Security & Trust Center
A translation platform you can trust with your data
If you are looking for our certifications, legal documents and compliance-related documents, you have come to the right place. On this page, you can access our contract terms, SLAs, SCCs, DPAs and everything compliance and security related.
Compliance Certifications
Key Documents
XTM key legal documents.
Subscription Agreement Terms
Definitions Schedule
Acceptable Use Policy
Service Level Agreement
Privacy & Cookie Policy
GDPR Compliance Statement
Data Processing Addendum
UK GDPR Addendum
Standard Contractual Clauses Controller to Processor
Standard Contractual Clauses Processor to Processor
HIPAA Privacy Policy
XTM Group Security Program and Policy
Our Approach
- Encryption
We encrypt all traffic in transit with TLS 1.2/1.3. If you use our Private Cloud solution, your data at rest is encrypted using Amazon EBS encryption with the AES-256 algorithm. Passwords are stored using modern hashes. - Backups
Backups are performed daily and are encrypted at rest. AWS snapshots are performed every 2 hours (3 consecutive versions stored) and every 24 hours (12 versions stored). - Disaster Recovery/Business Continuity
We have formally defined a DR/BC Plan that is tested on an annual basis. - IDS/IPS
We constantly monitor our servers by logging and analyzing all relevant activities to ensure the security of our services.
- MFA / SSO support
XTM offers multiple secure authentication and authorization options, such as: Customer-configurable password requirements, MFA, Single Sign On (SSO), LDAP, Active Directory, and Azure AD. - Role Based Access Control
XTM is a role-based system that allows users to define their permissions based on their roles and the rights you grant them. - Penetration tests
An independent third-party penetration-testing specialist company carries out annual testing of the XTM application. Penetration testing includes, but is not limited to, the OWASP Top 10 Vulnerabilities. Each new version of XTM undergoes internal penetration testing as part of the latest release. - SDLC with security focus
We are committed to assessing risk during the entire Software Development Life Cycle including design, implementation, deployment, and maintenance stages.
- Firewall
Firewall rules are used to restrict unauthorized traffic. We follow the NIST’s “Guidelines on Firewalls and Firewall Policy”. - MFA
Access to our systems is only possible with MFA. - Security monitoring
We actively monitor activities on our systems and perform automated or manual prevention actions if required. We use centralized logging and monitoring systems and an IDS/IPS solution. - Vulnerability scans
We perform regular vulnerability scans of our systems, libraries and software by using industry leading solutions.
- Segregation of Duties
We implement a Segregation of Duties (SoD) approach to sustainable risk management and internal controls for a business. The principle of SoD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. - Security Awareness Training
XTM conducts security awareness training for all employees on a regular basis. We provide assessments to measure awareness levels in the company. Simulated phishing attacks are part of the training program. - Risk Assessment Committee
XTM has a formal Risk Assessment Committee that meets once a month and proactively acts to identify and mitigate possible risks. - Principle of Least Privilege
The Principle of Least Privilege (PoLP) is used within XTM International, limiting access rights for users to the bare minimum required to fulfill their function.
- Disk Encryption
All workstations and laptops have disk encryption enabled by default. - Endpoint protection software
Endpoint protection software’s virus database is updated daily and blocks all suspicious activities. - Centralized management
Our endpoints are centrally managed, which ensures compliance with our policies and standards. - Software whitelisting
We implement software whitelisting that restricts the usage of unapproved applications.
Customer testimonials
XTM Cloud forms a big global ecosystem of seamlessly connected accounts to which thousands of users connect daily. Overall, the result is better quality with fewer resources.”
Load allCollapse quote
Vincent Rigal
CAT Tools Products Owner, Acolad
XTM’s technical support is fast and helpful. They always solved our issues efficiently. The tool is so simple and fast, accessible from any computer, a lot better than Trados and Smartling. It also increases my speed as a translator. I changed computer… once and was able to authorize the device and start translating there in seconds, which is very good!
Load allCollapse quote
Verified User in Computer & Network Security
Enterprise (>100 emp.)
As a company which provides services to other brands, our service needs to be as efficient as possible. The improvements in localization quality and productivity brought about by the implementation of XTM Cloud were absolutely key.”
Load allCollapse quote
Alex Katsambas
Senior Head of Localization Services, FARFETCH
With Rigi, everyone is in control. Localization can keep up with the pace of development. We can now ship new features to the market in all languages faster than ever.
Load allCollapse quote
Maryla Obszarski
Localization Manager, LexisNexis® Intellectual Property Solutions
XTRF’s file management capabilities and invoicing procedures have also made life far easier for internal providers and have freed up time for them to focus on other important tasks.
Load allCollapse quote
Simonetta Buccellato
Co-founder, LexTranslate
Security is at the core of our business, which is why we manage risk with the most up-to-date approach in the constantly changing world of information security.
As an international business, we take compliance issues very seriously and we strive on a daily basis to exceed regulatory requirements.
Any security concerns?
If you think you may have discovered a vulnerability, please send us a note.