Security & Trust

How XSEE protects your environment and your data.

Compliance

In Progress

SOC 2 Type II

Audit underway. Expected completion Q3 2026. Report available under NDA upon request.

In Progress

CSA STAR Level 1

Cloud Security Alliance self-assessment. Submission in progress.

Compliant

GDPR

Data Processing Agreement available on request. EU data handling compliant.

Active

AWS Hosted

Hosted on AWS us-east-1. AES-256 encryption at rest and in transit.

How XSEE connects to your AWS account

Read-only IAM role

You create the role. XSEE never writes to your environment. No resource creation, modification, or deletion — ever.

No agents installed

Zero footprint inside your infrastructure. Nothing running in your workloads. Nothing installed on your instances.

Credentials ephemeral

XSEE assumes your role only during active scans. Sessions expire automatically. No persistent access to your account.

Your data never leaves your environment

XSEE reads AWS API metadata only — resource IDs, policies, relationships. No file contents, no PII, no workload data.

Every action requires human approval

No automated write actions without explicit CISO approval. Every change cryptographically logged to approving identity.

Infrastructure

Hosting
AWS us-east-1
Encryption
AES-256 at rest and in transit
Database
AWS RDS PostgreSQL — encrypted
TLS
1.2+ enforced everywhere
Secrets
AWS Secrets Manager
Auth
JWT with httpOnly cookies
Access
MFA required for all admin access
Monitoring
AWS CloudTrail + GuardDuty

Responsible Disclosure

If you discover a security vulnerability in XSEE, we ask that you report it to us responsibly. We commit to acknowledging all reports within 48 hours and resolving critical issues within 7 days.

Email
security@xsee.io

XSEE will not pursue legal action against researchers who follow responsible disclosure guidelines.

Security Documents

Request SOC 2 Report →Request DPA →

SOC 2 Type II report available under NDA. DPA available upon request for GDPR compliance.