Security FAQ
Last Updated: February 13, 2025
Infrastructure Security
Where is DeepXL's infrastructure hosted?
Our infrastructure is hosted in SOC 2 Type II certified data centers in the United States through Google Cloud Platform. We maintain redundancy across multiple availability zones to ensure business continuity and meet financial industry requirements. Our infrastructure design prioritizes both security and availability, ensuring that financial institutions can rely on our services for their critical operations.
How do you ensure physical security?
Our infrastructure providers maintain comprehensive physical security through multiple layers of protection. Each data center is staffed with security personnel 24 hours a day, 365 days a year. Access requires multi-factor biometric authentication, and all access is logged and monitored. Continuous video surveillance with 90-day retention provides additional security oversight. Environmental monitoring systems protect against physical threats, while regular third-party audits verify the effectiveness of these measures.
Data Security
How is customer data protected?
We implement security measures that meet and exceed financial industry standards. All data in transit is protected using TLS 1.3 encryption, while data at rest is secured with AES-256 encryption. We use Hardware Security Modules (HSM) for key management, ensuring the highest level of protection for encryption keys. Our network architecture incorporates advanced segmentation and next-generation firewalls. We continuously monitor our systems through automated security scanning and testing, with our security team providing additional oversight and response capabilities.
What is your backup strategy?
Our backup system is designed to meet the stringent requirements of financial institutions. We perform real-time replication across availability zones to ensure data durability. Our tiered backup approach includes daily incremental backups and weekly full backups, with all backups retained for a minimum of 30 days. We verify backup integrity monthly through automated and manual testing procedures. Our disaster recovery procedures are documented and regularly updated to ensure business continuity in any scenario.
Access Controls
How do you manage access to customer data?
We implement role-based access control (RBAC) following financial industry best practices. All access requires multi-factor authentication, and we conduct quarterly access reviews to ensure appropriate permissions. Our automated systems continuously log and monitor access patterns, flagging any unusual activity for immediate review. We use just-in-time access provisioning to minimize standing privileges, and our processes ensure immediate access revocation when personnel changes occur.
What are your password requirements?
Our password policies align with NIST standards while maintaining strong security. We require a minimum of 16 characters for all passwords, with complexity requirements enforced through our authentication systems. Privileged accounts must rotate passwords every 90 days, and we prevent password reuse across all accounts. We support integration with enterprise password managers to help users maintain strong, unique passwords. Our systems automatically lock accounts after failed authentication attempts to prevent unauthorized access.
Security Operations
How do you monitor for security incidents?
Our Security Operations Center (SOC) operates 24/7 to monitor and respond to security events. We use an enterprise-grade Security Information and Event Management (SIEM) platform to correlate and analyze security data from across our infrastructure. Our automated threat detection and response systems are supplemented by expert analysis from our security team. We integrate threat intelligence from multiple sources to maintain awareness of emerging threats and attack patterns.
What is your patch management process?
We maintain a comprehensive patch management program to address security vulnerabilities promptly. Critical security patches are evaluated and applied within 24 hours of release. Our weekly maintenance windows allow for regular system updates, while our automated vulnerability scanning ensures we identify and address potential weaknesses. All changes follow our formal change management procedures and are tested in separate environments before deployment to production.
Contact Information
For security matters, please contact us at security@deepxl.ai
For compliance inquiries, please email compliance@deepxl.ai