Security Policy

Last updated on 26th of October 2024

At Xeel, security and user privacy are of paramount importance. We're comitted to the security of our application and organization, and protecting your data is of utmost importance to us.

Security Model

Cloud Infrastructure

Xeel utilizes Amazon Web Services serverless cloud infrastructure whenever possible. AWS has the most comprehensive compliance controls in the industry.

Encryption

All data Xeel stores and transmits is encrypted at rest and in transit.

Transparency & Openness

Any Xeel code that interacts with your build systems, or your codebases directly, is available as open source in the Xeel GitHub organization. We review all changes and contributions to our open source codebase with the same scrutiny and secure development controls that we employ for our proprietary application codebase.

Role-Based Access

Xeel's application allows Organization administrators to control access with varying levels of access to create, view and update data. See the permissions documentation for additional details.

Organizational Security

All Xeel employees and contractors must participate in mandatory security training, and are required to agree to and comply with our Security Policy.

Subprocessors

Xeel engages the following third-party processors to provide the Service:

Vulnerability Disclosure

If you identify a security issue with Xeel, please contact security@xeel.dev. We will review your disclosure, respond to you within five business days of receipt, and take the necessary steps to remediate.

Please make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of services and/or data.

Changes to This Security Policy

We may update this Security Policy periodically. When we do, we will update the “Last Updated” date.