How TextExpander Handles Your Keystrokes, Keylogging, and Snippet Security
Keystrokes and Keylogging
TextExpander never stores or sends your keystrokes anywhere. TextExpander logs up to 30 keystrokes to volatile memory, and up to 300 keystrokes when you have Snippet Suggestions enabled. This small amount of keystroke data in memory enables TextExpander to do its filtering. TextExpander clears the keystroke log when you use a keyboard shortcut or arrow key when you switch applications, and of course, it clears the log when you quit. Using TextExpander does not compromise your privacy.
While TextExpander does track a small number of keystrokes, “tracking” does not mean TextExpander keeps a list of the actual characters you type. Instead, it keeps an encoded record (called a “hash”) of that group of characters, similar to the way a password is securely stored so that no one reading it knows what it is. You might type “yourpetsname” but what TextExpander sees and records is “1739405847385.”
The TextExpander app is not a secure app meant for sensitive information. Anyone who gains access to your computer account will have access to your Snippets, just as they would any other files on your computer. If this concerns you and you’re on a Mac, you can turn on Apple’s FileVault for extra security.
For things like AWS credentials, social security numbers, and passwords we recommend storing those in an app made for security, such as a password manager.
Data in motion, every connection of every kind made by our apps, uses TLSv1.2 encryption or later, either https or wss.
For TextExpander.com, Snippet data is stored encrypted at rest on the database server’s filesystem.
TextExpander employees and contractors use strong, unique passwords and 2FA or direct public-private key exchange when possible to access third-party services. Only the minimum necessary personnel have access to service administration and the database. By default, our customer support team do not have access to customer data. Such access is only allowed via an explicit user opt-in.
- June 18, 2021: Updated to combine information sites on keystrokes, keylogging, and Snippet security
- March 23, 2017: Updated to reflect data encryption at rest
- April 5, 2016: Original Document