Security at
X-Score
X-Score prioritizes security to safely deliver results that are enjoyable to our customers. We have enacted several types of security procedures around our product, the making of it, and how we handle data.
Contacting X-Score About Security
We ask that all security concerns, questions, and comments be directed by sending us an email ticket. Tickets categorized as security-related are triaged and remediated in an expedient manner. Our security team will be notified of the ticket and may respond directly with the person who contacted us.
How We Protect Your Data
Multiple layers of security to ensure your data remains safe and private
Enterprise-Grade Security
Our infrastructure is built with defense-in-depth principles, ensuring multiple layers of protection for your data.
End-to-End Encryption
All data in transit and at rest is encrypted using industry-standard AES-256 encryption protocols.
Secure Cloud Infrastructure
Hosted on AWS with SOC 2 Type II compliance, ensuring the highest standards of security and reliability.
24/7 Security Monitoring
Continuous monitoring and threat detection to identify and respond to potential security incidents.
Regular Security Audits
Independent third-party security audits and penetration testing to ensure robust protection.
Access Control
Role-based access control (RBAC) and multi-factor authentication to protect your account.
Security Architecture
All X-Score systems are built with a defense-first approach, assuming that an attack can happen at any time. While our process ideally prevents attacks, we also work to mitigate the damage of an attack by separating systems from each other.
Systems only contain the software for a single application (so-called "single-use systems") and never share the same system for different types of software.
Our systems are stateless and short-lived. All data on a system is intended to be sent to another system, and the system itself is not intended to be in operation for more than a week at a time.
Data Isolation
Each customer's data is logically isolated and encrypted.
Network Segmentation
Private networks with strict firewall rules and access controls
Key Management
Secure key rotation and management using AWS KMS
Automated Security
Continuous security scanning and automated patching
Network Protection
All X-Score servers are hosted inside a private virtual network within Amazon Web Services, which ensures communication between X-Score servers remains encrypted and separated from public Internet traffic. Communication between servers over external (or public) networks is always encrypted with industry-standard SSL.
Encrypted Communication
All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure protocol available.
DDoS Protection
Advanced DDoS mitigation and traffic filtering to ensure service availability even during large-scale attacks.
Compliance & Certifications
We maintain the highest standards of compliance and security certifications
SOC 2 Type II
Certified for security, availability, and confidentiality
GDPR Compliant
Full compliance with EU data protection regulations
ISO 27001
Information security management system certified
CCPA Compliant
California Consumer Privacy Act compliance
Questions About Our Security?
Our security team is here to help. Contact us for more information about our security practices and compliance.
Contact Security Team