Security at x.ai

Your schedule is safe with us. x.ai takes customer trust and data security seriously, and we’re proud to share the processes we have in place to protect your organization.

Security Certification—SOC 2 Type II

x.ai is SOC 2 Type II certified. An independent auditor has evaluated our product, infrastructure, and policies, and certifies that x.ai complies with their stringent requirements. Learn more about the details of the certification here. To request a copy of our SOC 2 report, please email us here.

GDPR

x.ai is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR).  We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

To learn more about our compliance with GDPR’s Privacy Shield Framework, please see our privacy policy.

Security Features

✔Penetration tested to identify and patch vulnerabilities

Data encryption in transit and at rest  

We encrypt our services using SSL.

All data resides on encrypted instances.

User authentication

We rely on the security protocols supported by your email providers to keep you safe by validating all incoming emails using DKIM and SPF verification. This enables us to know if a message is coming from an authenticated server. Users logging into our application are protected by HTTPS secure communication sessions using SSL.

Infrastructure hosted on AWS, residing in a virtual private cloud (VPC)

The entire x.ai infrastructure is hosted on our infrastructure partner, Amazon Web Services (AWS). AWS utilizes state of the art electronic surveillance and multi-factor access control systems. The data centers are staffed 24×7 by trained security guards. The infrastructure resides in a VPC, thus limiting access.

Our infrastructure provides protection against common attacks such as distributed denial of service (DDoS) attacks and detections for password brute-force search attempts.

Single sign-on (SSO)

OAuth is used to provide an additional and separate layer of access control.

Audit logging on all database interactions

x.ai provides admins with a detailed trail of account activity. System and user access to the x.ai infrastructure are logged and stored.

Employee authentication and access

All x.ai employees, contractors and agents with access to your information are required to authenticate themselves using username, password, and multi-factor authentication (MFA). Our data collection, storage and processing operations are guarded both physically and virtually from the outside world. Employees are rigorously vetted and access to the infrastructure and data stores are authorized based on the principle of least privilege. Individual users’ access controls are managed through a role-based, security group management system.