Trust and security
At xpna, we recognise the responsibility that comes with being entrusted with your, or your customer's, financial data. We are wholeheartedly committed to its protection. xpna complies with all relevant legislation relating to the security and privacy of customer data.
You own your data
All intellectual property rights and ownership of data are fully retained by the customer. You have the ability to control access to your data and can remove an organisation from your xpna account whenever you choose. When you do so xpna will also revoke any related access tokens.
When you, the customer, or users you have granted access to, either manually input data or connect a cloud accounting platform to your xpna subscription, information is transferred across the internet to xpna’s secure servers. Your use of our subscription services constitutes consent for relevant data to be transferred and stored in accordance with this Policy.
When you, the customer, or users you have granted access to, either manually input data or connect a cloud accounting platform to your xpna subscription, information is transferred across the internet to xpna’s secure servers. Your use of our subscription services constitutes consent for relevant data to be transferred and stored in accordance with this Policy.
Hosting & physical security
xpna operates entirely within the Microsoft Azure cloud, a platform renowned for its robust security and privacy features. For more specific details on Azure's security and compliance measures, please visit: Azure Trusted Cloud. All data is stored in Azure data centres located in Australia.
Encryption
All data is encrypted at rest using 256-bit AES encryption. All communication from a user's machine to our servers is over HTTPS and is SSL 256-bit AES encrypted.
Data protection and backup
We employ stringent data protection measures, backing up and encrypting your data with 256-bit AES encryption. This data is then securely stored in a secondary data centre, with backups as frequent as every 10 minutes. Such redundancies ensure that, in the unlikely event of a disruption at our primary facility, our services can be quickly restored from an alternate location.
User access & account security
Being a certified add-in for Microsoft Excel, xpna seamlessly integrates with the Microsoft account system. This integration allows us to leverage Microsoft's extensive security protocols, adding an additional layer of protection to your data. xpna does not have, and will never ask you for, your password. Though it is not a requirement, xpna recommends Microsoft 365 multi-factor authentication for all users.
Workspaces
An xpna workspace is a comprehensive collection of both data and associated metadata. Typically, individual businesses will have a unified workspace for their data, consolidating information from various sources for reporting. On the other hand, professionals such as accountants, bookkeepers, and fractional CFOs will generally maintain distinct workspaces for each of their clients to ensure data and metadata segregation.
Vulnerability Disclosure
xpna maintains a vulnerability disclosure policy. This policy allows security researchers to responsibly share their findings with us. If you think you have found a potential vulnerability in our application, please review the policy and submit your findings to security@xpna.co.