Overview

We understand that our customers expect us to protect their data with the highest standards and are committed to providing them with a highly secure and reliable environment. Our security model and controls are based on international standards and industry best practices, such as ISO 27001, ISO 27018 and OWASP Top 10.

Application Security

xeelo.online implements a security oriented design in multiple layers, one of which is the application layer. The xeelo.online application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.

Our controlled CI/CD process includes static code analysis, vulnerability assessment, end-to-end testing, unit testing which addresses authorization aspects and more. Xeelo developers go through periodic security training to keep them up-to-date with secure development best practices.

Infrastructure Security

Another layer of security is the infrastructure. Our infrastructure is protected using multiple layers of defense mechanisms, including:

  • Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
  • A web application firewall (WAF) for content-based dynamic attack blocking
  • DDoS mitigation and rate limiting
  • NIDS sensors for early attack detection
  • Advanced routing configuration
  • Comprehensive logging of network traffic, both internal and edge

Data Encryption

xeelo.online encrypts all data both in transit and at rest:

  • Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum
  • User data is encrypted at rest across our infrastructure using AES-256 or better
  • Credentials are hashed and salted using a modern hash function

External Security Audits and Penetration Tests

Independent third party assessments are crucial in order to get an accurate, unbiased understanding of your security posture. xeelo.online conducts penetration tests on an annual basis both in the application and in the infrastructure level using well-known, independent auditors.

Physical Security

Xeelo.online is a cloud-based solution, with no part of our infrastructure retained on-premise. Our physical security in the offices include personal identification based access control, CCTV and alarm systems.

xeelo.online’s data centers are hosted in regional data centers, where leading physical security measures are employed.

Disaster Recovery and Backups

Xeelo.online is committed to providing continuous and uninterrupted service to all its customers. We consistently backup user data every  minute. All backups are encrypted and distributed to various locations.

Our Disaster Recovery Plan is tested at least once a year to assess its effectiveness and to keep the teams aligned with their responsibilities in case of a service interruption.

Security Awareness and Training

xeelo.online understands that its security is dependent on its employees. Therefore, all our employees undergo thorough information security awareness training during onboarding. Further security training is provided on a regular basis.

Access Control

We know the data you upload to xeelo.online is private and confidential. We regularly conduct user access reviews to ensure appropriate permissions are in place, in accordance with the least privilege principle. Employees also have their access rights promptly modified upon change in employment.

Last Updated: August 1, 2022