Security Overview
Xebrio is a project management ecosystem helping our customer teams and organizations across the globe to turn their great ideas into a real world solutions, shipping value and making an impact. Customers trust Xebrio to keep their data safe and secure every day, and we take that duty seriously. We are dedicated to making Xebrio secure and reliable project management ecosystem. We are committed to protecting your personal and organizational data, and ensuring secure collaboration within our software, which is why we strive hard and continue to invest in getting the security compliance of our services to meet and exceed industry standards.
End to End Security
Xebrio is hosted entirely on Amazon Web Services (AWS), providing in-built end-to-end security and privacy features. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.
Server Security
Xebrio hosts all customer data on AWS cloud-based servers within the US region. Typical data includes system and user-generated contents, including but not limited to requirements, tasks, documents, comments, bugs, milestones, test cases, test plans, release information, and more such relevant data.
Deployments are automated to all machines, and all machines with access to Xebrio data have SSH disabled to prevent any unauthorized access to customer data.
Communications
All data exchange between Xebrio’s web/mobile clients and Xebrio servers is done via the HTTPS protocol. Xebrio always uses an SSL connection.
Privacy Controls
Xebrio provides in-app admin controls for some of the integrated third-party applications, in the form of both user and object-level permissions, and the ability to define such third-party applications which may be used within Xebrio. It may be noted that not all third party integrations can be controlled through such interface as they are controlled at the system level, keeping the stated Xebrio Privacy objectives in mind.
Data Storage & Backup
Xebrio data is stored on AWS in RDS and S3, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the database every day and keep the snapshots for 7 days to Amazon S3 which is designed to offer 99.9% durability for the data in the event of a problem or catastrophic failure of RDS. The RDS is backed every day at specific time and last 7 backups are stored. The RDS is encrypted hence the snapshots of the RDS are also encrypted.
Data Center Security
Xebrio customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.
AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here.
Employee Access
No Xebcore Inc. employee will ever see customer data unless required to do so for support reasons. If you reach out with a support issue which requires us to access your data, we will do so with your prior permission. We have an audit trail of customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing system-level outage.
Password Security
We use the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST.
Xebrio also offers two-factor authentication, or 2FA, as an additional security measure when accessing your Xebrio account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.
Credit Card Safety
Your credit card information is collected securely using HTTPS. We use the Stripe payment gateway using AES-256, which is fully PCI-DSS compliant. We never store your credit card details or CVV number. Learn more about the Stripe security policy.
When you choose a pricing plan at the end of the trial period with Xebrio, your credit card information is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or view your credit card information.
For Additional Information
If you have any questions or queries, contact us at support@xebrio.com.