legal
    09/19/2025, 09:13:42

    This X Security Statement

    thisxSystem9 minutes read

    This X considers security a core company value. Our security and compliance principles guide how we deliver AI products and services, enabling users to safely and easily access the digital world.

    Secure Personnel

    • Personnel Screening: We take data and client information security seriously, allowing only vetted employees and contractors access to sensitive resources.
    • Background Checks: All employees and contractors undergo background checks in accordance with local laws and industry best practices before engagement.
    • Confidentiality Agreements: All staff and contractors with access to sensitive or internal information sign Non-Disclosure Agreements (NDAs).
    • Security Training: Security culture is embedded in our business through regular training and testing covering the latest attack techniques and defense methods.

    Secure Development

    • Secure Development Lifecycle: All product development, including AI systems, support services, and cloud offerings, follows secure development lifecycle principles.
    • Design Review: New products, tools, services, and major changes to existing systems undergo security design reviews to ensure security requirements are met.
    • Developer Training: Team members involved in system development receive annual secure development training for relevant programming and scripting languages.
    • Web Security Standards: Software development adheres to industry standards such as OWASP Top 10.

    Secure Testing

    • Penetration Testing: Third-party penetration testing and vulnerability scanning are conducted regularly on all production and Internet-facing systems.
    • Pre-Deployment Scans: All new systems and services are scanned before going live.
    • Internal and External Testing: Internal engineers and external penetration testers evaluate new or significantly changed systems to provide a comprehensive security assessment.
    • Code Security Testing: Static and dynamic testing is performed on all code, including open-source libraries.

    Cloud Security

    • Customer Isolation: Multi-tenant cloud architecture ensures complete isolation; each customer environment is stored in a dedicated trust zone.
    • Data Encryption: All data is encrypted in transit and at rest to prevent unauthorized access.
    • Continuous Monitoring: Dedicated security experts continuously monitor the platform to protect customer data.
    • Access Control: Role-based access control and least privilege principles are enforced, with regular reviews and revocations.

    Compliance

    • SOC 2 Type 1 & 2: This X has completed SOC 2 Type I and II audits, confirming compliance with SOC 2 standards for information security practices, policies, procedures, and operations.
    • International Standards: Our security and compliance practices align with SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and other international standards.
    • Audit Reports: Customers can request access to audit reports via contact page to verify our commitment to security and compliance.