These things are the core of the Open-Xchange approach. We firmly believe that privacy is a fundamental right for all users of communication services, and we are committed to adhering to the highest standards of privacy and security for both our products and customers.
![](https://www.open-xchange.com/hs-fs/hubfs/Trust%20center.png?width=784&height=450&name=Trust%20center.png)
On this page you will find:
-
Delivering secure products that support privacy
Learn more
-
Four Commandments of Trusted Internet Services
Learn more
-
Stringent industry standards
Learn more
-
Privacy & compliance
Learn more
-
Trusted partners
Learn more
-
Security ratings and evidence
Learn more
-
Found a vulnerability? Let us know.
Learn more
-
We are open source
Learn more
![](https://www.open-xchange.com/hubfs/090a-opt.png)
Delivering secure products that support privacy
- Established information security management system, supported by applying secure coding techniques, and using independent product audits, penetration testing and bug-bounty programs to anchor security in the development of our solutions
- Our products do not collect information that users don't want to share and we do not sell any data to third parties
![](https://www.open-xchange.com/hubfs/tes-new-3.png)
Four Commandments of Trusted Internet Services
Open-Xchange solutions are developed according to the Four Commandments of Trusted Internet Services:
- A service must be available from many providers
- The service must (also) be available as software
- It must be possible to move user data from one solution to the other
- The software should be available as source code to everyone
![](https://www.open-xchange.com/hubfs/4-comm.png)
Security and privacy in action
Stringent industry standards
- Open-Xchange products and services are based on industry best practice - designed to meet the most stringent privacy and security standards
- We give our customers the tools they need to meet their compliance and reporting requirements, and data ownership, security, transparency and accountability are all fundamental parts of our contracts
- Open-Xchange is ISO/IEC 27001:2013 certified by TUV Rheinland North America, Inc.
![Download our ISO/IEC 27001:2013 Certificate](https://no-cache.hubspot.com/cta/default/9391640/0b05e2ab-8c68-4c2a-bbe1-e63f8600579c.png)
![](https://www.open-xchange.com/hubfs/Stringent_industry_standards_ox.png)
Privacy & compliance
Trust is an essential part of all our relationships, whether you're a customer, partner or supplier. Transparency is also part of Open-Xchange's DNA, and we work hard to establish and maintain trust. As a result:
- Customers – not Open-Xchange – own their data
- Open-Xchange will not sell your personal data to third parties, and never processes personal data from our services for any other purposes than those agreed on
- If you want to know more, you can download the OX App Suite Cloud Data Processing Overview or the Open-Xchange Technical and Organizational Measures Overview
![Privacy_compliance](https://www.open-xchange.com/hubfs/Privacy_compliance.png)
Security ratings and evidence
- We are happy to provide transparent insight into our security program
- Explore our shared profile to learn about our efforts and check against your vendor compliance requirements
- We love to grant you full access to our security profile, please get in touch to get started!
![rating-1](https://www.open-xchange.com/hubfs/rating-1.png)
Found a vulnerability?
In case you have found a security vulnerability at one of our products or a service run by OX, we are more than happy to work with you on resolving it swiftly. To prevent a potential vulnerability being abused by criminals, we ask you to report such findings to us confidentially and not share them publicly before their remediation. We will coordinate a resolution and disclosure and grant attribution to the researcher if desired.
Bug-bounty: You can use our public bug-bounty program at yeswehack.com/programs. There are separate programs for our App Suite, Dovecot and PowerDNS products. This is the only way we can compensate you for a finding.
Direct contact: If you do not want to sign up for the bug-bounty program or found a vulnerability that is not in scope, please use https://vdp.open-xchange.com/ to report the vulnerability to us.
Customers can find more details about the remediation and disclosure process here.
![OX Cloud anti phishing tool01](https://www.open-xchange.com/hubfs/OX%20Cloud%20anti%20phishing%20tool01.png)
We are open source
- All Open-Xchange products are open
- Source code level access to all components for complete transparency and long term support
- Auditability ensures data privacy and security over all components
- OX supports a federated internet model with no all-dominant players or walled gardens
- Open and published APIs: open standards enable extensibility and differentiation
- Contributions from the open-source community enhance robustness and reliability
![Sign-1](https://www.open-xchange.com/hubfs/Sign-1.png)