Security & Compliance
Security is fundamental to ExCom.ai's design. We follow industry best practices and established frameworks to protect your data.
Our Approach
We follow the practices of leading security frameworks without holding formal certifications. This means:
- We implement the controls and procedures these frameworks recommend
- We design our systems to meet enterprise security requirements
- We can support your compliance needs through our architecture and controls
If your organization requires specific certifications, contact us to discuss your requirements.
Security Framework
Data Protection
Encryption
- In Transit: TLS 1.3 for all data transmission
- At Rest: AES-256 encryption for stored data
- Key Management: Secure key management practices
Data Handling
- Data Minimization: We collect only what's necessary
- Data Sovereignty: Deployment options to keep data in your region
- Secure Deletion: Proper data destruction when requested
Access Controls
Authentication
- Multi-Factor Authentication: Available for all users
- Single Sign-On: SAML 2.0 and OpenID Connect support
- Role-Based Access: Granular permissions system
Network Security
- Web Application Firewall: Protection against common vulnerabilities
- IP Restrictions: Configurable access controls
- VPN Support: Site-to-site connectivity available
Frameworks We Follow
We design and operate our platform following the practices outlined in these frameworks:
| Framework | What This Means |
|---|---|
| SOC 2 principles | We follow the trust service criteria for security, availability, and confidentiality |
| ISO 27001 practices | We implement information security management practices |
| GDPR requirements | We support data privacy rights and controls |
| NIST guidelines | We align with NIST cybersecurity framework recommendations |
Note: Following these practices is not the same as holding formal certifications. We implement the controls and procedures, but have not undergone third-party certification audits.
What We Can Support
For Your Compliance Needs
ExCom.ai can help support your organization's compliance requirements:
- Audit Logs: Comprehensive logging of user actions and system events
- Data Export: Export your data in standard formats
- Access Controls: Granular permissions to enforce your policies
- Data Residency: Deployment options for geographic requirements
- Encryption: End-to-end encryption for sensitive data
Deployment Options
| Option | Description |
|---|---|
| Cloud | Our managed cloud environment |
| Private Cloud | Deployed in your cloud environment |
| On-Premise | Full deployment in your data center |
On-premise and private cloud options provide additional control for organizations with strict compliance requirements.
Risk Management
What We Do
- Security Monitoring: Continuous monitoring of our systems
- Vulnerability Management: Regular security assessments and patching
- Incident Response: Documented procedures for security events
- Backup & Recovery: Regular backups with tested recovery procedures
Business Continuity
- Redundancy: Multi-region deployment options
- Disaster Recovery: Documented recovery procedures
- Uptime: High availability architecture
Privacy
Our Principles
- Transparency: Clear communication about data handling
- Minimization: Collect only necessary data
- Control: You control your data
Your Rights
- Access your data
- Correct inaccurate data
- Request data deletion
- Export your data
Questions?
Security requirements vary by organization and industry. Contact us to discuss:
- Your specific compliance requirements
- Deployment options for your environment
- Security documentation and details
We're happy to provide detailed security information under NDA for enterprise evaluations.