Xcelerator Labs Inc. Policies & Security / Privacy Practices
The purpose of this document is to establish written company policies for use in Risk Management, Training, and day-to-day management of the business.
Data Access/Classification Policy
Data Access management policies are designed to prevent the possibility of unauthorized access to client data or applications that handle client data. Xcelerator Labs Inc. (X.L. Inc) must protect restricted, confidential, or sensitive data from loss to avoid reputational damage and to avoid adversely impacting our customers.
This policy outlines the requirements for data access and the behaviors expected of employees when dealing with data and provides a classification of the types of data with which they should be concerned. The purpose of this document is to establish written company policies for Data Access and Classification for use in risk management, training, and day-to-day management of the business.
Any employee, contractor, or individual with access to X.L. Inc. systems or data.
CTO and only additional employees necessary to complete work are ever authorized to handle any PII
CTO and CEO must approve any systems or data access by any employee or contractor, and access is reviewed monthly
Data Classification - definition of in-scope data
PII (Personally Identifiable Information) - Any data that uniquely identifies the individual, such as SSN, first or last name, property address
Employees must complete X.L. Inc. security awareness training and agree to uphold the acceptable use policy.
An authorized employee must escort visitors to X.L. Inc. at all times. If you are responsible for escorting visitors, you must restrict their access to appropriate and approved areas only.
Employees must comply with all NDA documents as required for any projects assigned. Employees must never reference the subject or content of sensitive or confidential data publically or via systems or communication channels not controlled by X.L. Inc. For example, external e-mail systems not hosted by X.L. Inc. to communicate company business are not allowed.
Employees must keep all work areas clean and free of confidential materials. To maintain information security, employees must ensure that any/all printed in-scope data is not left unattended.
All employees must establish a secure password on all X.L. Inc. systems per the password policy. These credentials must be unique and not be used on other external systems or services.
Terminated employees will be required to return all records, in any format, containing personal information.
You must immediately notify CTO or internal technical support resources in the event that a device containing in-scope data is lost (e.g., mobiles, laptops, etc.).
Suppose you find a system or process you suspect is not compliant with this policy or the objective of information security. In that case, you have a duty to inform the CEO and/or CTO to take appropriate action.
While our services rely on the cloud infrastructure of AWS, any approved employee connecting to any systems must do so from a secure connection, without exception. An example of a secure connection would be any connection available in the X.L. Inc. office or a properly configured home office or cell phone/mobile connection. Employees must never connect to a public, unsecured, or shared network (such as a coffee shop wifi hotspot) while working with or using in-scope data. Seek guidance from the CTO or internal technical support resources before connecting to any network if you are unsure.
Client PII is always transferred directly from the client to X.L. Inc. cloud resources and is encrypted in transit and at rest throughout the lifecycle. In scope, data is prohibited from being downloaded to local computing resources for any reason.
Security / Privacy Practices
Xcelerator Labs Inc. is fully committed to providing the highest level of security possible.
We never access sensitive data.
Our cloud-based solution requires NO sensitive data to be shared or transmitted, and you are always in control of the exact data shown in the dashboard.
You can feel safe knowing our infrastructure meets or exceeds industry standards for storing and transmitting data. SOC 2 Type II, ISO 27001, FINRA compliant.
Data Centers and Infrastructure
We partner with AWS, a trusted vendor for Fortune 500 companies, financial institutions, and
government entities (including FINRA).
TLS 1.2 encryption
2048-bit certificate (SSL SHA-2 encryption) for all dashboard connections AES-256bit data encryption both in transit and at rest.
Data privacy is critically important to us. X.L. Inc. employs policies and internal systems to maintain the integrity and security of all data.