10X ERP Security Overview

This document describes how 10X ERP approaches security to protect our customers' data and systems. It is intended to provide a high-level overview, and we’re happy to answer deeper technical questions upon request. We regularly evaluate and improve our security posture and remain committed to transparent, accountable security practices.

1. Our Approach to Security

Security is at the core of how we build and deliver 10X ERP. We take a practical and disciplined approach to security, focusing on best practices that ensure our platform is safe, stable, and reliable.

2. Infrastructure & Hosting

  • 10X ERP is hosted in the cloud using Linode.
  • Each customer has their own dedicated PostgreSQL database, providing complete data isolation at the database level, not just through application logic. This architecture delivers the security of on-premise systems with the convenience of modern SaaS. Learn more about our dedicated database architecture.
  • We maintain regular backups and high availability configurations for customer environments. Details can be found here: Data Backup and Recovery

3. Application Security

  • We use GitLab for version control and CI/CD, enforcing code review and automated testing.
  • Every code change (merge request) triggers a comprehensive suite of automated tests to ensure stability and prevent regressions.
  • Our team follows a secure development lifecycle, including static code analysis and regular dependency audits.
  • We use Sentry for real-time error monitoring and response.

4. Data Protection

  • Unlike traditional multi-tenant SaaS platforms that separate customers through software logic, 10X ERP provides each client with their own dedicated database. This means your data never sits alongside competitors' data. Read about our dedicated database approach.
  • All customer data is encrypted in transit using TLS.
  • Data at rest is encrypted using industry-standard techniques.
  • Backup data is also encrypted and stored securely.

5. Authentication & Access

  • We support Google and Microsoft-based sign-in with two-factor authentication (2FA).
  • Access is role-based, with permissions managed per user.
  • Session timeouts and other policies are in place to prevent unauthorized access.

6. Monitoring & Response

  • We have automated monitoring and alerting in place to catch and respond to issues quickly.
  • All access and key events are logged and auditable.
  • We maintain an incident response plan and will notify customers promptly in the event of a breach.

7. Customer Role

Security is a shared responsibility. We encourage customers to:

  • Use strong authentication methods
  • Limit user access appropriately
  • Maintain and review user permissions regularly within the application
  • Review access regularly

8. Contact & Reporting

To report a potential vulnerability or security concern, contact us at [email protected]. We welcome responsible disclosures and handle them promptly.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us