Security and Compliance

At xtype, the security and privacy of customer data, intellectual property, and personal data are top priorities.  We operate and continuously improve our security and compliance programs.

Kash on the phone


Get in Touch


If you believe you have discovered a critical security bug or vulnerability, please contact us at security@xtype.io. We’ll get back to you within 24 hours or sooner.

Call Center xtype
xtype soc-2 compliant


Compliance and Certifications


xtype takes security seriously, and has implemented a comprehensive security program to protect customer data. Each year, we undergo third-party audits and technical assessments of our security capabilities.


Data Privacy


xtype has intentionally minimized the amount of personal data needed to use our platform.  In some circumstances, we may require personal data to facilitate your use of the platform, or to improve our websites and services.

xtype is compliant with GDPR, CCPA, and applicable privacy laws.

To understand your privacy rights and how we handle your personal data please review our Privacy Statement.

To manage the use of your of your privacy information please see Do Not Sell or Share My Personal Information.



Data privacy


Security at xtype


Risk Management

xtype conducts risk assessments on at least an annual basis, and on-demand for significant changes to the environment. The output of the risk assessment is a report identifying and classifying risks, which are reviewed with management and stakeholders and tracked in a risk register. As a complement to the risk assessment process, xtype also conducts annual application business impact assessments to validate controls and security posture of critical systems.


Vendor Management

xtype maintains a vendor risk management program that includes regular monitoring and assessment of suppliers’ ability to comply with security and compliance requirements. The scope of this program includes both business systems and technical assets used for service delivery.


Account Protection


All xtype employees use Single Sign On for access to critical business systems, and we’ve adopted two-factor authentication across our estate wherever possible.


Training and Awareness


When new employees start, one of their first tasks is to attend security and privacy awareness training. We also conduct annual and ongoing security and privacy awareness training for all employees.


Vulnerability Management


We use industry leading tools to discover vulnerabilities in our codebase and images.  Findings are handled according to our documented procedures.


Penetration Tests


We conduct internal technical security assessments on a regular basis, and track all findings through our vulnerability management process. We also engage with trusted third parties to complete network and application penetration tests at least annually.


Audit Logging


We have audit logs enabled in our environment to identify anomalies, measure efficiency, and demonstrate compliance.


Incident Response


We maintain a dedicated Incident Response function, and keep customers updated on operational incidents through our dedicated Support site.

Are you ready to transform your ServiceNow delivery process?

Loved by Developers, Trusted by Businesses
Access Demo