Data Safety and Security

XSurfLog places customers first, so customer data safety and security are extremely important to XSurfLog.

Data Security is through defence in depth through network, system and access controls. XSurfLog Platform data is encrypted at rest with AES-256 and encrypted in transit with TLS.

The Privacy policy is available at


XSurfLog Platform and data is hosted on Amazon (AWS) which is independently audited and certified for SOC 1, 2 and 3.

The infrastructure is fully redundant with no single point of failure and with data replication in multiple locations. The XSurfLog Platform network is an isolated private network such that access to the network is only provided on a least privilege basis.

Identity and Access Control

Account passwords are hashed so that no employees of XSurfLog can view them, so the only way to fix a lost password is that it must be reset.

Independent Cyber Security Audit and Cyber Security Penetration Testing XSurfLog has a regular Cyber Security Audit and Penetration Test at least annually.


XSurfLog's commitment to security includes a dedicated cyber security team. Furthermore XSurfLog empowers employees of XSurfLog to continuously improve the security of XSurfLog. Regular cyber security training is provided to all XSurfLog employees, this includes training for developers to prevent XRF, CSRF, SQL injection and other common attacks. XSurfLog also has confidentiality agreements and ISO 27001-2 policy and procedures that are part of employees contract.

Incident response

XSurfLog take all security incidents very seriously. XSurfLog will investigate any potential security incident and seek to resolve them quickly. During a security incident event, XSurfLog has a cyber security response procedure which includes following industry best practices for disclosure and notification. For cyber security questions, suggestions, or vulnerability reporting, please contact us directly at