How we protect your data

As a security company, we do not want to become your next attack vector. Here are some guidelines we follow.

🔒 Xeol only has access to metadata on the software used in your builds and no PII, PHI, or PCI.

🔒 Xeol is open source so you can audit as you see fit.

🔒 Xeol encrypts all data at rest with AWS RDS encryption using industry-standard AES-256 algorithm.

🔒 Xeol only sends data over TLS 1.2 or greater.

🔒 Xeol will remove all your company data within 3 months of end of service. This can be expedited if you message us at


If you still have any concerns on the data that we are holding on your behalf, please message us at