Security

Security Overview

Xentra Digital Sdn. Bhd. operates XentraCore ERP and Xentra ERP (the "Platform") with security, data integrity, and tenant isolation as core design principles.

This page summarises how we protect customer and business data. It is intended for customers and evaluators reviewing the Platform before or during use.

Security is a shared responsibility between Xentra Digital Sdn. Bhd. and each customer organisation.

Account and Access Control

The Platform uses authenticated access with role-based permissions. Organisations control which users can view, create, edit, approve, or export data.

• Unique user accounts with organisation-scoped access.
• Role-based access control (RBAC) for modules and actions.
• Session management with secure authentication mechanisms.
• Audit logging of significant user and system activity.
• Customers are responsible for provisioning, deprovisioning, and reviewing user access.

Data Protection

We apply technical measures designed to protect data processed through the Platform.

• TLS encryption for data in transit between clients and services.
• Tenant isolation — each organisation's data is scoped and separated at the application layer.
• Restricted administrative access to production infrastructure.
• Structured logging for security and operational review.

Hosting and Infrastructure

The Platform runs on managed servers and containerised services. Application tiers are deployed on private infrastructure with public access routed through controlled edge proxies.

Database and cache services are not exposed directly to the public internet. Network boundaries and firewall policies limit access to authorised paths.

Infrastructure may be updated for patches, capacity, and reliability as part of normal operations.

Backup and Recovery

Regular backups support business continuity and disaster recovery.

• Database and file data may be included in scheduled backup routines.
• Backup retention follows operational and contractual requirements.
• Recovery depends on backup availability, incident type, and service scope.
• Customers with critical data requirements should maintain complementary local backups where appropriate.

Monitoring

Platform availability and key services are monitored to detect outages and abnormal conditions.

Logs from application and infrastructure components support troubleshooting, security review, and incident investigation.

Monitoring alerts are reviewed by operations staff according to internal runbooks.

Incident Handling

If we identify a security incident affecting the Platform or customer data, we take reasonable steps to investigate, contain, mitigate, and remediate.

Where required by applicable law or contractual obligations, we will notify affected customer organisations and relevant authorities in a timely manner.

Report security concerns to support@xentradigital.com with sufficient detail for triage.

Customer Responsibilities

Customers share responsibility for securing their use of the Platform.

• Protect login credentials and enforce strong passwords.
• Configure roles and permissions appropriate to each user.
• Upload only lawful, accurate, and authorised data.
• Notify us promptly if unauthorised access is suspected.
• Ensure compliance with applicable laws (including PDPA in Malaysia) for data you process.

Limitations

No internet-connected system can be guaranteed completely secure. We implement commercially reasonable measures but cannot eliminate all risk.

Third-party integrations (email, payment gateways, cloud storage, APIs) operate under their own security models and policies.

This page is a summary and does not replace the Terms of Service, Privacy Policy, or written agreements.