Security Policy

Effective Date: July 23, 2025 | Version 1.0
Our Security Commitment

At Gixo.ai, we take the security of your data seriously. This policy outlines our comprehensive security practices and your role in maintaining a secure AI content generation environment.

Infrastructure Security
Data Centers

Hosted on Microsoft Azure cloud infrastructure

SOC 2 Type II and ISO 27001 certified facilities

Geographically distributed for redundancy

24/7 physical security and monitoring

Network Security

Web Application Firewall (WAF) protection

DDoS mitigation

Intrusion detection and prevention systems

Regular security scanning and penetration testing

Data Protection
Encryption:
Type Standard Details
In Transit TLS 1.3 All communications encrypted
At Rest AES-256 All stored data encrypted
Key Management Azure Key Vault HSM protection
Database TDE Transparent data encryption enabled
Access Controls:

Role-based access control (RBAC)

Principle of least privilege

Multi-factor authentication for admin access

Regular access reviews and audits

Application Security

Authentication

Passwordless authentication with passkeys

OAuth 2.0 integration

JWT tokens with short expiration

Secure refresh token rotation

Session Management

Secure session tokens

Automatic session timeout

CSRF protection

HttpOnly and Secure cookie flags

Development Security
Secure Development Lifecycle:

Security reviews in design phase

Static application security testing (SAST)

Dependency vulnerability scanning

Code reviews by senior developers

Third-Party Security:

Vendor security assessments

Regular dependency updates

Supply chain security monitoring

Minimal third-party integrations

Operational Security
Monitoring and Logging

Centralized logging with tamper protection

Real-time security event monitoring

Automated alerting for suspicious activities

Log retention for compliance and forensics

Incident Response

24/7 incident response team

Defined escalation procedures

Regular incident response drills

Post-incident reviews and improvements

Compliance

We maintain compliance with:

User Security Responsibilities
Account Security

Use strong, unique authentication methods

Enable passkey authentication when possible

Don't share account credentials

Report suspicious activity immediately

API Security

Keep API keys confidential

Use environment variables for key storage

Rotate keys periodically

Implement rate limiting in your applications

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities:

We commit to:

Acknowledge receipt within 48 hours

Provide regular updates on progress

Credit researchers (if desired) after resolution

Not pursue legal action for good-faith disclosure

Security Updates

Stay informed about security updates:

Security bulletins at status.gixo.ai

Email notifications for critical updates

In-app notifications for account-specific issues

Contact Information

Security Team

Email: security@gixo.ai
PGP Key: Available on request
Response time: 24-48 hours

Company Address

Zencraft Consultancy Private Ltd.
19, KailashDhara,
R B Mehta Marg, Ghatkopar East,
Mumbai 400077
Maharashtra, India

This security policy is subject to change. Please check this page regularly for updates.
Last reviewed: July 2025 | © 2025 Zencraft Consultancy Private Ltd. All rights reserved.

AI-powered content operating system for modern creators. Create, optimize, and scale your content with intelligence.

© 2025 Gixo.ai. All rights reserved.

Legal

Terms of Service Privacy Policy Cookie Policy Acceptable Use

Billing

Refund Policy Billing Terms Disclaimer Legal Overview

Compliance

DPA GDPR Compliance Security Policy
Built with for content creators worldwide
High Contrast Mode Disabled
An error has occurred. This application may no longer respond until reloaded. Reload 🗙