XFlow logoEco Sys Ver 3.4.1

Support: [email protected]|Contact page

Security

Security Overview

Security practices for ecosystem accounts, workspaces, authentication, Verixet handoff, entitlements, and operational data.

These pages are written as public product policy surfaces for the ecosystem and should be reviewed by counsel before being treated as final legal advice.

Covered ecosystem apps

XFlowControl PlaneWorkspace operations, app visibility, deployment context, incidents, activity, and dashboard access.VerixetBilling & EntitlementsSecure checkout, consent records, trial terms, subscriptions, usage, credits, entitlements, and access governance.RataifyTrust & ReputationReputation workflows, trust signals, review intelligence, credibility tracking, and related operational context.AudAiXMonitoring & DiagnosticsOperational diagnostics, signal health, monitoring, readiness checks, and issue intelligence.WordGeniWriting IntelligenceWriting strategy, drafts, documents, content support, and text intelligence workflows.CrevuxCreative StudioCreative AI workflows for visual, image, video, and document-to-visual production.

Account Security

The ecosystem supports hashed passwords, email verification, OAuth sign-in where configured, MFA or passkeys for privileged paths, session controls, audit events, and rate-limited authentication surfaces.

XFlow can create the first account. Verixet then governs billing, consent, entitlement, usage, and access state for paid or bundled access.

Data Protection

Production systems should use encrypted transport, secret-managed credentials, environment-specific public URLs, tenant-aware access checks, and audit trails for sensitive account, workspace, billing, and entitlement events.

Production signup, handoff, callback, authority, and return URLs must not resolve to localhost or 127.0.0.1.

Reporting Security Issues

Security concerns should be sent through the support or legal contact listed on this site with enough detail to reproduce and assess the issue.

Do not publicly disclose vulnerabilities before the ecosystem has had a reasonable opportunity to investigate and remediate.

Related policy pages

Terms of ServicePrivacy PolicyBilling TermsAcceptable UseCookie PolicySecuritySubprocessors