Skip to content

OX Trust Center - Security, privacy & trust

These are the core of the OX approach. We firmly believe that privacy is a fundamental right for all users of communication services, and we are committed to adhering to the highest standards of privacy and security for both our products and customers.

trust-center-hero-bg

Delivering secure products that support privacy

We maintain an established information security management system, supported by secure coding practices, independent product audits, penetration testing and bug bounty programs to anchor security in the development of our solutions.

Our products do not collect information that users don't want to share and we do not sell any data to third parties

trust-center-bracket-guard

Four Commandments of trusted internet services

Open-Xchange solutions are developed according to the Four Commandments of Trusted Internet Services:

A service must be available from many providers

The service must (also) be available as software

It must be possible to move user data from one solution to the other

The software should be available as source code to everyone

trust-center-4-commandments-of-trusted-internet

Stringent industry standards

OX products and services are based on industry best practice - designed to meet the most stringent privacy and security standards

We give our customers the tools they need to meet their compliance and reporting requirements, and data ownership, security, transparency and accountability are all fundamental parts of our contracts

Open-Xchange is ISO/IEC 27001:2022 certified with TUV Rheinland of North America

trust-center-lock-key-img

Privacy & Compliance

Trust is an essential part of all our relationships, whether you're a customer, partner or supplier. Transparency is also part of OX's DNA, and we work hard to establish and maintain trust. As a result:

Customers – not OX – own their data

Open-Xchange will not sell your personal data to third parties, and never processes personal data from our services for any other purposes than those agreed on

trust-center-privacy-compliance

Trusted Partners

Open-Xchange works closely with partners who share our philosophy and approach to privacy, security and trust. Our partners include IONOS, Rackspace and X-ION.

Security ratings and evidence

We’re happy to provide transparent insight into our security program and would be glad to grant you full access to our security profile, just get in touch to get started.

password-lock-shield

Found a vulnerability?

We are more than happy to work with you on resolving it swiftly. To prevent a potential vulnerability being abused by criminals, we ask you to report such findings to us confidentially and not share them publicly before their remediation.

We will coordinate a resolution and disclosure and grant attribution to the researcher if desired.

Customers can find more details about the process here: Remediation and disclosure process.

bug
Bug bounty program

You can use our public bug-bounty program at yeswehack. There are separate programs for our App Suite, Dovecot and PowerDNS products. This is the only way we can compensate you for a finding.

warning-icon
Direct contact

If you do not want to sign up for the bug-bounty program or found a vulnerability that is not in scope, please use https://vdp.open-xchange.com/ to report the vulnerability to us.

We are open source

Do you have any questions?

For more information about OX Trust Center please contact us.

Contact us button-arrow-up