Security and trust, by design.
We protect your customers' conversations with the same care we'd want for our own. Every layer of Xapp XRM is engineered for the regulated, high-stakes environments our customers operate in.
How we protect your data
GDPR compliant
Full compliance with UK GDPR and EU GDPR. Data Processing Agreements available for every customer; data subject access requests supported natively.
ISO 27001 ready
Our information security management system is aligned to ISO/IEC 27001 controls, with formal certification underway with a UKAS-accredited body.
Secure cloud infrastructure
Hosted on tier-1 UK and EU cloud regions, with redundancy across availability zones and 99.95% platform uptime SLA.
Data residency options
Choose where your data lives — UK, Ireland or other EU regions. We never replicate customer data outside the region you select.
Encryption everywhere
TLS 1.3 in transit; AES-256 at rest. Per-tenant encryption keys, with optional customer-managed keys for regulated industries.
Identity & access
SAML 2.0 and OIDC single sign-on, role-based access control, granular permissions, and full audit trails for every privileged action.
Continuous monitoring
24/7 SOC monitoring, automated vulnerability scanning, regular penetration testing by independent CREST-certified firms.
Backup & recovery
Encrypted, geo-redundant backups with point-in-time restore. Documented RTO of 4 hours and RPO of 15 minutes.
Policy & documentation library
Available to enterprise customers and prospects under NDA.
- Information Security Policy
- Acceptable Use Policy
- Data Protection & Privacy Notice
- Sub-processor List
- Business Continuity Plan
- Incident Response Procedure
Need our security pack?
Request our complete security and compliance documentation pack — we'll usually send it the same day.