Security, privacy and trust are the core of the
Open-Xchange approach

Trust center

We believe that privacy is a fundamental right for all users of communication services

Delivering secure products that support privacy

  • Established information security management system, supported by applying secure coding techniques, and using independent product audits, penetration testing and bug-bounty programs to anchor security in the development of our solutions
  • Our products do not collect information that users don't want to share and we do not sell any data to third parties
  • We have also launched the Trusted Email Services (TES) initiative, aimed at raising awareness around email security threats and promoting the deployment of technologies that address trust, security and privacy issues
tes new-3

Four Commandments of Trusted Internet Services

Open-Xchange solutions are developed according to the Four Commandments of Trusted Internet Services:

  • A service must be available from many providers
  • The service must (also) be available as software
  • It must be possible to move user data from one solution to the other
  • The software should be available as source code to everyone

Security and privacy in action

Stringent industry standards

  • Open-Xchange products and services are based on industry best practice - designed to meet the most stringent privacy and security standards
  • We give our customers the tools they need to meet their compliance and reporting requirements, and data ownership, security, transparency and accountability are all fundamental parts of our contracts
  • We are proud that Open-Xchange has been independently certified according to the ISO 27001 standard since 2014 and is continuously improving on that achievement
Download our ISO/IEC 27001 Certificate
Stringent industry standards

Privacy & compliance

Trust is an essential part of all our relationships, whether you're a customer, partner or supplier. Transparency is also part of Open-Xchange's DNA, and we work hard to establish and maintain trust. As a result:

  • Customers – not Open-Xchange – own their data
  • Open-Xchange will not sell your personal data to third parties, and never processes personal data from our services for any other purposes than those agreed on
  • If you want to know more, you can download the OX Cloud Data Processing Overview or the Open-Xchange Technical Organization Measures Overview
Privacy & compliance

Trusted parters

Open-Xchange works closely with partners who share our philosophy and approach to privacy, security and trust. Our partners include IONOS, Rackspace and X-ION.

  • Find out more about IONOS
  • Find out more about Rackspace
  • Find out more about X-ION
Trusted Partner

Security ratings and evidence

  • We are happy to provide transparent insight into our security program
  • Explore our shared profile to learn about our efforts and check against your vendor compliance requirements
  • We love to grant you full access to our security profile, please get in touch to get started!

Found a vulnerability?

In case you have found a security vulnerability at one of our products or a service run by OX, we are more than happy to work with you on resolving it swiftly. To prevent a potential vulnerability being abused by criminals, we ask you to report such findings to us confidentially and not share them publicly before their remediation. We will coordinate a resolution and disclosure and grant attribution to the researcher if desired.

Bug-bounty: You can use our public bug-bounty program at There are separate programs for our App Suite, Dovecot and PowerDNS products. This is the only way we can compensate you for a finding.

Direct contact: If you do not want to sign up for the bug-bounty program or found a vulnerability that is not in scope, please use to report the vulnerability to us.

Customers can find more details about the remediation and disclosure process here:

OX Cloud anti phishing tool01

We are open source

Flexibility and trust for providers and their customers
  • All Open-Xchange products are open
  • Source code level access to all components for complete transparency and long term support
  • Auditability ensures data privacy and security over all components
  • OX supports a federated internet model with no all-dominant players or walled gardens
  • Open and published APIs: open standards enable extensibility and differentiation
  • Contributions from the open-source community enhance robustness and reliability