Last Updated: January 2025
Xplug implements security measures designed to protect the integrity, confidentiality, and availability of our coordination platform and the information processed through our services.
Our security approach focuses on protecting system integrity, maintaining confidentiality of operational data, and ensuring reasonable availability of our coordination services. We recognize that security is an ongoing process and continuously work to improve our security posture.
Xplug operates a software-based coordination platform that processes operational signals and generates informational recommendations. We do not operate or control critical infrastructure, charging equipment, or vehicle systems. Our security measures are designed to protect our platform and services, not to guarantee outcomes or control third-party infrastructure.
Xplug employs technical safeguards designed to protect information and system operations:
Encryption in Transit: We use industry-standard encryption protocols (TLS/SSL) to protect data transmitted between your devices and our services. All communications with our platform are encrypted to help prevent unauthorized interception or modification of data in transit.
Access Control and Least Privilege: We implement access controls and follow the principle of least privilege, limiting access to systems and data to authorized personnel who require such access to perform their job functions. Access is granted on a need-to-know basis and is regularly reviewed and updated.
Logging and Monitoring: We maintain logging and monitoring systems to detect potential security incidents, unauthorized access attempts, and anomalous activity. Our monitoring systems are designed to identify and respond to security events in a timely manner.
These technical safeguards are implemented as part of our security program but do not guarantee absolute security. No system or method of transmission is completely secure, and we cannot guarantee that our services will be free from security vulnerabilities or attacks.
Xplug maintains operational security practices designed to protect our platform and respond to security incidents:
Incident Detection and Response: We maintain processes for detecting, investigating, and responding to potential security incidents. When we become aware of a security incident that may affect user information or system operations, we work to investigate and address the incident in accordance with our security procedures.
Security Awareness: We provide security training to personnel who have access to our systems and data, emphasizing the importance of security practices and responsible handling of information.
Vendor and Third-Party Management: We evaluate the security practices of third-party service providers who have access to our systems or process information on our behalf, and we require appropriate security measures through contractual agreements.
No Guarantee of Uninterrupted Service: While we implement measures designed to maintain service availability, we do not guarantee uninterrupted or error-free operation of our services. Our services may be unavailable due to maintenance, security incidents, technical failures, or other factors beyond our control.
Security incidents may occur despite our security measures. We cannot guarantee that our services will be free from security vulnerabilities, attacks, or unauthorized access.
If you discover a potential security vulnerability in our services, we encourage you to report it to us responsibly.
Please report security vulnerabilities to security@xplug.ai. When reporting a vulnerability, please include:
We ask that you:
We will review and investigate reported vulnerabilities in good faith. However, we do not operate a formal bug bounty program, and we make no guarantees regarding:
By reporting a vulnerability, you acknowledge that you are acting voluntarily and that Xplug has no obligation to respond, remediate, or provide any form of compensation.