Encryption
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Customer-managed keys (BYOK) are available on Enterprise tiers.
Security is engineered into every layer of Xophia — from infrastructure to the agent runtime — and audited continuously.
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Customer-managed keys (BYOK) are available on Enterprise tiers.
Role-based access control with mandatory SSO/SAML, hardware-backed MFA for engineering staff, and just-in-time privileged access reviewed quarterly.
24/7 SIEM monitoring, immutable audit logs, and a documented incident response playbook with a 1-hour notification SLA for confirmed security incidents affecting customer data.
Third-party penetration testing is planned bi-annually as part of the SOC 2 Type II program. Findings, when present, are tracked publicly through our trust center on request.
Questions? Reach our team at legal@xophia.ai.