Security
How Exagon Global protects your data across enterprise systems, cloud infrastructure, and our AI platform.
1. Our Commitment
Exagon Global delivers mission-critical technology to governments, financial institutions, and enterprises. Security is embedded in our architecture, operations, and culture — not treated as an afterthought.
This page summarises our security practices. For contractual security requirements, contact legal@exagonglobal.com.
2. Infrastructure Security
- Hosting on hardened cloud and dedicated server environments with network segmentation
- TLS 1.2+ encryption for data in transit across all public endpoints
- Encryption at rest for databases, backups, and sensitive file storage
- Firewalls, intrusion detection, and DDoS mitigation at network edge
- Regular patching and vulnerability management across OS and application layers
- Automated backups with tested restore procedures
3. Access Control
- Role-based access control (RBAC) with principle of least privilege
- Multi-factor authentication (MFA) for administrative and platform access
- Single sign-on (SSO) support for enterprise clients where configured
- Audit logging of privileged actions and authentication events
- Periodic access reviews and immediate revocation on offboarding
4. Application Security
- Secure software development lifecycle (SDLC) with code review
- Dependency scanning and third-party library monitoring
- Input validation, output encoding, and OWASP-aligned controls
- API authentication, rate limiting, and abuse prevention
- Penetration testing and security assessments on critical systems
5. Data Protection
Personal and business data is classified by sensitivity. Handling procedures align with GDPR and client contractual requirements. Data minimisation and retention limits are applied as described in our Privacy Policy.
- Logical tenant isolation for multi-tenant Platform accounts
- Encrypted credential storage and secrets management
- Secure deletion procedures on account termination (subject to legal retention)
6. AI & Automation Security
AI agents and automation workflows operate within defined permission scopes. Prompt injection mitigations, content filtering, and human-in-the-loop options are available for high-risk use cases.
7. Incident Response
We maintain an incident response plan covering detection, containment, eradication, recovery, and notification. Where a personal data breach poses risk to individuals, we notify supervisory authorities and affected parties as required by GDPR within 72 hours where feasible.
Report suspected security issues to privacy@exagonglobal.com with "Security Report" in the subject line. Please include steps to reproduce and impact assessment where possible.
8. Compliance & Certifications
Exagon Global aligns its security programme with internationally recognised frameworks. Certification status varies by product line and engagement:
- ISO 27001 — information security management (programme alignment / certification in progress where indicated on marketing materials)
- SOC 2 Type II — controls for security, availability, and confidentiality (where applicable to hosted services)
- GDPR — EU data protection compliance
- PCI DSS — payment card data handled via certified payment processors; we do not store full card numbers on our servers
9. Vendor & Subprocessor Management
Third-party providers undergo security assessment before integration. Contracts include data-protection obligations, breach notification requirements, and audit rights where appropriate.
10. Contact
Security enquiries: privacy@exagonglobal.com
Legal / DPA requests: legal@exagonglobal.com