Data Security and Compliance


The Customer Value Maximization Platform is architected with sound infosec principles. Nothing in the Customer Value Maximization platform is accessible to internal and external stakeholders, other than nominated IT users. It is architected with multiple layers of security.


Xerago deploys the Customer Value Maximization platform on a shared-nothing private cloud or on your servers, in both instances isolated from the internet.


All user sessions and Application to Private Cloud connections are secured via HTTPS using 2048 bit Certificates with strong 256 bit encryption.

All data belonging to your Bank is stored entirely in your Private Cloud which is inaccessible via public Internet.

All Personally Identifiable Information is stored in a separate token vault.


All ports and servers are closed to the public Internet, with the exception of two HTTPs 443s ports.

Xerago uses Intrusion Detection System (IDS) sensors to detect and alert unauthorized efforts for network access.

Risk mitigation

Xerago ensures that the risk and vulnerability management, incident response, mitigation, and resolution process is agile and precise.

Xerago identifies potential security vulnerabilities to improve the security of the Customer Value Maximization Platform overall. Our security team also ensures that high risk vulnerabilities are addressed prior to each release.

Regulatory / Standards Compliance

Below is the list of certifications, standards and regulations that the platform complies with.

SOC2 – Type II

Xerago is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles of security, privacy, confidentiality, availability, and processing integrity.



The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.


(Open Web Application Security Project)

OWASP is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Customer Value Maximization Platform ensures implementation and monitoring of coding best practices outlined in the Open Web Application Security Project (OWASP) guidelines.


The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.


The TCPA (The Telephone Consumer Protection Act of 1991) restricts telephone solicitations and limits the use of automatic dialing systems, artificial or prerecoreded voice messages, SMS texts and fax machines primarily to safeguard consumer privacy.

Customer Data Confidentiality

Xerago does not use or share customer information collected on behalf of the client except as may be allowed in the agreed contract and as mentioned in the Customer Value Maximization Platform Terms of Use and Privacy Policy.


The approach and steps taken by Xerago help safeguard the security of the Customer Value Maximization Platform and customer data. Banks can lessen their worries with the Customer Value Maximization Platform, knowing that the integrity and security of their data is fully intact.

Get in Touch

For queries regarding our Customer Cloud or our Professional Services

* Mandatory

captchaLoading Page - Xerago

By submitting this form, I provide consent to be contacted by Xerago for promotions. Please select your preferred communication mode:


Xerago takes your privacy very seriously. Please see our Privacy policy for more information on how we use your data.



Thank You

for reaching out to us. One of our representatives will get in touch with you shortly.