Security and Compliance

At xtype, the security and privacy of customer data, intellectual property, and personal data are top priorities.  We operate and continuously improve our security and compliance programs.

Kash on the phone

Get in Touch

If you believe you have discovered a critical security bug or vulnerability, please contact us at We’ll get back to you within 24 hours or sooner.

Call Center xtype
xtype soc-2 compliant

Compliance and Certifications

xtype takes security seriously, and has implemented a comprehensive security program to protect customer data. Each year, we undergo third-party audits and technical assessments of our security capabilities.

Data Privacy

xtype has intentionally minimized the amount of personal data needed to use our platform.  In some circumstances, we may require personal data to facilitate your use of the platform, or to improve our websites and services.

xtype is compliant with GDPR, CCPA, and applicable privacy laws.

To understand your privacy rights and how we handle your personal data please review our Privacy Statement.

To manage the use of your of your privacy information please see Do Not Sell or Share My Personal Information.

Data privacy

Security at xtype

Risk Management

xtype conducts risk assessments on at least an annual basis, and on-demand for significant changes to the environment. The output of the risk assessment is a report identifying and classifying risks, which are reviewed with management and stakeholders and tracked in a risk register. As a complement to the risk assessment process, xtype also conducts annual application business impact assessments to validate controls and security posture of critical systems.

Vendor Management

xtype maintains a vendor risk management program that includes regular monitoring and assessment of suppliers’ ability to comply with security and compliance requirements. The scope of this program includes both business systems and technical assets used for service delivery.

Account Protection

All xtype employees use Single Sign On for access to critical business systems, and we’ve adopted two-factor authentication across our estate wherever possible.

Training and Awareness

When new employees start, one of their first tasks is to attend security and privacy awareness training. We also conduct annual and ongoing security and privacy awareness training for all employees.

Vulnerability Management

We use industry leading tools to discover vulnerabilities in our codebase and images.  Findings are handled according to our documented procedures.

Penetration Tests

We conduct internal technical security assessments on a regular basis, and track all findings through our vulnerability management process. We also engage with trusted third parties to complete network and application penetration tests at least annually.

Audit Logging

We have audit logs enabled in our environment to identify anomalies, measure efficiency, and demonstrate compliance.

Incident Response

We maintain a dedicated Incident Response function, and keep customers updated on operational incidents through our dedicated Support site.

Not enough people in the platform team?

Loved by Platform Architects, Trusted by Platform Owners and the Business