The EmaiI Signature Web Portal - Help Center

Xink Security

As a SaaS company, one of the frequent questions we get from prospects and customers has to do with how secure our hosting environment is. 

At Xink we strive to build a security-awareness culture. The Xink platform built with the words ‘privacy-by-design’, we imply that privacy and security as one of our biggest concerns and focus areas. Xink is a centralized management platform for company email signatures. With Xink, your company will:

Enforce and achieve brand consistency through email signatures.
Extend email marketing campaigns to email signatures.

At Xink we believe that the data on the platform is solely your data. We never share data to a third party, nor do we use third party to process your data.

There are several processes involved to make sure best security practices implemented and dated. We adhere to major security frameworks (ISO, NIST, OWASP) and develop, implement, enforce polies according to these standards. All employees required to knowledge and adhere to company's policies. We have a designated Security Team to achieve this goal.

Infrastructure

Xink is a cloud-based service (SaaS) hosted on Microsoft Azure. All Microsoft Azure data centers are certified with a following standards:

  • ISO 27001, 27017, and 27018
  • SOC 1 and 2

Microsoft Azure is the most secured, state-of-the-art infrastructure trusted by millions in the world, including US government. Along with outstanding up-time availability guarantee of 99.5% - 99.99% (according to SLA), backup and recovery systems, this makes a best choice for the Xink platform.

Microsoft Azure manages the security and compliance of the cloud computing infrastructure, and Xink manages the security and compliance of the software and data stored on Microsoft Azure infrastructure.

All access is strictly granted for solely on-need-to basis according to Security Role Privileges, which means that even a database developer cannot access database information where this is not relevant to his/her job.

Web servers

Clients access Xink web portal through the web site - app.xink.io. We encrypt all data, in transit and at rest. Xink requires HTTPS for all services using TLS (TLS 1.2, ECDHE_RSA with P-256, and AES_256_GCM) encryption with Forward Secrecy and Strict Transport Security (HSTS) enabled.

Databases

We offer different locations for our clients worldwide. There are currently five data centers available:

  • USA
  • Canada
  • United Kingdom
  • European Union
  • Australia

Databases are Azure SQL Database from Microsoft.

Data security

Encryption-at-rest
Windows and Linux virtual machines using Azure disk encryption, which uses Windows BitLocker technology and Linux DM-Crypt to protect both operating system disks and data disks with full volume encryption. We store passwords using a one-way, salted hash algorithm that can’t be decrypted.

Encryption-at-transfer
Xink requires HTTPS for all services using TLS (v1.2 or higher using non-deprecated cipher suites) with HSTS enabled and SHA-256 with RSA encryption. Forward Secrecy supported with most browsers.

Backups
Snapshots of the database are taken daily. Backups have the same protection in place as production databases

Application security

The Xink service is a web-based software as a service application. Users can access their data via web browser, mobile application (Android and iOS), or application programmatic interface (API).

Xink is developed following the security best practices defined by the OWASP Foundation and keeping a Security by Design approach at all times.

Xink platform

Integrations

We support several SaaS systems integrations with Xink account. We allow admins to access their accounts via Application Programming Interface (API). The Xink API is a RESTful interface, allowing you to programmatically update and access much of your data. All supported options:

  • Xink Developer API
  • Salesforce
  • Zendesk
  • Campaign Monitor

Login security

Xink admins can decide the mechanism used by their users to log in to their Xink accounts. Password will be good for 180 days and renewal is required after expiration. Admins can also force a Password Reset for all users in the organization. MFA is implemented as an extra security layer that can be chosen by the administrator.

User provisioning and deprovisioning

The combination of all roles assigned to the role group defines everything that a role group member can manage in his organization. For example, if you hire a new employee for your helpdesk staff, you simply add the new employee to the Help Desk role group, and he/she is ready to go.

Data Control

Clients are in a full control of their data; can request removal of data and it will be removed immediately. Otherwise, data will be stored for 3 (three) months automatically after account deactivation.

Operational security

Xink information security 

Xink maintains a formal information security management program with dedicated Security Team. This team is charged with implementing security controls and monitoring Xink for malicious activity.

Data

Xink securely (encrypted at rest) stores data that could be classified as person identifiable information (PII) such as name, organization, email, phone number manually entered or imported via API to Xink by the client. This include any other information provided by the client for use in their email signature.

