Security

We're committed to privacy and confidentiality.
We value the trust you put in us to keep your personal information safe. We put in our best efforts to commercially commit to protecting and keeping the privacy and confidentiality of our customer’s data safe. We are also committed to transparency and will respond proactively in any situation.

Security Practices

HomeX has implemented best-in-class security to help protect and keep customer data safe. Our security program is based on best practices and frameworks developed by ISO 27001:2013 and 27018:2019.

Access Controls

Data Access
HomeX has implemented best practices to ensure access to data is authorized and based on the principle of least privilege. These controls include:

  • Public Access Protection enabled for all service and application repositories
  • Domain Restriction Sharing Controls for all documents
  • Organization Policy Constraints with our CSPs
  • HMAC Keys to protect Service Accounts that map to applications and services
Identity & Access Management
Wherever possible, HomeX leverages single sign-on authentication and MFA to reduce the risk of credential harvesting attacks.
In addition, HomeX has implemented a service to manage Authz, Authn and Audit for all public services and applications.

Logging
HomeX leverages a leading cloud-based logging tool to pass and parse application and authentication events from applications and services.

Corporate Security

Security Policies
HomeX’s information security management system has been built to align to ISO 27001:2013 and ISO 27018:2019 and includes policies, standards and procedures covering, but not limited to:

  • Acceptable Use
  • Access Controls
  • Data Handling
  • Employee Lifecycle
  • Incident Response
  • Information Security
  • Physical Security
  • Supplier and Third-Party
  • Vulnerability and Patch Management
Training & Awareness
Employees review and acknowledge security policies on joining the company and at least annually thereafter.Employees receive general Security Awareness and role-specific training.

Data Security

Backups
HomeX ‘s cloud-hosted database platform manages and controls data backups as specified by HomeX. Database backups are never stored offsite or on removal media.

Data Erasure
Contact us to have any of your personally identifiable information scrubbed from our production databases.

Encryption
All services used by HomeX are configured in accordance to the data they is process, transmit or store:

  • HomeX’s services reside in AES-256 encrypted buckets within its CSP
  • Database is encrypted and managed by cloud-hosted provider
  • Data in transit is encrypted with RSA 2048-bit

Password Management
HomeX uses a password management tool to manage passwords and provide context and visibility into password compromization across the organization.

Legal and Privacy

Overview
HomeX complies with applicable laws, regulations and contractual requirements.

Legal Agreements

Subprocessors
HomeX relies on cloud platform and SaaS providers to conduct its business activities. We're transparent about the vendors we use to process and store customer data. To view HomeX's subprocessors, please send a request to security@homex.com.

Privacy
HomeX collects personal data to provide service to its customers.

Infrastructure Security

Overview
HomeX leverages serverless environments. Less infrastructure to manage and maintain; increases security. HomeX has enabled all security best practices for its workloads based on CSP recommendations.

Production Environment Isolation
All projects are contained to their own namespace, with tighter privileges and controls for access, separated from the development environment.

Application Security

Penetration Testing
HomeX performs penetration tests on an annual basis against its mobile, web and API services/applications.

Software Development
HomeX uses a centralized coding repository to manage, track and control changes to all HomeX environments. In addition, HomeX has implemented Secure By Design practices to ensure that application and customer data remains safe.

Vulnerability Management
HomeX utilizes an open source and code scanning platform to monitor, track and report on open vulnerabilities and dependency risks.

Endpoint Security

Endpoint Detection & Response
HomeX has deployed an Extended Detection and Response Platform across all its workstations.

Mobile Device Management
All HomeX mobile devices, inclusive of smartphones, tablets and laptops are enrolled in the Mobile Device Management platform.

Network Security

Overview
HomeX hosts its services and infrastructure in the cloud. Network security controls are managed by our cloud service providers and SaaS vendors.
Access to production networks is limited to employees with business need.

Email Security

Sandboxing
HomeX virtually executes all attachments to validate their legitimacy and catch any unwanted or malicious code prior to them being released to mailboxes.

Advanced Spam and Malware Controls
HomeX has enabled advanced spam and malware filtering controls within its Email solution to auto-filter malicious content or allow staff to report suspicious activity.

Learn about the sub-processors we use to assist in providing HomeX services.

HomeX Sub-Processors List