Security is our top priority. This page explains the measures we take to protect your data and why our architecture gives us confidence in the privacy of your team information.
Privacy by design
The most important security feature of WordFields is structural. When your team generates a document or uses a snippet, the variable content (names, dates, amounts, client details) is processed to produce the output and then discarded. It is not stored on our servers.
For most snippets, the variable content never even reaches our servers — the snippet is filled in directly in your browser via the Chrome extension and inserted where you are working. Snippets that use formulas to compute values are processed on our server, but the variable content is still discarded immediately after processing.
This means there is no database of your generated documents to breach. What does not exist cannot be stolen. What we do store — your templates, snippets, and account information — is protected by the measures described below.
Infrastructure
WordFields is hosted entirely on Microsoft Azure within the European Union. We use Azure's enterprise-grade infrastructure and follow Microsoft's security best practices throughout.
Encryption in transit. All data transmitted between your browser and WordFields is encrypted using TLS 1.2 or higher. This applies to the web application, the Chrome extension, and all API communications.
Encryption at rest. Sensitive data such as access keys and authentication tokens is encrypted at rest using industry-standard encryption.
Key management. Cryptographic keys are managed using Azure Key Vault, which provides hardware-level security for key storage and access control.
Access controls. Access to production systems is restricted to authorized personnel only. All access is logged and audited. We follow the principle of least privilege — no individual has more access than their role requires.
Audit logging. All significant actions within the infrastructure are logged. Logs are retained and monitored for anomalous activity.
Application security
Authentication. WordFields supports sign-in via email and password, Google, and Microsoft accounts. Passwords are hashed using modern cryptographic standards and are never stored in plain text.
Role-based access control. Within a workspace, access to content is controlled by roles — Admin, Manager, and Member — and by folder-level permissions. Users can only access the content they have been explicitly granted access to.
Session management. Sessions are managed securely with appropriate timeout policies.
Payment security. We do not handle or store payment card information. All payments are processed by Stripe, which is certified to PCI DSS Level 1 — the highest level of payment security certification.
Chrome extension
The Text Snippets & Templates Chrome extension requests only the permissions necessary to function. It does not read the content of pages you visit, access your browsing history, or collect data from third-party websites.
Permissions are scoped to the specific actions required to insert snippet content into active text fields.
Reporting a vulnerability
If you believe you have found a security vulnerability, please report it responsibly by emailing [email protected]. Do not disclose the vulnerability publicly until we have had the opportunity to investigate and address it. We take all reports seriously and will respond promptly.
Questions
For security-related questions, contact us at [email protected].
Last updated: May 2026