Data Security

Crystal Delta take data security and privacy very seriously and we continuously look for opportunities to make improvements.

While it would not be prudent to share too much about what we do to protect our systems (since we would be effectively assisting malicious individuals who might try to compromise them), we can provide some general information about steps we take to keep your tenancy and your users safe.

Here are the measures we employ for securely storing the data you entrusted to us:

Protection from Data Loss & Data Corruption

  • Isolated Access
    Each Xen.Ed tenant has its own isolated configuration. This means that even if a tenant ever gets compromised or goes rogue, all other tenants should remain unaffected.
  • Regular Backups
    Databases are mirrored and backed up off site, across multiple facilities. We keep daily database backups.
  • Customer data regulation
    We never move any tenant or user data outside of our secured environment for testing or any other reason.

Application Level Security

  • Password salting and hashing
    Xen.Ed uses the most up-to-date and secure cryptographic methods. All Passwords are salted and hashed and never stored or transmitted as plain text. Xen.Ed team members cannot view or manually change passwords. If you forget your password it cannot be retrieved – and only be reset by the owner.
  • Encrypted Data Storage
    All user passwords are salted and hashed and never stored or transmitted as plain text.
    We do not store credit card details on our infrastructure. All credit card transactions are processed using secure encryption on a PCI-Compliant network.
  • HTTPS everywhere
    Xen.Ed forces all requests over HTTPS, ensuring all traffic between your tenancy and the user’s browser is encrypted. This means that anyone trying to eavesdrop on this data will not be able to decrypt and access the underlying data. Each tenancy powered by Xen.Ed get a free SSL certificate for lifetime. Xen.Ed uses TLS 1.2 exclusively, throughout its site and subdomains.
  • XSS vulnerability avoidance
    All user inputs are properly treated to ensure that XSS vulnerabilities are avoided.

Secure Software Development Life Cycle

  • Vulnerability Scanning & Patching
    We have automated systems in place that monitor all the software infrastructure that powers Xen.Ed for new versions and vulnerabilities. Our infrastructure is updated regularly with the latest security patches. Moreover, our in-house security expert is constantly on the lookout for things that could jeopardise our systems, ready to intervene. We test our systems regularly through simulated attacks from the outside and in.
  • Secure File storage
    Your uploaded files can only be accessed through Xen.Ed. Your learners can only access files intended for them. Only authorised Xen.Ed personnel can access your files, on a strict per-need basis.
  • Internal Controls
    For our employees, access rights and levels are based on job function and role, on a need-to-know basis, match defined responsibilities. All employees must abide by our policies about protecting customer data.
  • Security by design
    Our code is being developed following the latest patterns and industry best practices, and is constantly reviewed. Clear, readable and well-maintained code means secure systems.
  • Key management
    We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.

Data Center Security

The GDPR requires controllers and processors of personal data to “implement appropriate technical and organisational” measures to ensure a sufficient level of security.

Crystal Delta is a AWS Cloud partner and we primarily use the AWS Cloud as our third-party cloud storage subcontractor and we do not host customer data on our premises.

This means that all our servers are located at AWS premises, in 2 world-class data centres around the world:

  • East USA (Virginia)
  • Southeast Asia (Sydney)

Amazon Web Services is a leading cloud provider, and holds industry best security certifications, such as SOC2/3 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers. All servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorised personnel have access to the data centre. 24/7/365 onsite staff provides additional protection against unauthorised entry and security breaches. For more info on the AWS Cloud Platform physical server security check here.

  • High availability. We’ve designed Xen.Ed to ensure high availability throughout the platform. At every layer of the stack, we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.

Protecting Xen.Ed Against rogue or hacked users

We can secure ourselves, but if your computer gets compromised or someone gets into your Xen.Ed account, that’s not good for either of us. Therefore,

  • We require that you monitor and suspend accounts for signs of irregular or suspicious login activity.
  • Certain changes to a user account, such as requesting a password, will trigger email notifications to the account owner.
  • We monitor accounts and tenants activity for signs of abuse (both via automatic notifications and human reviewers).

Disclosure

We are working continuously to make our systems secure. But modern software is amongst the most complex artefacts ever created by humans and cybersecurity is a moving target.

If you do find any security issues, whether you are a user or security expert, please reach out to us at support@xen.education. We will make sure the issue is fixed and updated as soon as possible.

24/7 Support

Our support team is ready to help you answering all your questions. Feel free to contact us via one of the options.

Contact Support

Call us

Feel free to call us in working hours Mon - Fri (9:00 - 17:00 AEST). Our team will be happy to help answer your questions

+61 3 6146 1680

Send a message

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Read our Privacy Policy.

Account
Sign upLog inForgot password
Legal
Terms of ServicesPrivacy PolicyCookie PolicyData Security
In the spirit of reconciliation, Xen acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respects to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples.