Our Privacy Policy

Last updated July 7, 2024

Xemphis, Inc. ("Xemphis", "us", "we", or "our") operates several websites and services including https://www.xemphis.com and related subdomains (the "Service"). It is our policy to respect your privacy regarding any information we may collect while operating our Service.

The GDPR and Xemphis

On privacy, the GDPR and why it is important

In order to offer greater privacy and control of data for individuals who use or are stored within our Service, we will apply the GDPR to all individuals who are stored within or use our Service, whether inside or outside of the EU. We believe in the GDPR and support increased privacy for everyone.

General Data Protection Regulation (GDPR)

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws).

The GDPR is a comprehensive set of regulations that dictates what companies like us must do in order to properly protect our customers' data. Even though we are not a European company, we have many customers in the EU and we fully comply with these regulations. This document explains in simple terms what we're doing in order to ensure compliance.

It will come into effect on May 25, 2018. Note: The full GDPR regulations are extremely long and complicated. This isn't meant to be a comprehensive list of every single thing we do to protect your data, but rather it's a simple summary so that you can have a good idea of the protections we have in place. Please feel free to reach out to us at admin@getxemphis.com if you have questions about specific items that aren't addressed here.

Technical Security

Our customers entrust us with very important data for their businesses. Keeping your data secure and private is of the utmost importance, and so we are careful to follow industry best practices. A lot goes into online security, but here are some of the main things we do that might interest you:

  • All connections to our Service are encrypted using 256-bit encryption.
  • We never store passwords as plain text – they are always hashed and salted securely using bcrypt.
  • Our infrastructure provider is Google Cloud and our primary servers are located in the United States of America. Even though GDPR is a European regulation, it does not require that data be hosted physically within the EU.
  • All Xemphis employees are required to use non-SMS 2FA on all first- and third-party services. When non-SMS 2FA is unavailable, we require use of SMS 2FA. We always require strong passwords, regardless of 2FA availability.
  • We regularly perform external vulnerability scans and application penetration tests to monitor the status of our security efforts.

Data Processing Officer

We have appointed a Data Protection Officer. They may be contacted at admin@getxemphis.com.

Data Breach Notification Plan

We work hard to keep our software secure so that there are no data breaches. In the event that there is a data breach, we have a plan in place that fully complies with the requirements laid out by GDPR. You can read our full plan below.

The specifics of our response to a data breach would of course depend on the details of the breach itself (the method of the breach, what data was compromised, etc.) but here is an outline of how we will approach the situation:

  • Assigning roles and responsibility.
  • Investigate the type and scope of the breach.
  • Address immediate threats.
  • Notify the appropriate parties of the breach.

Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of the Service.

Contact

If there are any questions regarding this document, you may contact us at admin@getxemphis.com.