Security

Security is not an afterthought.

XamOps operates in your cloud environment. We take that responsibility seriously. Here is exactly how we handle your data, access, and infrastructure.

TLS 1.2+

in-transit encryption

AES-256

at-rest encryption

Zero keys stored

IAM role federation only

Full audit log

every action, every account

How we protect your environment

Built-in security at every layer.

Infrastructure

Data Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Encryption keys are managed through cloud-native KMS services with automatic rotation.

Access Control

Least-Privilege Access

XamOps requests only the IAM permissions required to perform its functions. Read-only access for cost and monitoring features. Scoped write access for automation actions, with explicit opt-in per action type.

Credentials

No Credential Storage

XamOps uses cross-account IAM roles and federated identity — we never store cloud provider credentials or long-lived access keys. Authentication flows through your existing identity provider.

Compliance

Audit Logging

Every action taken by XamOps in your cloud environment is logged with timestamp, resource ID, action type, and outcome. Logs are available in your own account and exportable on demand.

Infrastructure

Network Isolation

XamOps infrastructure runs in isolated VPCs with no inbound public access. All outbound communication to cloud provider APIs is logged and monitored for anomalies.

AppSec

Vulnerability Management

Dependencies are scanned on every build. Critical CVEs are patched within 24 hours. Container images are rebuilt weekly against updated base images regardless of dependency changes.

Compliance

Where we stand today.

SOC 2 Type II

Audit scheduled Q3 2026In progress

ISO 27001

Roadmap H2 2026Planned

GDPR

Data processing agreements availableCompliant

CCPA

Privacy controls in placeCompliant

Security FAQs

What permissions does XamOps need in my cloud account?

XamOps uses cross-account IAM roles with least-privilege policies. The exact permissions depend on which features you enable. Read-only cost and monitoring features require only describe and list permissions. Automation features require scoped write permissions that you explicitly approve.

Does XamOps store my cloud credentials?

No. XamOps uses IAM role federation and never stores access keys or secrets. Authentication happens through your cloud provider's native trust mechanism.

Where is my data stored?

Cost and usage metadata is stored in AWS infrastructure in your chosen region. Customer data is never shared with third parties for advertising or analytics purposes.

Can I audit what XamOps does in my account?

Yes. Every action XamOps takes is logged in Actions History within the platform, and all API calls are visible in your cloud provider's native audit trail (CloudTrail, Azure Monitor, Cloud Audit Logs).

How do I report a security vulnerability?

Send details to security@xammer.in. We acknowledge all reports within 24 hours and aim to resolve critical issues within 48 hours.

Questions about security or compliance?

Reach our security team at security@xammer.in. We respond within 24 hours.

Pricing