Your Security is Our Priority.

Xplenty Security

We understand the sensitivity of your data. And we take all steps necessary to safeguard it. Keeping Xplenty secure is fundamental to the nature of our business. That’s why security is our number one priority.

Data Encryption

We use SSL/TLS encryption on all our websites and microservices satisfying the highest security and data protection standards. Sensitive Data such as connection credentials is encrypted anytime it is “at rest” in the Xplenty platform using industry standard encryption. In addition, we regularly verify our security certificates and encryption algorithms to keep your data safe.

Physical Security

Xplenty’s physical infrastructure is hosted and managed within Amazon’s data centers and utilizes the Amazon Web Service (AWS) technology. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

For additional information see:

Cloud Providers

Xplenty’s processing engine is powered by virtual machines (VMs) hosted and managed within our cloud provider’s data centers, depending on your account settings.

All communication to the processing engine virtual machines is done over SSH.

For additional information see:

Network Security

Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business requirement. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function.

Host-based firewalls restrict customer applications from establishing localhost connections over the loopback network interface to further isolate customer applications. Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed.

System Security

Operating system access is limited to Xplenty staff and requires username and key authentication. Operating systems do not allow password authentication to prevent password brute force attacks, theft, and sharing.

EU Data Privacy and GDPR

Xplenty has completed the preparations to meet the necessary requirements under EU General Data Protection Regulation (GDPR). The Xplenty Terms of Use include an updated Data Processing Addendum (DPA) to support customers’ GDPR compliance needs. Customers can enter into the updated data processing agreement here.

Credit Card Safety

When you sign up for a Xplenty paid account, we do not store any of your credit card information on our servers. Our third-party credit card or payment processors are Paymill and Stripe. Details about their security setup and PCI compliance can be found at Paymills’s security page and Stripe’s security page.

Report Issues

If you find a bug or security issue on our website, please let us know about it by sending an immediate e-mail to


If you’d like more detail about our security processes and practices, please email us: