Last updated: May 7, 2025
Exploitr is committed to maintaining the highest standards of security and data protection for our users and employees. Security is a crucial aspect of our operations, and as such we have designed our platform with this in mind from the very beginning.
This security policy highlights the measures we take to protect your data and ensure the integrity of our services and data.
All data stored or processed by Exploitr is encrypted in transit and at rest using industry-standard encryption protocols. This includes data transmitted over HTTPS and stored in our databases, cloud storage, and backups.
Any sensitive data used within the Attack Surface Center for integrations or cross-service functionality is encrypted using AES prior to being stored.
Exploitr’s software and services are hosted in secure data centers that comply with PCI DSS, ISO 27001, and other relevant security standards. These data centers are equipped with physical security measures such as access control, surveillance, and environmental controls to protect against unauthorised access and data loss.
Access to the Attack Surface Center is strictly controlled through role-based access control mechanisms. Once registered, users can only access the features and data they are authorised to view. All user actions are logged for auditing purposes.
Exploitr enforces multifactor authentication (MFA) for all user accounts to enhance security. Following the sign-up process, users are able to authenticate to the application using their username and password, as well as a one-time code sent to their registered email address. This can be updated to use an authenticator app for TOTP generation.
Exploitr maintains a regular patch management process to ensure that all software components, including third-party libraries and dependencies, are kept up to date with the latest security patches. This includes both the Attack Surface Center platform and any integrated services.
Internal infrastructure is regularly updated to ensure that all components are running the latest security patches. This includes operating systems, web servers, databases, and other software components.
Exploitr performs regular backups of all data stored in the Attack Surface Center. Backups are encrypted and stored securely to ensure data integrity and availability in case of data loss or corruption. Full backups are performed on a daily basis, with incremental backups taken every hour.
Exploitr’s infrastructure is designed with redundancy and failover mechanisms to ensure high availability and reliability. This includes load balancing, data replication, and automatic failover to backup systems in case of hardware or software failures.
Exploitr employs endpoint protection and anti-malware solutions to detect and prevent malicious activity on our systems. This includes real-time monitoring, threat detection, and response capabilities to protect against malware and other cyber threats.
Exploitr implements strict access controls for employees and staff who have access to sensitive data or systems. Access is granted based on the principle of least privilege, and all access is logged and monitored for suspicious activity.
Exploitr performs continuous security monitoring of our systems and networks to detect and respond to potential security incidents. We actually use our own platform and integrations to support this!
Exploitr follows secure coding practices and conducts regular code reviews to identify and mitigate security vulnerabilities in our software. We also perform static and dynamic analysis of our codebase to ensure that it exceeds expected security standards.