OX Trust Center

Security, privacy and trust

These things are the core of the Open-Xchange approach. We firmly believe that privacy is a fundamental right for all users of communication services, and we are committed to adhering to the highest standards of privacy and security for both our products and customers.

On this page you will find:

Delivering secure products that support privacy

  • Established information security management system, supported by applying secure coding techniques, and using independent product audits, penetration testing and bug-bounty programs to anchor security in the development of our solutions
  • Our products do not collect information that users don't want to share and we do not sell any data to third parties

Four Commandments of Trusted Internet Services

Open-Xchange solutions are developed according to the Four Commandments of Trusted Internet Services:

  • A service must be available from many providers
  • The service must (also) be available as software
  • It must be possible to move user data from one solution to the other
  • The software should be available as source code to everyone

Security and privacy in action

Stringent industry standards

  • Open-Xchange products and services are based on industry best practice - designed to meet the most stringent privacy and security standards
  • We give our customers the tools they need to meet their compliance and reporting requirements, and data ownership, security, transparency and accountability are all fundamental parts of our contracts
  • Open-Xchange is ISO/IEC 27001:2013 certified by TUV Rheinland North America, Inc.
Download our ISO/IEC 27001:2013 Certificate

Privacy & compliance

Trust is an essential part of all our relationships, whether you're a customer, partner or supplier. Transparency is also part of Open-Xchange's DNA, and we work hard to establish and maintain trust. As a result:


Trusted partners

Open-Xchange works closely with partners who share our philosophy and approach to privacy, security and trust. Our partners include IONOS, Rackspace and X-ION.


Security ratings and evidence

  • We are happy to provide transparent insight into our security program
  • Explore our shared profile to learn about our efforts and check against your vendor compliance requirements
  • We love to grant you full access to our security profile, please get in touch to get started!

Found a vulnerability?

In case you have found a security vulnerability at one of our products or a service run by OX, we are more than happy to work with you on resolving it swiftly. To prevent a potential vulnerability being abused by criminals, we ask you to report such findings to us confidentially and not share them publicly before their remediation. We will coordinate a resolution and disclosure and grant attribution to the researcher if desired.

Bug-bounty: You can use our public bug-bounty program at yeswehack.com/programs. There are separate programs for our App Suite, Dovecot and PowerDNS products. This is the only way we can compensate you for a finding.

Direct contact: If you do not want to sign up for the bug-bounty program or found a vulnerability that is not in scope, please use https://vdp.open-xchange.com/ to report the vulnerability to us.

Customers can find more details about the remediation and disclosure process here. 

OX Cloud anti phishing tool01

We are open source

Flexibility and trust for providers and their customers
  • All Open-Xchange products are open
  • Source code level access to all components for complete transparency and long term support
  • Auditability ensures data privacy and security over all components
  • OX supports a federated internet model with no all-dominant players or walled gardens
  • Open and published APIs: open standards enable extensibility and differentiation
  • Contributions from the open-source community enhance robustness and reliability

Do you have any questions?

For more information about OX Trust Center please contact us.

Contact US