🔒 Security

Overview

xMagic is built on best‑in‑class security practices—end‑to‑end encryption, hardened infrastructure partners, and independently audited controls—so your data stays protected at every layer.

For legal specifics, see our Data Processing Agreement.

Certifications

Standard	Status
GDPR	Fully compliant
SOC 2 Type II	Attested annually
HIPAA	Covered via BAA on Enterprise plan

Need a Business Associate Agreement (BAA) for HIPAA?
Email sales@xmagic.ai.

Additional reports (pen‑tests, architecture docs) are available in our Trust Center.
Questions? Contact support@xmagic.ai.

Data regions

When you create a workspace, choose where primary data is stored:

United States
European Union

This choice is permanent for that workspace.

Regardless of region, the items below always reside in U.S. infrastructure:

Account metadata and API keys (authentication)

Notification emails (retained 7 days)

Anonymized usage analytics

Crash logs for debugging

Report a vulnerability

Found a potential issue? Great—we want to hear from you.

Email security@xmagic.ai with reproducible steps.
We acknowledge within 24 h and keep you updated until resolution.

Thank you for helping keep xMagic secure.

Overview​

Certifications​

Data regions​

Report a vulnerability​

Overview

Certifications

Data regions

Report a vulnerability