Privacy and Security FAQs

All about privacy and security policies of Xebrio

How does Xebrio keeps data secure?

Xebrio customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security. AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here.

How is Xebrio reliable and scalable?

Xebrio is hosted entirely on Amazon Web Services (AWS) cloud-based servers within the US region which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.
AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.

All data exchange between Xebrio’s web/mobile clients and Xebrio servers is done via the HTTPS protocol. Xebrio always uses an SSL connection.

Xebrio provides in-app admin controls for some of the integrated third-party applications, in the form of both user and object-level permissions, and the ability to define such third-party applications which may be used within Xebrio. It may be noted that not all third party integrations can be controlled through such interface as they are controlled at the system level, keeping the stated Xebrio Privacy objectives in mind.

Xebrio data is stored on AWS in RDS and S3, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the database every day and keep the snapshots for 7 days to Amazon S3 which is designed to offer 99.9% durability for the data in the event of a problem or catastrophic failure of RDS. The RDS is backed every day at specific time and last 7 backups are stored. The RDS is encrypted hence the snapshots of the RDS are also encrypted.

How do you know that we are keeping our word?

Our industry standard security, third-party audits, certifications, and documentation help support your compliance. Whether to verify system performance, our ongoing auditing of our processes, or sharing the location of our data centers, we’re committed to providing all our users utmost transparency. It’s your data, and we want you to know what happens with it so that you can always make informed choices.

Customers trust Xebrio to keep their data safe and secure every day, and we take that duty seriously. We are dedicated to making Xebrio secure and reliable project management ecosystem. We are committed to protecting your personal and organizational data, and ensuring secure collaboration within our software, which is why we strive hard and continue to invest in getting the security compliance of our services to meet and exceed industry standards.

Can Xebrio be used in compliance with European privacy law (GDPR)?

Yes, its compliant with European privacy law (GDPR). For more details – https://xebrio.com/legal/privacy-policy/

How does Xebrio provide a safer environment?

All data exchange between Xebrio’s web/mobile clients and Xebrio servers is done via the HTTPS protocol. Xebrio always uses an SSL connection. Xebrio is hosted entirely on Amazon Web Services (AWS) cloud-based servers within the US region which is certified SOC 2 Type 2.

Which third parties have reviewed Xebrio's security practices?

SOC 1 Type 2

Does Xebrio encrypt my data?

Yes, Xebrio does incremental, encrypted backups of the database every day and keep the snapshots for 7 days to Amazon S3 which is designed to offer 99.9% durability for the data in the event of a problem or catastrophic failure of RDS. The RDS is backed every day at specific time and last 7 backups are stored. The RDS is encrypted hence the snapshots of the RDS are also encrypted.

What happens to user data after the Xebrio subscription is cancelled?

Xebrio keeps the encrypted data for a period of 90 days after the free trial or non-renewal of subscription plan after which we delete the data. 

Does Xebrio own user data?

Yes. But the user has the right on their data as per the Data Subject Rights metioned in the Privacy Policy.

Does Xebrio sell user data to third parties?

No. Xebrio does not sell any data to third parties.

How do I know that other customers sharing the same servers can’t access my data?

Xebrio is a B2B SaaS product having multi-tenant architecture and cloud based offering which ensures data privacy and security within same servers.

What kind of scanning or indexing of user data is done in Xebrio for organization/user accounts?

Xebrio doesn’t collect or use information for advertising purposes or to create ad profiles. We provide users with information in our Privacy Policy about the data that we collect and generate while using Xebrio.