Data Security

Data Security

Data security is fundamental to everything we do. We prioritise customer trust. We know that customer data is vital to our customers’ values and operations. That is why we keep it private and safe. We ensure customers maintain control of their privacy and data security in a range of ways:

Data Encryption

All the data we handle is encrypted throughout the chain, both in transit (input/output) and at rest. Our systems are regularly penetration-tested and upgraded in line with international best practice and standards.

ISO Certification

Xtremepush has been awarded ISO 27001 certification, the internationally recognised information security standard. You can read more about this award here
We provide compliance with high-security standards, such as encryption of data in motion over public networks, hosting at Tier IV or III+, and ISO 27001, ISO 9001, ISO 27017 and ISO 27018 compliant facilities, Distributed Denial of Service (“DDoS”) mitigations, operation of a mature Information and Security Management System, and an Engineering team that is on-call 24/7 to respond to security alerts and events.

Data Protection Officer

Xtremepush employs a full-time Data Protection Officer. The role of the DPO is to monitor all activity across the Xtremepush platform and carry out regular audits. They are responsible for overseeing our cybersecurity frameworks and data protection policies, ensuring company-wide compliance.

Access Management

Xtremepush provides an advanced set of access features to adhere to the principle of least privilege and help customers effectively protect their information. This includes support for corporate single sign-on via our active directory integration. We are a first-party data solution provider; your data is your data. We do not access or use customer content for any purpose other than providing, maintaining and improving the Xtremepush services and as otherwise required by law.


Where do we store our data?

Xtremepush stores shared cloud data in the E.U. and U.S. Private cloud and on-premise deployment options are available for clients who have specific data-hosting requirements.

I am a U.S. sports betting & gaming brand operating under strict geo-restrictions. Do you have experience of this?

Yes. We currently work with a number of U.S. brands with similar obligations. We have a dedicated U.S. environment hosted in Virginia. This exclusively handles API calls and data-processing for U.S. clients, satisfying legislation and ensuring optimal performance.

Is Xtremepush GDPR compliant?

Yes. We operate in full compliance with GDPR and other data-sovereignty legislation.

What potential impact will Brexit have on how you store and transfer data?

Xtremepush is Brexit-ready. We have dedicated servers in the E.U. (Ireland and Frankfurt), U.S. and U.K. If you are concerned about the effect of Brexit on your current data and marketing operations then get in touch.