Xano LogoSECURITY CENTERSECURITY CENTER
Xano Pricing

Xano Security and Compliance

Xano is dedicated to the safeguarding of customer data. Security is placed at the forefront of our product strategy, emphasizing its utmost importance. In constructing our platform, we adhere to the industry's finest practices, ensuring it is robust, scalable, and fortified against potential threats. Continuous vigilance and periodic evaluations of our program are conducted to guarantee that it aligns with, or surpasses, the standards of compliance and regulatory obligations.

Jacques Antikadjian: Co-Founder & CSO

Compliance

Compliant with the highest software and security standards

SOC 2
ISO 9001
SOC 3Pending
ISO 27001
ISO 27701
GDPR
CPRA
LGPD
PIPEDA
FERPA
HIPAA
CCPA
PDPA
PPIP
PPIPA
DPF
CMMCPending
NISTPending
HDS/Health Data HostingPending

Documentation

Reports
  • SOC 3 Report
  • Network Diagram
  • PCI DSS (ASV Network Scan)
  • Pentest Report
View more

Access Control
  • Logging
  • Data Access
  • Password Security
View more

App Security
  • Software Development Lifecycle
  • Code Analysis
  • Vulnerability & Patch Management
View more

Data Privacy
  • Geolocation Privacy
  • Employee Privacy Training
  • Cookies
View more

Data Security
  • Backups Enabled
  • Encryption-at-rest
  • Access Monitoring
  • Data Erasure
View more

Endpoint Security
  • Endpoint Detection & Response (EDR)
View more

Product Security
  • Multi-Factor Authentication
  • Data Security
  • Audit Logging
  • SSO Support
View more

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

ESG
  • Fair Labor
  • Carbon Neutrality
  • Whistleblowing Program
  • Diversity, Equity, and Inclusion
View more

Infrastructure
  • Anti-DDoS
  • Google Cloud Platform
View more

Corporate Security
  • Internal SSO
  • Penetration Testing
  • Internal Assessments
  • Asset Management Practices
View more

Legal
  • Privacy Notice
  • Data Processing Addendum (DPA)
  • Subprocessors
  • Terms & Conditions
View more

Network Security
  • Firewall
View more

Policies
  • Data Classification Policy
  • Password Policy
  • Patch Management Life Cycle
  • Encryption Policy
View more

Risk Profile
  • Recovery Time Objective
  • Critical Dependence
  • Data Access Level
  • Impact Level
View more