Security
Your data is our priority
We take security seriously at every layer — from encryption and access controls to monitoring and incident response. Here's how we protect your data.
Encryption
- All data in transit is encrypted via TLS 1.2+
- Data at rest is encrypted using AES-256
- License keys and credentials are hashed, never stored in plaintext
Authentication & Access Control
- License key-based authentication for SDK access
- Role-based access control on the dashboard
- Session tokens with automatic expiration
- Social login via OAuth 2.0 (Google, GitHub)
Infrastructure
- Hosted on industry-standard cloud infrastructure with redundancy
- Automated backups with point-in-time recovery
- Network isolation and firewall rules restrict access to internal services
- Regular security patches and dependency updates
Monitoring & Logging
- Real-time monitoring of API endpoints and system health
- Centralized logging for audit trails and anomaly detection
- Automated alerts for suspicious activity and error spikes
- All systems operational status published publicly
Incident Response
- Documented incident response plan with defined severity levels
- Immediate investigation and containment upon detection
- Affected customers notified within 72 hours of confirmed breaches
- Post-incident review and preventive measures published
Data Handling & Retention
- Imported data is processed transiently and not stored beyond the import session
- Account data retained only as long as your account is active
- Data deletion upon account termination or upon request
- No selling or sharing of customer data with third parties
Organizational Security
- Security-aware development practices and code reviews
- Principle of least privilege for internal access
- Regular security training for all team members
- Third-party dependencies audited for known vulnerabilities
Report a Vulnerability
If you discover a security vulnerability in Xlork, please report it responsibly. We appreciate researchers who help us keep the platform safe.