Last updated: 26 May, 2019
Our security protocol aligns with ISO 27001 – that means no one sees your data but you.
Security at LSTN
At LSTN, we have always made our customers’ data security and privacy a priority. Our automated transcription software handles very important and confidential audio and video files and produces equally important and confidential transcripts, which is why we always maintain the highest standard of security when handling these files.
In short, our security position is this: no one sees your data but you. To provide a more in-depth look at how LSTN deals with customer data, we’ve outlined some of our data security and privacy practices in detail below.
ISO 27001 Forms the Bedrock of our Security
The International Organization for Standardization (ISO) creates guidelines and specifications for the regulation of global standards. The ISO 27001 was created by the ISO to provide a global standard for an information security management system (ISMS).
ISO 27001 requires the management team to implement three broad practices:
• Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis
LSTN’s security practices are currently aligned with ISO 27001 and we expect formal certification in the first half of 2019.
How we keep your data secure
Data transfer and storage: LSTN uses HTTPS (using TLS 1.2) for secure data upload, export and transfer. Data is encrypted at-rest using AES 256.
Physically, LSTN stores your data in data centers owned and operated by Google Web Services. These data centers deliver the very highest levels of physical and infrastructure security; more information can be found here.
Usage and activity tracking and reporting: LSTN does not presently generate usage reports for individual users, but usage and activity monitoring are available for Enterprise clients. These reports are available to Team plans upon request by contacting firstname.lastname@example.org.
Data retention and deletion: If you delete LSTN from your account, they are not permanently removed but are hidden from view. We do this so that we can retrieve deleted files for you later upon request. Your LSTN-related data (media files and associated transcripts) are permanently deleted if and when you request we delete your LSTN account. Users can request Lstn permanently deletes files on demand by contacting email@example.com.
LSTN Employees: At LSTN, we know that effective security begins with our employees, so we use market leaders in personnel and data security to protect against vulnerabilities and internal threats. Employees are required to use single-sign on and two-factor authentication wherever these are supported.
LSTN partners with third-party software providers to give the best possible customer experience. Before integrating with any company, LSTN performs a review of their privacy protocols to ensure they have equally rigorous protection standards.
• Google Firebase for authentication and delivery of single-sign on capability
• Google Cloud Storage for file selection and uploading
• Stripe for billing and payment
Billing and Payment Security
Billing and payment are processed through a PCI-DSS-certified third-party payment processor, Stripe, which uses high-level encryption to protect all payment details entered.
LSTN Support and other LSTN personnel will not be able to view all billing information entered in the system. The following is visible to authorized LSTN personnel:
• Account holder email
• Account subscription
• Account billing history
• Last 4 digits of card on file
• Address of card on file
• Invoices issued to the customer
• Any error codes produced by failed payments
If at any point you believe you have been wrongly charged, please reach out to our Support Team at firstname.lastname@example.org .
Data backup and retention
LSTN provides a backup and restore plan in the event of data center or system-wide events. Backups are performed 2 times per day. LSTN retains backups for one year.
Business Continuity and Disaster Recovery
LSTN implements a highly available and fault-tolerant service that can recover from events in a data center or other disaster.
The LSTN service is hosted on AWS and architected using either clustered services or serverless implementations as relevant to the use case.
LSTN maintains a business continuity and disaster recovery plan. In the event of a natural disaster, a combination of our backup strategy and infrastructure-as-code techniques would enable us to bring up a replacement environment in either a new AWS availability zone or region within a few hours.
LSTN for the World
LSTN transcribes in English (All Accents) and 15+ other Global languages. New languages are constantly added.