Security and Compliance
At xtype, the security and privacy of customer data, intellectual property, and personal data are top priorities. We operate and continuously improve our security and compliance programs.
Get in Touch
If you believe you have discovered a critical security bug or vulnerability, please contact us at security@xtype.io. We’ll get back to you within 24 hours or sooner.
Data Privacy
xtype has intentionally minimized the amount of personal data needed to use our platform. In some circumstances, we may require personal data to facilitate your use of the platform, or to improve our websites and services.
xtype is compliant with GDPR, CCPA, and applicable privacy laws.
To understand your privacy rights and how we handle your personal data please review our Privacy Statement.
To manage the use of your of your privacy information please see Do Not Sell or Share My Personal Information.
Security at xtype
Risk Management
xtype conducts risk assessments on at least an annual basis, and on-demand for significant changes to the environment. The output of the risk assessment is a report identifying and classifying risks, which are reviewed with management and stakeholders and tracked in a risk register. As a complement to the risk assessment process, xtype also conducts annual application business impact assessments to validate controls and security posture of critical systems.
Vendor Management
xtype maintains a vendor risk management program that includes regular monitoring and assessment of suppliers’ ability to comply with security and compliance requirements. The scope of this program includes both business systems and technical assets used for service delivery.
Account Protection
All xtype employees use Single Sign On for access to critical business systems, and we’ve adopted two-factor authentication across our estate wherever possible.
Training and Awareness
When new employees start, one of their first tasks is to attend security and privacy awareness training. We also conduct annual and ongoing security and privacy awareness training for all employees.
Vulnerability Management
We use industry leading tools to discover vulnerabilities in our codebase and images. Findings are handled according to our documented procedures.
Penetration Tests
We conduct internal technical security assessments on a regular basis, and track all findings through our vulnerability management process. We also engage with trusted third parties to complete network and application penetration tests at least annually.
Audit Logging
We have audit logs enabled in our environment to identify anomalies, measure efficiency, and demonstrate compliance.
Incident Response
We maintain a dedicated Incident Response function, and keep customers updated on operational incidents through our dedicated Support site.
Not enough people in the platform team?
Loved by Platform Architects, Trusted by Platform Owners and the Business