Security

Data Access
HomeX has implemented best practices to ensure access to data is authorized and based on the principle of least privilege. These controls include:

• Public Access Protection enabled for all service and application repositories
• Domain Restriction Sharing Controls for all documents
• Organization Policy Constraints with our CSPs
• HMAC Keys to protect Service Accounts that map to applications and services

Security Policies
HomeX’s information security management system has been built to align to ISO 27001:2013 and ISO 27018:2019 and includes policies, standards and procedures covering, but not limited to:

• Acceptable Use
• Access Controls
• Data Handling
• Employee Lifecycle
• Incident Response
• Information Security
• Physical Security
• Supplier and Third-Party
• Vulnerability and Patch Management

Backups
HomeX ‘s cloud-hosted database platform manages and controls data backups as specified by HomeX. Database backups are never stored offsite or on removal media.
‍
Data Erasure
Contact us to have any of your personally identifiable information scrubbed from our production databases.

Encryption
All services used by HomeX are configured in accordance to the data they is process, transmit or store:

• HomeX’s services reside in AES-256 encrypted buckets within its CSP
• Database is encrypted and managed by cloud-hosted provider
• Data in transit is encrypted with RSA 2048-bit

Password Management
HomeX uses a password management tool to manage passwords and provide context and visibility into password compromization across the organization.

Overview
HomeX complies with applicable laws, regulations and contractual requirements.

Legal Agreements

• Visitors to our website are subject to our Terms of Use
• End users are subject to our Terms of Service
• B2B customers are subject to our Client Terms of Service

Subprocessors
HomeX relies on cloud platform and SaaS providers to conduct its business activities. We're transparent about the vendors we use to process and store customer data. To view HomeX's subprocessors, please send a request to security@homex.com.

Privacy
HomeX collects personal data to provide service to its customers.

• Privacy Policy
• Cookie Policy

Overview
HomeX leverages serverless environments. Less infrastructure to manage and maintain; increases security. HomeX has enabled all security best practices for its workloads based on CSP recommendations.

Production Environment Isolation
All projects are contained to their own namespace, with tighter privileges and controls for access, separated from the development environment.

Penetration Testing
HomeX performs penetration tests on an annual basis against its mobile, web and API services/applications.
‍
Software Development
HomeX uses a centralized coding repository to manage, track and control changes to all HomeX environments. In addition, HomeX has implemented Secure By Design practices to ensure that application and customer data remains safe.
‍
Vulnerability Management
HomeX utilizes an open source and code scanning platform to monitor, track and report on open vulnerabilities and dependency risks.

Endpoint Detection & Response
HomeX has deployed an Extended Detection and Response Platform across all its workstations.

Mobile Device Management
All HomeX mobile devices, inclusive of smartphones, tablets and laptops are enrolled in the Mobile Device Management platform.

Overview
HomeX hosts its services and infrastructure in the cloud. Network security controls are managed by our cloud service providers and SaaS vendors.
Access to production networks is limited to employees with business need.

Sandboxing
HomeX virtually executes all attachments to validate their legitimacy and catch any unwanted or malicious code prior to them being released to mailboxes.

Advanced Spam and Malware Controls
HomeX has enabled advanced spam and malware filtering controls within its Email solution to auto-filter malicious content or allow staff to report suspicious activity.