Xeneos AI Security Policy

1. Introduction

Xeneos Consulting Limited (Company No. 13759590), trading as Xeneos AI, is committed to ensuring the security of our users' data and our platform. This security policy outlines our practices and procedures for maintaining security in accordance with UK data protection laws, EU GDPR, and international security standards.

We are registered with the UK Information Commissioner's Office (ICO) under registration number ZB497557 and comply with applicable data protection and cybersecurity regulations.

2. Reporting Security Issues

We welcome security researchers, ethical hackers, and technology enthusiasts to participate in our responsible disclosure program. We provide safe harbor for security testing conducted in good faith and may offer rewards for vulnerability discoveries based on severity and potential impact.

If you discover a security vulnerability, please report it immediately to security@xeneos.ai. Include:

• A detailed description of the vulnerability

• Clear steps to reproduce the issue

• Any relevant screenshots, logs, or proof-of-concept code

• Potential impact assessment

• Your contact information for follow-up

We commit to:

• Acknowledging receipt within 1 business day

• Working with you to validate and resolve the issue

• Giving appropriate credit if desired

We value the security community's contributions in keeping Xeneos AI secure. All legitimate reports will be thoroughly investigated and addressed with appropriate urgency.

3. Our Security Practices

3.1. Data Protection

• All data is encrypted in transit using TLS 1.2 or higher

• Data at rest is encrypted using industry-standard encryption

• We collect only essential user information, adhering to GDPR data minimization principles

• User data is stored securely with role-based access controls and regular access reviews

• Data retention policies comply with UK GDPR requirements

3.2. Authentication

• Industry-standard authentication protocols

• Multi-factor authentication support

• Secure session management

3.3. Infrastructure

• Regular security audits and vulnerability assessments

• Timely security updates and patches following security advisories

• 24/7 monitoring for suspicious activities and security incidents

• Incident response procedures aligned with UK GDPR breach notification requirements

• Regular backup procedures with secure off-site storage

4. Data Breach Response

In the event of a personal data breach, we will:

• Notify the UK Information Commissioner's Office (ICO) within 72 hours where required by UK GDPR

• Notify affected users without undue delay if the breach is likely to result in high risk to their rights and freedoms

• Document all breaches and maintain records as required by law

• Take immediate steps to contain and remedy the breach

• Cooperate fully with regulatory authorities and affected users

5. User Responsibilities

To help maintain the security of your account:

• Use secure authentication providers you trust

• Keep your OAuth provider account secure with strong passwords and two-factor authentication

• Never share access to your authorized Xeneos AI sessions

• Report suspicious activities immediately

6. Updates to This Policy

We may update this Security Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page.

7. Contact Us

For security-related inquiries, please contact:

Security Team: security@xeneos.ai
General Inquiries: legal@xeneos.ai

Xeneos Consulting Limited (Company No. 13759590)
Trading as Xeneos AI
Registered in England and Wales
Swift House, Ground Floor,
18 Hoffmanns Way,
Chelmsford,
Essex,
CM1 1GU
United Kingdom
ICO Registration Number: ZB497557