Privacy and Security FAQs

Xebrio is hosted entirely on Amazon Web Services (AWS) cloud-based servers within the US region which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.
AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.

All data exchange between Xebrio’s web/mobile clients and Xebrio servers is done via the HTTPS protocol. Xebrio always uses an SSL connection.

Xebrio provides in-app admin controls for some of the integrated third-party applications, in the form of both user and object-level permissions, and the ability to define such third-party applications which may be used within Xebrio. It may be noted that not all third party integrations can be controlled through such interface as they are controlled at the system level, keeping the stated Xebrio Privacy objectives in mind.

Xebrio data is stored on AWS in RDS and S3, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the database every day and keep the snapshots for 7 days to Amazon S3 which is designed to offer 99.9% durability for the data in the event of a problem or catastrophic failure of RDS. The RDS is backed every day at specific time and last 7 backups are stored. The RDS is encrypted hence the snapshots of the RDS are also encrypted.

Our industry standard security, third-party audits, certifications, and documentation help support your compliance. Whether to verify system performance, our ongoing auditing of our processes, or sharing the location of our data centers, we’re committed to providing all our users utmost transparency. It’s your data, and we want you to know what happens with it so that you can always make informed choices.

Customers trust Xebrio to keep their data safe and secure every day, and we take that duty seriously. We are dedicated to making Xebrio secure and reliable project management ecosystem. We are committed to protecting your personal and organizational data, and ensuring secure collaboration within our software, which is why we strive hard and continue to invest in getting the security compliance of our services to meet and exceed industry standards.

Yes, its compliant with European privacy law (GDPR). For more details – https://xebrio.com/legal/privacy-policy/

All data exchange between Xebrio’s web/mobile clients and Xebrio servers is done via the HTTPS protocol. Xebrio always uses an SSL connection. Xebrio is hosted entirely on Amazon Web Services (AWS) cloud-based servers within the US region which is certified SOC 2 Type 2.

SOC 1 Type 2

Yes, Xebrio does incremental, encrypted backups of the database every day and keep the snapshots for 7 days to Amazon S3 which is designed to offer 99.9% durability for the data in the event of a problem or catastrophic failure of RDS. The RDS is backed every day at specific time and last 7 backups are stored. The RDS is encrypted hence the snapshots of the RDS are also encrypted.

Xebrio keeps the encrypted data for a period of 90 days after the free trial or non-renewal of subscription plan after which we delete the data. 

Yes. But the user has the right on their data as per the Data Subject Rights metioned in the Privacy Policy.

No. Xebrio does not sell any data to third parties.

Xebrio is a B2B SaaS product having multi-tenant architecture and cloud based offering which ensures data privacy and security within same servers.

Xebrio doesn’t collect or use information for advertising purposes or to create ad profiles. We provide users with information in our Privacy Policy about the data that we collect and generate while using Xebrio.