Security and Compliance

A translation management system you can trust with your data

Protecting your data and information privacy is a priority for us, which is why we strictly comply with current privacy regulations and standards to ensure that XTM is a solution you can trust.


We are strongly committed to upholding the highest security and data-protection standards in our product.

We encrypt your data while it is in transit with the TLS 1.2/1.3 protocol, ensuring that no data is transferred across networks unencrypted. Plus, your passwords are encrypted with SHA2 and a random SALT value to ensure they are safe. If you are using our Private Cloud solution, your data at rest is encrypted using Amazon EBS encryption with the AES-256 algorithm.
Network and operations security
We take guidance from the industry standard guidelines (NIST) and benchmarks (CIS) to protect our networks and operating systems. Production, testing, and development servers are separated from each other. Our DevOps and Security teams constantly monitor our infrastructure and automatically take appropriate actions as soon as something unusual is noticed.
Access management
We implement a Segregation of Duties (SoD) and the Principle of Least Privilege (PoLP) approach. Access restrictions are role based (RBAC), strictly monitored, and reviewed on a regular basis. No access to customer data is possible without two-factor authentication.
Data residency
Your data can be stored in a chosen geolocation. Our Public Cloud is located in France, and our Premium Public Cloud is in the United States. Our Private Cloud options allow our customers to choose their preferred AWS region.
We offer multiple secure authentication and authorization options. For authentication, XTM supports customer configurable password requirements. XTM supports two-factor authentication, single sign-on (SSO) via the SAML as well as OAuth2 standard, and the Active Directory integration.
Security awareness training
Our security team conducts internal security awareness training on a continuous basis for all employees who may handle customer data.


Our company places the utmost importance on compliance, ensuring that all regulations and guidelines are strictly adhered to.

ISO 27001 certified
We are audited annually by a third party to ensure we meet ISO 27001 standards (International standard for information security).
NIST Cybersecurity Framework standard
By adhering to the NIST Cybersecurity Framework compliance, we affirm our determination to maintain a secure and resilient environment for our business operations.
General Data Protection Regulation (GDPR)
Our commitment to GDPR compliance reflects our dedication to upholding the rights and privacy of individuals in the handling of their personal data.
HIPAA Compliant
We prioritize HIPAA compliance through stringent measures, training, and robust safeguards to protect patient information.
Penetration tests
Independent third-party penetration testing of the XTM application is carried out on an annual basis by an independent penetration testing company. Penetration testing includes, but is not limited to, the OWASP top 10 vulnerabilities. Each new version of XTM undergoes internal penetration testing as part of each new release.

Click here to read XTM’s Privacy Policy.

Mateusz Pacek
Mateusz Pacek

Security is at the core of our business, which is why we manage risk with the most up-to-date approach in the constantly changing world of information security.

Mateusz Pacek

Information Security Officer at XTM

Ready to get started?

Book your XTM Cloud demo today or start your free 30-day-trial and start harnessing the power of leading translation technology.