Xfix Global Limited | Enterprise-Grade Security Framework
Last Updated: March 22, 2026 | Version 2.0
Protecting Your Data Across Our Global Ecosystem
Building Software, Empowering Business
At Xfix Global Limited, security is not an afterthought - it is embedded into every layer of our software engineering process. We are committed to protecting your data with enterprise-grade security measures that meet the highest industry standards. Our security framework encompasses infrastructure security, application security, data protection, access controls, and continuous monitoring to ensure the confidentiality, integrity, and availability of your information across all our platforms.
This Security page outlines our comprehensive security practices, policies, and commitments. We believe in transparency and provide this information to help you understand how we protect your data and what you can do to enhance your own security posture when using our services.
Uptime SLA
Encryption at Rest
Security Monitoring
Aligned Standards
Our infrastructure is built on enterprise-grade hosting services with multiple layers of security controls to protect your data.
We employ industry-leading encryption standards to protect your data both in transit and at rest.
All data transmitted between users and our servers is protected using TLS 1.2 and TLS 1.3 protocols, ensuring secure communication across the internet.
Data stored on our servers is encrypted using AES-256 encryption standards. Database encryption, file system encryption, and encrypted backups ensure comprehensive protection.
Encryption keys are managed using hardware security modules (HSMs) with strict access controls and regular key rotation policies.
All backups are encrypted with separate key management and replicated across multiple geographic regions for disaster recovery.
We implement strict access controls to ensure that only authorized personnel and users can access sensitive data.
Least privilege principle applied to all employee and system access. Permissions are granted based on job function and regularly reviewed.
MFA is required for all administrative access and available for all user accounts. We support authenticator apps, SMS, and hardware tokens.
Enterprise clients can integrate with their existing identity providers using SAML 2.0 or OIDC for seamless authentication.
Automatic session timeouts, concurrent session controls, and idle session termination to prevent unauthorized access.
Our security operations center provides 24/7 monitoring and rapid incident response capabilities.
Real-time threat detection, intrusion detection systems (IDS), and security information and event management (SIEM) with immediate alerting.
Centralized logging with 12-month retention for audit trails, forensic analysis, and compliance reporting.
Weekly automated vulnerability scans, quarterly penetration tests, and continuous security assessments of all systems.
Documented incident response procedures with dedicated response team, regular drills, and defined communication protocols.
Security is integrated into our software development lifecycle from design to deployment.
Security requirements, threat modeling, secure coding practices, and peer code reviews integrated into every development phase.
SAST, DAST, and manual penetration testing conducted regularly to identify and remediate vulnerabilities before deployment.
Adherence to OWASP Top 10 security best practices and regular testing against common vulnerability patterns.
Automated security gates in our CI/CD pipeline ensure vulnerabilities are caught before reaching production environments.
We maintain compliance with major regulatory frameworks and industry standards.
Information Security Management System alignment
EU data protection compliance for user privacy
Full compliance with Kenyan data protection regulations
Payment Card Industry Data Security Standard compliance
Healthcare data protection (where applicable)
Service Organization Control audits (in progress)
Comprehensive backup and recovery strategies ensure business continuity and data protection.
Daily automated backups of all databases and file systems with 90-day retention for rapid recovery.
Backups replicated across multiple data center locations (Europe, USA, Kenya) for disaster resilience.
RTO: 4 hours for critical systems | RPO: 24 hours maximum data loss for routine operations.
Quarterly disaster recovery drills validate backup integrity and restoration procedures.
Security is a shared responsibility. Here's how you can help protect your account and data.
Use unique, complex passwords for your account. Avoid reusing passwords across multiple services.
Multi-factor authentication adds an essential layer of security. We strongly recommend enabling it.
Always log out when accessing your account from shared or public devices.
Immediately report any unauthorized access or suspicious activity to security@xfixglobal.com.
If you discover a security vulnerability in any of our platforms, we encourage responsible disclosure.
Please report security vulnerabilities to security@xfixglobal.com. We will investigate and respond promptly. We appreciate your help in keeping our platforms secure.
Within 48 hours
Within 5 business days
Based on severity level
For security-related inquiries, please reach out to our dedicated security team.
security@xfixglobal.com
dpo@xfixglobal.com
For privacy-related concerns, please refer to our Privacy Policy or contact privacy@xfixglobal.com.