The countdown has begun! Join us for our biggest HexCon yet, this September 20-22.

Register now

Security and Compliance

We, at Hexnode, identify data security and privacy as an integral part of our product. We have gone above and beyond to set the bar for the best security practices in the industry.

ISO 27001 certified

We think ISO 27001 standard is great for two main reasons. One, ISO 27001 makes it simple for you to make well-informed decisions without knowing the nuances of the latest information security recommendations and technologies. Two, it aligns with our core beliefs of information security and privacy compliance. Most of the security practices that this certification validates were already in place here at Hexnode.

View Hexnode ISO 27001 certificate
ISO 27001 certified

Data Center Security

Hexnode hosts its servers on Amazon Web Services (AWS), ensuring industry standard security compliances and privacy policies. AWS architecture incorporates data encryptions, DDoS mitigation techniques and network management policies that align with multiple compliance programs. Hexnode employs a dedicated team to ensure network infrastructure security by maintaining firewalls and TLS encryptions.

Our US and EU data centers are caged in some among the most secure locations available today. Strategic positioning of these data centers ensures maximized protection from direct and natural attacks. Amazon is a pioneer provider of web-based services and ensures maximum physical security. Additional information regarding AWS can be found at: https://aws.amazon.com/security/

Data Center Security

Endpoint Security

All corporate devices are password protected and encrypted to ensure maximum data and device security. Employees follow stringent policies that ensure devices and workstations are never left unlocked and data storage devices never left unattended. Corporate devices are managed using our own MDM software to ensure compliance on all devices. Latest software and firmware updates are remotely installed on all devices to ensure up-to-date security.

Endpoint Security

Data Encryption

Hexnode employs multiple encryption protocols for data at rest and data in transit. All devices in the corporate ecosystem are encrypted with Advanced Encryption Standard (AES). AWS mandates encryption in transit with TLS over all its services.

Data Encryption

Privacy Policy

As data controllers, we believe in complete transparency. Policies are enforced in such a way that personal data can never be used without consent from the data subject i.e. an individual that can be identified from the personal data. Read more about our privacy policy at https://www.hexnode.com/privacy-policy/

Hexnode recognizes data privacy to be of top priority and is committed to ensure that all its products and services comply with GDPR. Read our statement on GDPR at https://www.hexnode.com/gdpr/

Privacy Policy

Organizational Policies

We have stringent organizational policies in place to ensure device, data and employee security. We went to great lengths to establish a secure corporate environment without sacrificing employee comfort to ensure secure operation with maximum efficiency.

All employees partake in an annual security meet, in which they are updated on the latest security reforms and practices.

Organizational Policies

Application and network security

Hexnode’s web-based applications are encrypted based on industry best AES standards to ensure maximum security while in transit.

Internal networks are protected using WPA2 enterprise standards. Wi-Fi configurations are pre-configured on all new corporate devices. Access to corporate networks is restricted to devices containing sensitive information. All other devices are connected to guest networks.

Application and network security

Development cycle

Developers follow well-documented procedures during every phase of development. Every line of code is manually reviewed before execution. Automated and manual tests are run to ensure maximum security and isolate bugs before release.

Hexnode maintains an internal repository that house risk identification, management and mitigation procedures.

Development cycle