Trust and Security

Security & Compliance at Execo

At Execo, we take protecting client data seriously. Our security program is led by executive management and built on recognized standards, robust controls, and continuous risk management. This page highlights the safeguards we’ve put in place so you can validate our commitment to confidentiality, integrity, and availability of information.

This page provides an overview of our security practices and principles.

Data Governance & Privacy

We manage data according to strict internal policies and in compliance with global privacy regulations. Our governance framework ensures that data is classified, protected, and handled appropriately throughout its lifecycle.

  • Data Classification & Handling: We classify data into categories based on its sensitivity to ensure the appropriate level of protection is applied. Confidential data is encrypted at rest and in transit and is protected by strict handling procedures.
  • Privacy Compliance: We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our data processing activities are guided by the principles of lawfulness, fairness, transparency, and data minimization.
  • Data Subject Rights: We uphold the rights of individuals over their personal data, including the right to access, rectify, and request the erasure of their information.
  • Framework Alignment: Our security program is aligned with the principles of leading global standards and frameworks, including SOC 2 and ISO 27001.

Product & Infrastructure Security

We build security into our technology at every layer, from development to operations, to protect our systems from threats.

  • Secure Development: Information security is integrated into the design and implementation of our applications and systems throughout the development lifecycle.
  • Vulnerability Management: We proactively manage technical vulnerabilities through regular infrastructure scanning and annual third-party penetration tests. Identified vulnerabilities are tracked and remediated according to strict internal timelines based on severity.
  • Change Management: All modifications to our production environment follow a formal change management process, which includes testing in segregated environments, impact assessment, and documented approvals prior to deployment.
  • Segregated Environments: We maintain strict logical segregation between our development, staging, and production environments to protect the integrity of our operational systems.
  • Threat & Malware Protection: Our systems and endpoints are protected by advanced security solutions that provide detection, prevention, and recovery controls to protect against malware.
  • Logging & Monitoring: We generate and protect detailed event logs for our production systems to monitor user activities, exceptions, and security events, enabling timely investigation of suspicious activity.

Corporate Security

Our security posture is strengthened by our people, processes, and the physical security of our environments.

  • Personnel Security: All Execo personnel undergo background verification checks prior to employment in accordance with local laws. Employees and contractors are bound by strict non-disclosure and confidentiality agreements.
  • Security Training: Every employee and relevant contractor must complete comprehensive security awareness training within 30 days of hire and annually thereafter.
  • Physical Security: Our offices and facilities are protected by physical security perimeters and appropriate entry controls. Access for visitors and third parties to secure areas is logged and controlled.
  • Third-Party Risk Management: All vendors are subject to a due diligence process to ensure they meet our security and compliance standards before being granted access to Execo data or systems.

Incident Response & Responsible Disclosure

We are prepared to act swiftly in the event of a security incident to protect our customers and minimize impact.

  • Incident Response Plan: Execo maintains a formal Incident Response Plan with procedures for the detection, containment, investigation, and recovery from security events.
  • Breach Notification: In the event of a personal data breach that poses a risk to individuals' rights, we are committed to notifying the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of it. We will also communicate with affected data subjects in a timely manner if the breach poses a high risk.
  • Responsible Disclosure: We encourage the responsible disclosure of security vulnerabilities. If you are a security researcher and have found a potential vulnerability in our systems, please report it to security@execo.com. We are committed to working with you to resolve the issue and will not take legal action against those who report vulnerabilities in good faith.