Our commitment to your
Data Security


Writing your research is your life’s work. We know it. That’s why we built Typeset.io from the beginning with data security in mind. Your privacy is of utmost important to us and we take every effort under our control to secure all your data.

Protecting our customers’ data is the most important thing we do at Typeset.io. We ensure that every possible step to secure your data and privacy is promptly undertaken. Keeping Typeset.io secure is fundamental to our vision of transforming the way research is communicated. As you continue to know more about us, you can also read our privacy policy here

Best practices

System Security

All servers that run Typeset.io software in production is recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon Cloud Storage, are comprehensively hardened infrastructure-as-a-service (IaaS) platforms.

Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.

Security Event Response Plan

  • We have a well-defined process for security events that might occur and have educated all our staff on our policies.
  • Whenever a security event is detected, it is immediately shared with our emergency engineering team, teams are notified and assembled to immediately address the event.
  • After a security event is addressed, we do a post-mortem analysis of the problem.
  • Security event analysis is reviewed by chief engineer in person, and action items are identified.
  • Learnings from the event are formalized and distributed across the company to prevent any occurrence of similar events in the future.


  • All our customer data is stored in the USA.
  • Customer data is stored in multi-tenant data-stores, we do not have individual data-stores for each customer. However, we have struck privacy controls in our application to ensure data security and privacy. This also prevents unauthorized access of any customer’s data.
  • We have unit, integration, and regression test cases in place to ensure that privacy controls work as expected.
  • All tests are run every time changes are made on the platform.

Application monitoring

  • All access to Typeset.io applications is logged and audited.
  • Bastion hosts are used to login to devices.


We place strict controls over our employees’ access to your data and are committed to ensure that any customer data is not seen by anyone who should not have access to it. All of our employees and contract personnel are bound to our policies regarding customer data privacy and security and we treat these issues as matters of the highest importance within our company.

Personnel Practices

Typeset conducts background checks on all employees before employment, and employees receive security training during on boarding as well as on an ongoing basis. All Typeset.io employees are required to read and sign our strict data security and privacy policy covering the security, availability, and confidentiality of our services.


  • All of our services run in the cloud.
  • Typeset.io does not run our own routers, load balancers, DNS servers, or physical servers.
  • The vast majority of our services and data are hosted on Amazon Web Services (AWS) facilities in the USA.
  • All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that block unauthorized requests.
  • We have multiple VPC’s for different environments to ensure data integrity.
  • Typeset.io takes snapshots of your document at frequent intervals as our automatic backup strategy. In addition to this, our databases are backed up on a daily basis to ensure no loss of data.

Build Process Automation

  • All changes are rolled out to the platform using automation.
  • With typical code deploys happening multiple times a day, we can get any security fix on the platform quickly.

Data Transfer

  • All data sent to or from Typeset.io is encrypted in transit using 128-bit encryption.
  • Our API and application endpoints are TLS/SSL only.
  • We use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled etc.


  • Typeset is served 100% over https.
  • There are no corporate resources or additional privileges from being on Typeset.io’s network.

PCI Obligations

Typeset.io is not subject to PCI obligations. All payment instrument processing is outsourced to 2Checkout

Physical Security

Typeset.io production data is processed and stored within AWS Data Centers, which uses state-of-the-art multi-layer access, alerting, and auditing measures, including

  • Perimeter fencing
  • Vehicle access barriers
  • Custom-designed electronic access cards
  • Biometric checks
  • Laser beam intrusion detection
  • Continuous external and internal security camera surveillance
  • 24x7 trained security guards

You can know more about AWS Data security here