XFACTOR VERIFIED
The CommandCenterThe Morpheus System, the PlatformYour Departments, Your Exec TeamCertification ProgramsPricing for ClientsPricing for SuppliersAbout XiHow to Comply ManualsProductsContactLoginRequest Founder Access →
HomeThe CommandCenterThe Morpheus System, the PlatformYour Departments, Your Exec TeamCertification ProgramsPricing for ClientsPricing for SuppliersAbout XiHow to Comply ManualsProductsContactLoginRequest Founder Access →

Security & Trust

XFACTOR VERIFIED protects sensitive supply-chain and regulatory information on behalf of our clients. This page summarizes how we keep that information safe and where we stand on formal certification. We would rather show you exactly where we are than overstate it — that is the standard we hold our clients' suppliers to, and the one we hold ourselves to.

SOC 2 — Where We Stand

XFACTOR VERIFIED does not yet hold a completed SOC 2 attestation. A SOC 2 report is an independent audit conducted over a 6–12 month observation window, and as a young company we are early in that journey. We are transparent about this by design.

What we have done is build the platform to the SOC 2 Trust Services Criteria from day one — so the controls an auditor tests are already in place and operating. Security and compliance attestation is our core domain: XFACTOR TRUSTED helps clients reach SOC 2, ISO 27001, GDPR, and PIPEDA readiness, and we hold our own platform to that same standard. A formal SOC 2 audit is on our near-term roadmap, and existing clients will be the first to receive the report.

How We Protect Your Data

Encryption

All data is encrypted in transit (TLS) and at rest (AES-256). Connections are served exclusively over HTTPS.

Authentication & Access

Client accounts are protected by two-factor authentication, and repeated failed sign-in attempts trigger an automatic account lock with owner notification. Access follows the principle of least privilege — every user, and every part of the system, is granted only the access it needs.

Data Isolation

The platform enforces strict tenant isolation: one client's data is never accessible to another. Isolation is enforced at multiple layers of the system, and the browser is never granted direct access to the database — every request is checked and scoped on our servers before any data is returned.

Infrastructure

XFACTOR VERIFIED runs on enterprise-grade infrastructure (Vercel and Supabase) with managed edge protection, automatic certificate management, and continuously patched, monitored database systems.

Sub-Processors

We work with a small number of trusted service providers. Sensitive supplier data resides only in our primary database; the only information shared with our email provider is the recipient address required to deliver a message.

ProviderPurposeRegion
SupabaseDatabase, authentication & file storageUnited States
VercelApplication hosting & global edge / CDNGlobal edge
ResendTransactional email (sign-in codes, notifications)United States
AnthropicAI inference (Morpheus guidance assistant)United States
Fish AudioText-to-speech (Morpheus voice)United States

Privacy & Compliance

Our full Privacy Policy documents how we collect, use, and protect personal information in alignment with PIPEDA (Canada) and the GDPR (EU). For client engagements, XFACTOR operates as a data processor, handling supplier data under the client's direction. A Data Processing Agreement (DPA) is available on request as part of enterprise onboarding.

Control Snapshot

Control areaStatus
Two-factor authentication & secure session managementIn place
Least privilege & tenant data isolationIn place
Encryption in transit & at restIn place
Reviewed change-management & deployment pipelineIn place
Published Privacy Policy (PIPEDA / GDPR)In place
Data Processing Agreement & data-retention policyOn roadmap
Independent SOC 2 Type II auditOn roadmap

Working With Your Security Team

We are glad to complete your security questionnaire, walk your team through any control above, and execute a DPA for your engagement. To request our detailed Security & Trust Overview, or to report a security concern, contact customercare@xfactorverified.com.


Last updated June 22, 2026 · XFACTOR COMMAND

XFACTOR
XFACTOR VERIFIED

Supply chain security.
Built by a 30-year expert.

customercare@xfactorverified.com+1 (866) 883-8169

Programs

  • C-TPAT
  • PIP
  • ESG
  • Bill S-211
  • AEO
  • GFSI / Food Safety

Platform

  • How It Works
  • Departments
  • VANTAGE
  • Pricing
  • Products
  • How to Comply Manuals
  • Book a Demo

Resources

  • Learn
  • Risk Leader Challenge
  • The Book
  • FAQ
  • Security & Trust

Company

  • About
  • Founder Access
  • Client Login
  • Privacy
  • Terms

© 2026 XFACTOR COMMAND. Built by Mandy Lynn Aitken.

PrivacyTermsSecurity
PO Box 221, Sooke, BC V9Z 1A0, Canada