Your backend is secure

Xano proactively seeks compliance audits to meet the highest standards of data security.

Visit compliance center

Xano Security

Xano certifications

Security measures, procedures, controls, and practices intended to keep your data safe.


ISO 27701:2019 Privacy Information Management

This standard is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for information security management systems. It provides guidance on the protection of privacy, including how organizations should manage personal data, and assists in demonstrating compliance with privacy regulations around the world.

ISO 9001

ISO 27001:2013 Information Security Management System

ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes, and systems that manage information risks, such as cyber-attacks, hacks, data leaks or theft.

ISO 9001

ISO 9001:2015 Quality Management System

ISO 9001:2015 serves as the quality benchmark for an array of organizations located across the globe. It is a crucial framework for businesses to judge & maintain their internal processes according to a fixed set of quality guidelines.


SOC 2 Type II

SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria), in accordance with SSAE 18.

Xano has completed a comprehensive SOC 2 Type II audit by a reputable AICPA independent auditor.


Xano offers a GDPR-compliant DPA - Data Processing Agreement, allowing customers with GDPR contractual obligations. GDPR-compliant DPA is available for Launch, Scale, Enterprise & Agency Plans

Read more


The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Xano was recently audited and meets all the criteria required for HIPAA compliance.

Read more

PCI Compliance (ASV Network Scan)

PCI ASV compliance from ServerScan - Scans are ASV-Certified by the PCI Security Standards Council, and satisfy the external network scanning requirement for your PCI DSS Compliance (Requirement 11.2.2). During a PCI scanning process, the vulnerability testing engine performs a series of automated security assessments against our infrastructure at the designated IP or FQDN.

Read more

Penetration Testing

OWASP Web Application Pen Test - A penetration test, (aka Pen Test) is a simulated cyber attack against Xano to check for exploitable vulnerabilities. Penetration testing involved the attempted breaching of the Xano system (e.g. APIs, frontend & backend servers, etc.) to uncover vulnerabilities, such as inputs that are susceptible to code injections

Read more

Industry Best Practices

Security is essential to us and the integrity of your application or business depends on it. Therefore, we’ve taken specific measures and installed security best practices so that you can build on Xano confidently.

Read more

Compliant with SOC2 Type II, GDPR, HIPAA, ISO 27001 and ISO 9001

Xano practices and complies with the highest software security standards, so you rest assured that your data is safe, secure, and protected.

Get started with Xano

Xano security