Security & Trust Center

A translation platform you can trust with your data

If you are looking for our certifications, legal documents and compliance-related documents, you have come to the right place. On this page, you can access our contract terms, SLAs, SCCs, DPAs and everything compliance and security related.

Compliance Certifications

Key Documents

XTM key legal documents.

Subscription Agreement Terms
Definitions Schedule
Acceptable Use Policy
Service Level Agreement
Privacy & Cookie Policy
GDPR Compliance Statement
Data Processing Addendum
UK GDPR Addendum
Standard Contractual Clauses Controller to Processor
Standard Contractual Clauses Processor to Processor
HIPAA Privacy Policy
XTM Group Security Program and Policy

Our Approach

  • Encryption
    We encrypt traffic in transit with TLS 1.2/1.3. If you are using our Private Cloud solution, your data at rest is encrypted using Amazon EBS encryption with the AES-256 algorithm. Passwords are encrypted with SHA2 and random SALT value.
  • Backups
    Backups are done on a daily basis and are encrypted at rest. AWS snapshots are performed every 2 hours (3 consecutive versions stored) and every 24 hours (12 versions stored).
  • Disaster Recovery/Business Continuity
    We have formally defined DR/BC Plan that is tested on an annual basis.
  • IDS/IPS
    We constantly monitor security of our servers by logging and analysing all relevant activities to ensure our services are secure.
  • MFA / SSO support
    XTM offers multiple secure authentication and authorization options, such as: customer-configurable password requirements, MFA, Single Sign On (SSO), LDAP, Active Directory as well as Azure AD.
  • Role Based Access Control
    XTM is a role based system that allows users rights to be defined based on the roles they have and what rights you grant them.
  • Penetration tests
    Independent third-party penetration testing of the XTM application is carried out on an annual basis by an independent third-party penetration testing specialist company. Penetration testing includes but is not limited to OWASP Top 10 Vulnerabilities. Each new version of XTM undergoes internal penetration testing as part of new release.
  • SDLC with security focus
    We are committed to assess risk during the whole Software Development Life Cycle including design, implementation, deployment and maintenance stage.
  • Firewall
    Firewall rules are used to restrict unauthorized traffic. We benefit from the NIST’s “Guidelines on Firewalls and Firewall Policy”.
  • MFA
    No access to our systems is possible without MFA.
  • Security monitoring
    We actively monitor activities on our systems and perform automated or manual prevention actions if required. We use centralised logging and monitoring systems and an IDS/IPS solution.
  • Vulnerability scans
    We perform regular vulnerability scans of our systems, libraries and software by using industry leading solutions.
  • Segregation of Duties
    We implement a Segregation of Duties (SoD) approach to sustainable risk management and internal controls for a business. The principle of SoD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department.
  • Security Awareness Training
    XTM conducts security awareness training for all employees on a regular basis. We provide assessments to measure awareness level in the company. Simulated phishing attacks are part of the training program.
  • Risk Assessment Committee
    XTM has a formal Risk Assessment Committee that meets once a month and proactively acts to identify and mitigate possible risks.
  • Principle of Least Privilege
    The Principle of Least Privilege (PoLP) is used within XTM International, limiting access rights for users to the bare minimum required to fulfill their function.
  • Disk Encryption
    All workstations and laptops have disk encryption enabled by default.
  • Endpoint protection software
    Endpoint protection software’s virus database is updated on a daily basis and blocks all suspicious activities.
  • Centralized management
    Our endpoints are centrally managed which ensures compliance with our policies and standards.
  • Software whitelisting
    We implement software whitelisting that restricts usage of unapproved applications.

Customer testimonials

XTM Cloud forms a big global ecosystem of seamlessly connected accounts to which thousands of users connect daily. Overall, the result is better quality with fewer resources.”
Load allCollapse quote
XTM’s technical support is fast and helpful. They always solved our issues efficiently. The tool is so simple and fast, accessible from any computer, a lot better than Trados and Smartling. It also increases my speed as a translator. I changed computer… once and was able to authorize the device and start translating there in seconds, which is very good!
Load allCollapse quote
As a company which provides services to other brands, our service needs to be as efficient as possible. The improvements in localization quality and productivity brought about by the implementation of XTM Cloud were absolutely key.”
Load allCollapse quote
With Rigi, everyone is in control. Localization can keep up with the pace of development. We can now ship new features to the market in all languages faster than ever.
Load allCollapse quote
XTRF’s file management capabilities and invoicing procedures have also made life far easier for internal providers and have freed up time for them to focus on other important tasks.
Load allCollapse quote

Security is at the core of our business, which is why we manage risk with the most up-to-date approach in the constantly changing world of information security.

As an international business, we take compliance issues very seriously and we strive on a daily basis to exceed regulatory requirements.

Any security concerns?

If you think you may have discovered a vulnerability, please send us a note.