View protected documents
Your data belongs to you not us.
Trust begins with transparency. We're proud of our privacy-first approach and encourage you to read our terms of service.
We never use what you upload or write to train an AI model, share it across organizations, or do anything without your explicit permission. Your content stays private, secure, and untouched by any algorithm. It's a zero-retention promise - your words stay with you.
Senior Program Manager at
“Grants are critical to Arbor's success but pull me away from other work. Streamline's ability to securely and efficiently repurpose our past applications has been critical to help us move quickly.”
Privacy at Streamline is more than just a policy.
Privacy at Streamline is more than just something we do for legal compliance. From day one we’ve been building tooling for the most sensitive IP.
Streamline has a comprehensive privacy and security program.
We invest in privacy and security because protecting your data is our top priority.
Trust at streamline
Streamline is a fully cloud-based service. We’re hosted on Amazon Web Services (AWS). The physical servers are located in AWS US-West-2 accounts are managed using IAM (Identity and Access Management). An Availability Zone (AZ) is a group of one or more data centers within an AWS region. All AZs in an AWS region are interconnected and have high-bandwidth, low-latency networking, and encrypted traffic. This setup provides isolation and protection from various issues, including natural disasters, as AZs are physically separated by many kilometers within a region. Each AZ Backup data is stored across various AWS US-West sites. You can find more information about AWS’s security practices here, and in their security whitepapers here. No data is stored outside the US.
How we process data
Streamline stores the following customer data:
User login information via SSO such as Google shared full name and email
Terms: Words and phrases customers maintain for special treatment by the platform
Snippets: Blocks of standard text customers maintain for ease and consistency
Documents: Files uploads customers maintain for ease of use and consistency
Style guides: Rules and settings customers maintain for ease and consistency
To use Streamline, customers choose what data upload in the form of documents. This data is **used only to support their organization, and never shared to other customers. It is used to find and apply to grants.
Streamline uses Transport Layer Security (TLS 1.2 or better) to protect user data as information is in transit. HTTPS traffic is terminated on Application Load Balancer (ALB) after passing through AWS Web Application Firewall (WAF). Certificates and keys are managed directly by the loadbalancers.
All requests to Streamline services are required to be communicated via Hypertext Transfer Protocol Secure (HTTPS). HTTPS ensures that data is encrypted in transit between Streamline services and client servers and devices.
All data stored by the Streamline platform is protected with industry-standard Advanced Encryption Standard (AES) 256 bit encryption. AES ensures that information is secured even in the event of a data breach.
Streamline’s infrastructure is provisioned within an isolated production project on the Amazon Web Services Platform. The production project runs in a Virtual Private Cloud behind virtual firewalls that control inbound and outbound traffic with Security Groups. Administrative access to the production environment is controlled by AWS IAM requiring strong passwords, multifactor authentication, and strong end-to-end encryption.
User data privacy
The privacy of stored customer data is fundamental at Streamline, and access to it is subject to published (and strict) policies and procedures. All access to our internal administration tools is logged and periodically reviewed.
Streamline personnel only accesses user data in certain situations, such as upon customer requests and quality assurance.
Streamline employees have computers with full-disk encryption, lock-screen passwords with low timeouts, and remote wipe enabled. All personal mobile devices that access Streamline systems are subject to the same management and security policies. Company systems use a single sign-on system using multi-factor authentication with strong passwords.
Streamline is currently being audited for SOC 2 Type II compliance. You can ask your sales rep or customer success manager for details, or email firstname.lastname@example.org.
All production environments require VPN and multifactor authentication. Streamline has separate environments for development, testing, and production. All employees go through background checks before employment. All employees go through general security training twice a year, and engineers go through additional security training to gain access to production systems. Access to sensitive systems is on a need-to-know basis, and sensitive admin actions trigger notifications, which are logged and reviewed in real-time. Streamline has a robust program to detect and respond to incidents, recover service, and maintain business continuity in the event of a disaster.
Streamline has had an uptime of 99.99% over the past 6 months. Enterprise customers are provided with a 99.99% SLA. We use a microservices architecture to ensure minimal impact on system health in the case of failure of one or more components.
Streamline has dedicated security personnel who oversee everything related to security, privacy, access, reliability, and disaster response. Similarly, they oversee ongoing risk assessment, vulnerability management, and incident recovery
Contact our security team: email@example.com