to your uploaded materials, and we are required to ask you for permission and the express sharing of your content before we can review it (in instances of an inquiry to Support, for example). We also have multiple safeguards that prevent other parties from accessing your data.
Regarding encryption, information can be found at: https://trint.com/data-security/
Where is your data stored?
Transcripts are securely stored on Amazon Web Services in the us-east-1 (N. Virginia) region. All data is encrypted at-rest using the industry standard AES-256 algorithm.
The practice of storing data in the United States is GDPR compliant:
"Transfers may be made where the Commission has decided that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection." - pg. 41
The European Commission recognizes the US as having an adequate level of protection and Trint has signed an explicit GDPR-compliant agreement with AWS.
How long is your data stored?
Original uploaded media is retained for 30 days. Transcripts and transcoded media, required for the purpose of transcript playback, are retained until the user deletes the transcript from their Trint account. Secure deletion may additionally be requested via the Trint customer support team.
Deleting your data
Trint is GDPR compliant, and as such we are required by law to erase user data upon request within the legally prescribed timeframe (30 days). This is a permanent procedure. It cannot be undone.
If you would like us to erase your account and data, please contact us at firstname.lastname@example.org.
The deletion process is as follows:
- A user will send a data deletion/account deletion request in to Trint Support
- Trint will remove your information from the internal management systems that we use (billing, accounts, etc.)
- Trint will wipe your data from our servers, permanently erasing your files, uploads, etc. (this is processed in bulk on the last day of the month)
- Trint will remove you from our Marketing email lists (this is processed in bulk on the last day of the month)
- Finally, Trint will remove your email address and queries/requests from our Support database
Contacting you upon completion of this process would require us to keep hold of your data in the form of an e-mail address, as such, this will not be possible after your data has been removed.
Please note: Any further interaction with Trint on the part of the user after this process has been started constitutes a new interaction, resetting the 30 day timeframe.
Signing a DPA
Trint will only be able to sign DPAs or other security agreements/contracts for Enterprise clients at this time.
We adhere to industry best practice when it comes to encryption. Trint uses HTTPS (TLS 1.2+) to secure your data between your web browser and our servers. When your data is in our custody, it is encrypted using the industry standard AES-256 algorithm.
ISO 27001 Certification
Trint is ISO 27001 certified.
The International Organization for Standardization (ISO) creates guidelines and specifications for the regulation of global standards. The ISO 27001 was created by the ISO to provide a global standard for an information security management system (ISMS).
ISO 27001 requires the management team to implement three broad practices:
• Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis
Trint’s security practices are now ISO 27001 certified as of September 2019.
Trint does not currently have any HIPAA compliance certifications and we have not completed a formal HIPAA certification process. We have worked with some of our clients in their process of seeking IRB permission to use Trint, which they have received, but we have no formal compliance process in place at this time.
Trint enforces a strong password policy (at least 8 characters long; at least 1 uppercase (A-Z) and 1 lowercase (a-z) letters and a number (0-9)) at the point of account sign-up. Users can change their password at any time either within the application itself or by requesting a password reset link be sent to their registered email address.
Auditing of security events
Trint maintains an audit log of all user sign-ups and sign-ins. Additionally, all system administrative activity related to user account management is logged (e.g. a user account deletion request). Furthermore, Trint maintains intrusion detection systems on its platform infrastructure to proactively monitor and alert on any anomalous behaviour or access.
Local data storage or caching of information
Trint clears browser local storage for its domain on user log-out.
What measures have you put in place to support consistent solution availability?
The Trint application is implemented using highly-available, geographically-distributed redundant systems with automatic failover. Automated backups are taken every 4 hours with additional geographically separated snapshots taken every 24 hours.
Our expected system availability of a 12-month period is > 95%.
Trint maintains and tests both disaster recovery and business continuity plans on a regular basis and we target a return-to-operation of < 4 hours in a worst-case-scenario situation.
In addition to internal formal code reviews the Trint platform code is subject to automated security scanning using Veracode and Snyck.
Trint contracts with a external vendor to provide twice-yearly penetration testing of the platform. An executive summary of the latest report is available, under NDA, by request.
Yes, Trint is Cyber Essentials certified (certificate #: IASME-A-05792)