Xink is not in control of what data client decides to include in their email signature. It is a solely the obligation of the client not to include an information that is not intended to be used in their email signature.

Human resources

Background check and pre-employment screening with a minimum of two references are the part of our hiring process. Background check could be conducted anytime, on any employee, with or without notice, if necessary.

Physical security 

Xink is a cloud-based service (SaaS) hosted on Microsoft Azure. Microsoft Azure manages the security and compliance of the cloud computing infrastructure. We have trusted physical security to Microsoft Azure and according to Microsoft policy, these are some of the implementations:

  • Building security, ID cards, biometric scanning, and everything physical to mention
  • Employee background checks and strict accessibility to location and physical hardwareo
  • Disposal procedures are in place and compliant with ISO 27001.
  • 24/7 monitoring of all datacenters, secured perimeters
  • Faulty drives are demagnetized and destroyed

Uninterruptible Power Supply (UPS) units provide back-up power in the event of electrical failure for critical and essential loads in the facility. Generators provide backup power for the entire facility. Xink personnel don’t directly access any serving or networking infrastructure; instead, we rely on Azure’s services. Please refer to how Microsoft secure data centers in Microsoft Azure Trust Center.

Network security 

Xink uses Virtual Private Cloud from Microsoft Azure and has designed the network architecture to be secure, scalable, and easily managed using the networking services and building blocks Microsoft Azure provides.

Our production infrastructure is locked down so that only our load balancer machines are allowed to receive external web traffic. Each host is assigned a role; security groups are used to define the expected traffic between these roles.

Microsoft Azure uses application isolation, operating system restrictions, and encrypted connections.

Risk and vulnerability management

Penetration Tests

Penetration tests are conducted on a monthly basis. Test results are reviewed and discussed regularly, and the penetration testing results are available on request from Xink via a support ticket (subject to NDA). Third party are free to conduct pen-test on our platform as long as they agree to:

  • Disclose all finding to Xink.
  • Not make findings public.

If vulnerability discovered/reported, Xink Info Sec team take all necessary steps to mitigate issue immediately.

Software development life cycle

Xink uses the git revision control system. Changes to Xink’s code base go through a suite of automated tests and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Xink employees are able to test changes before an eventual push to production servers and our customer base. Xink DevOps also have the ability to “cherry-pick” critical updates and push them immediately to production servers.

Incident response 

Xink maintains an Incident Response Plan designed to establish a reasonable and consistent response to security incidents and suspected security incidents. These incident response procedures detail how Xink Security triages, investigates, remediates, and reports on security incidents. According to GDPR law a breach must be reported to the local authorities within 72 hours of the breach and customers will be informed as soon as discovered breach confirmed.

Business continuity plan (BCP) and disaster recovery

At Xink we have a disaster recovery plan. All data can be restored up to two hours back. In a BCP scenario, the most important task is to get affected clients back to normal operation of business as soon as possible. At Xink we hold data that has been synchronized to Xink database and data held by a client can be reloaded into the system to regenerated email signatures without a hassle.

Signature templates, campaigns, logs etc. are restored quickly. Usually email signatures are stored locally on client devices so a disturbed service would not affect normal business for our clients. If server- side signatures are used in Office 365, connectors can easily be removed in the Office 365 tenant and hence bypass the Xink server delay until a potential issue has been resolved.

Data retention and disposal

You are in control of your data.

Privacy, certifications and compliance

Privacy Policy

We adhere to major current standards and follow the principals according to OWASP, NIST, ISO 27001 and SOC2. You can request Information Security Policy (ISP) for full details.

Certifications and compliance

Xink is a cloud-based service (SaaS) hosted on Microsoft Azure. All Microsoft Azure data centers are certified with a following standards:

  • ISO 27001, 27017, and 27018
  • SOC 1 and 2

GDPR

Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). XInk offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which XInk commits to process and safeguard personal data in accordance with GDPR requirements. This includes Xink’s commitment to process personal data consistent with the instructions of the data controller.

DPA

When you as a client utilizing the Xink platform, we need to mutually sign a Data Processing Agreement (DPA) which statutes Xink as the data processor and you as the client, the owner of data. With this DPA you give Xink the right to process the data for us to generate all email signatures, campaigns and all related services that you might have chosen for us to handle. Your data only stays on Xink platform.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.