Security Policy
Effective Date: July 23, 2025 | Version 1.0Our Security Commitment
At Gixo.ai, we take the security of your data seriously. This policy outlines our comprehensive security practices and your role in maintaining a secure AI content generation environment.
Infrastructure Security
Data Centers
Hosted on Microsoft Azure cloud infrastructure
SOC 2 Type II and ISO 27001 certified facilities
Geographically distributed for redundancy
Physical security controls are managed by our cloud infrastructure providers
Network Security
Web Application Firewall (WAF) protection
DDoS mitigation
Network monitoring and protective controls
Security monitoring and vulnerability management
Data Protection
Encryption:
| Type | Standard | Details |
|---|---|---|
| In Transit | TLS 1.3 | All communications encrypted |
| At Rest | AES-256 | All stored data encrypted |
| Key Management | Managed cloud key services | Provider-managed key storage and access controls |
| Database | TDE | Transparent data encryption enabled |
Access Controls:
Role-based access control (RBAC)
Principle of least privilege
Multi-factor authentication for admin access
Regular access reviews and audits
Application Security
Authentication
Secure email/password authentication
OAuth 2.0 integration
JWT tokens with short expiration
Secure refresh token rotation
Session Management
Secure session tokens
Automatic session timeout
CSRF protection
HttpOnly and Secure cookie flags
Development Security
Secure Development Lifecycle:
Security reviews in design phase
Static application security testing (SAST)
Dependency vulnerability scanning
Code reviews by senior developers
Third-Party Security:
Vendor security assessments
Regular dependency updates
Supply chain security monitoring
Minimal third-party integrations
Operational Security
Monitoring and Logging
Centralized logging with tamper protection
Real-time security event monitoring
Automated alerting for suspicious activities
Log retention for compliance and forensics
Incident Response
Security event monitoring and incident triage
Defined escalation procedures
Containment, remediation, and recovery workflows
Post-incident reviews and improvements
Compliance
We maintain compliance with:
User Security Responsibilities
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities:
We commit to:
Review reported issues and triage them based on severity
Provide status updates when appropriate
Credit researchers (if desired) after resolution
Security Updates
Stay informed about security updates:
Email notifications for critical updates
In-app notifications for account-specific issues
Contact Information
Security Team
Email: security@gixo.ai
Security inquiries and responsible disclosure reports are reviewed by our team
Company Address
Zencraft Consultancy Private Ltd.
A/10, Nootan Nagar, First Floor,
Bandra West,
Mumbai 400050
Maharashtra, India
This security policy is subject to change. Please check this page regularly for updates.
Last reviewed: July 2025 | © 2025 Zencraft Consultancy Private Ltd. All rights reserved.