Compliance - Xerotier

Certifications and Standards

SOC 2 Type II

Our infrastructure and processes have been built within SOC 2 Type II datacenters, with AICPA Trust Service Criteria for security, availability, and confidentiality. So while we're not carrying our own SOC 2 paper, the platform is ready for it.

Planned

GDPR

We comply with the General Data Protection Regulation, providing data protection and privacy for individuals in the European Union.

Compliant

CCPA

We comply with the California Consumer Privacy Act, ensuring privacy rights for California residents.

Compliant

ISO 27001

Our information security management system follows ISO 27001 standards for protecting information assets.

Planned

Security Practices

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Control: Role-based access control with principle of least privilege
Monitoring: 24/7 security monitoring and incident response
Penetration Testing: Regular third-party security assessments
Vulnerability Management: Continuous scanning and timely patching
Employee Training: Annual security awareness training for all staff

Data Residency

Xerotier.ai allows you to choose where your data is stored by giving you full access to self-hosted agents. We also offer shared services in:

United States

Enterprise customers can request dedicated infrastructure with custom data residency requirements.

Data Processing Agreement

We provide a Data Processing Agreement (DPA) for customers who need to comply with GDPR and other data protection regulations. Contact us at contact@xerotier.ai to request a DPA.

Reporting Security Issues

If you discover a security vulnerability, please report it to contact@xerotier.ai. We appreciate responsible disclosure and will acknowledge your contribution.