Security

Built to protect the work that matters.

Defaults that meet enterprise expectations on day one. Procurement-ready, honest about where we are.

Request DPA Enterprise overview

How we protect your data

Eight pillars, no hand-waving.

Encryption in transit and at rest

TLS 1.2+ on every connection. AES-256 at rest. Customer-managed encryption available on Enterprise.

No training on your data

Your prompts and conversations are never used to train base models. Provider contracts enforce the same.

Workspace isolation

Row-level security enforced at the database. A workspace cannot read another workspace's data, full stop.

Audit logs

Workspace and admin actions captured with timestamps. Exportable on Enterprise for SIEM ingestion.

Bring your own keys

On Enterprise, route inference to your own provider accounts so usage and policy live where you already manage them.

Region pinning

US and EU regions available on Enterprise. Sub-processor list shared on request.

Data retention you control

Workspace admins can configure retention windows for rooms and exports. Default is 'keep until you delete'.

Vulnerability disclosure

Report security issues to security@x21.com. We respond within 1 business day and ack within 24 hours.

Compliance and audits

Where we are, exactly.

We will tell you the truth, not a marketing summary. Ask us anything specific.

SOC 2 Type II

In progress, audit window underway

GDPR

DPA available on request, EU region pinning on Enterprise

Sub-processors

Current list shared as part of the security pack

Penetration testing

Annual third-party test; report shared under NDA

Reporting a vulnerability

Email security@x21.com with a clear reproduction. We acknowledge within 24 hours and respond with a triage decision within 1 business day. We do not pursue legal action against good-faith research.

Email security@x21.com Request the security pack

Talk to a human about security.

A 30-minute call usually closes most procurement reviews.

Talk to us See pricing