Xappex
Xappex products (XL-Connector, G-Connector, etc.) are used to integrate Salesforce databases with Microsoft Excel and Google Sheets. The apps have the capability of offline scheduled execution of user actions and need to notify the user about such execution results. Apart from e-mail, we use this app for Slack to be able to send various notifications from XL-Connector and G-Connector to the Slack channel of user's choice. We will not send any messages to you outside of what you configure in one (or more) of our applications.
Permissions
Xappex will be able to view:
Xappex will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Xappex LLC
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Xappex
Data Retention and Disposal Policy
Purpose and Scope
This Data Retention and Disposal Policy addresses how a customer's data is retained and disposed of and to ensure this is carried out in a consistent manner. From time to time, Xappex may update this policy. This policy is guided by security requirements specific to Xappex including compliance with applicable laws and regulations.
All personnel are required to read, accept and follow all Xappex policies and plans upon starting and at least annually.
Data Retention
The time period for which Xappex retains customer data depends on the purpose for which it is used. Xappex retains customer data for as long as an account is active or in accordance with the agreement(s) between Xappex and the customer, unless Xappex is required by law to dispose of it earlier or keep it longer.
Data Disposal
Xappex disposes of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Xappex. Xappex may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements. Xappex hosting and service providers are responsible for ensuring the removal of data from disks allocated to Xappex use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of Xappex employees can delete customer data. Such list Senior Management and Engineering organizations.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device reissuance in accordance
with Nist Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1). Exceptions
Xappex business needs, local situations, laws and regulations may occasionally call for an exception to this policy or any other Xappex policy. If an exception is needed, Xappex management will determine an acceptable alternative approach.
Enforcement
Any violation of this policy or any other Xappex policy or procedure may result in disciplinary action, up to and including termination of employment. Xappex reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Xappex does not consider conduct in violation of this policy to be within an employee’s or contractor’s course and scope of work.
Any employee or contractor who is requested to undertake an activity that he or she believes is in violation of this policy must provide a written or verbal complaint to his or her manager or any other manager of Xappex as soon as possible.
The disciplinary process should also be used as a deterrent to prevent employees and contractors in violating organizational security policies and procedures, and any other security breaches.
Responsibility, Review, and Audit
Xappex reviews and updates its security policies and plans to maintain organizational security objectives and meet regulatory requirements at least annually.
Data archiving and removal policy
Xappex
Data Retention and Disposal Policy
Purpose and Scope
This Data Retention and Disposal Policy addresses how a customer's data is retained and disposed of and to ensure this is carried out in a consistent manner. From time to time, Xappex may update this policy. This policy is guided by security requirements specific to Xappex including compliance with applicable laws and regulations.
All personnel are required to read, accept and follow all Xappex policies and plans upon starting and at least annually.
Data Retention
The time period for which Xappex retains customer data depends on the purpose for which it is used. Xappex retains customer data for as long as an account is active or in accordance with the agreement(s) between Xappex and the customer, unless Xappex is required by law to dispose of it earlier or keep it longer.
Data Disposal
Xappex disposes of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Xappex. Xappex may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements. Xappex hosting and service providers are responsible for ensuring the removal of data from disks allocated to Xappex use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of Xappex employees can delete customer data. Such list Senior Management and Engineering organizations.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device reissuance in accordance
with Nist Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1). Exceptions
Xappex business needs, local situations, laws and regulations may occasionally call for an exception to this policy or any other Xappex policy. If an exception is needed, Xappex management will determine an acceptable alternative approach.
Enforcement
Any violation of this policy or any other Xappex policy or procedure may result in disciplinary action, up to and including termination of employment. Xappex reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Xappex does not consider conduct in violation of this policy to be within an employee’s or contractor’s course and scope of work.
Any employee or contractor who is requested to undertake an activity that he or she believes is in violation of this policy must provide a written or verbal complaint to his or her manager or any other manager of Xappex as soon as possible.
The disciplinary process should also be used as a deterrent to prevent employees and contractors in violating organizational security policies and procedures, and any other security breaches.
Responsibility, Review, and Audit
Xappex reviews and updates its security policies and plans to maintain organizational security objectives and meet regulatory requirements at least annually.
Data storage policy
Xappex
Data Retention and Disposal Policy
Purpose and Scope
This Data Retention and Disposal Policy addresses how a customer's data is retained and disposed of and to ensure this is carried out in a consistent manner. From time to time, Xappex may update this policy. This policy is guided by security requirements specific to Xappex including compliance with applicable laws and regulations.
All personnel are required to read, accept and follow all Xappex policies and plans upon starting and at least annually.
Data Retention
The time period for which Xappex retains customer data depends on the purpose for which it is used. Xappex retains customer data for as long as an account is active or in accordance with the agreement(s) between Xappex and the customer, unless Xappex is required by law to dispose of it earlier or keep it longer.
Data Disposal
Xappex disposes of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Xappex. Xappex may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements. Xappex hosting and service providers are responsible for ensuring the removal of data from disks allocated to Xappex use before they are repurposed and the destruction of decommissioned hardware.
Only a limited number of Xappex employees can delete customer data. Such list Senior Management and Engineering organizations.
Upon employee or contractor termination, company-owned devices will be collected and sanitized prior to device reissuance in accordance
with Nist Guidelines for Media Sanitization (NIST S.P. 800-88 Rev. 1). Exceptions
Xappex business needs, local situations, laws and regulations may occasionally call for an exception to this policy or any other Xappex policy. If an exception is needed, Xappex management will determine an acceptable alternative approach.
Enforcement
Any violation of this policy or any other Xappex policy or procedure may result in disciplinary action, up to and including termination of employment. Xappex reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Xappex does not consider conduct in violation of this policy to be within an employee’s or contractor’s course and scope of work.
Any employee or contractor who is requested to undertake an activity that he or she believes is in violation of this policy must provide a written or verbal complaint to his or her manager or any other manager of Xappex as soon as possible.
The disciplinary process should also be used as a deterrent to prevent employees and contractors in violating organizational security policies and procedures, and any other security breaches.
Responsibility, Review, and Audit
Xappex reviews and updates its security policies and plans to maintain organizational security objectives and meet regulatory requirements at least annually.
Data center location(s)
United States
Data hosting details
AWS Aurora DB
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no
Certifications & compliance
SOC attestation
GDPR commitment
Data deletion request procedure
According to our data retention policy, if a customer requests data deletion – it is deleted from all our system, and data deletion log document is updated with an entry about it.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-01-10
Executive summary is available to potential customers upon request
yes
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
yes
Contact for security issues
security@xappex.com
Has a vulnerability disclosure program
no
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
no
Third party services used by this app
AWS
Uses token rotation
no