Networking is defined by trust.
As a default, we encrypt all of the data traffic generated by logged-in members. To do this we use SSL (secure sockets layer) encryption, the same technology banks use for their online banking sites. This form of encryption protects the entire data transfer process.
What this means for you as a user is that communications between your computer and our servers cannot be accessed externally via, e.g., your Wi-Fi connection or your Internet provider's computers. XING has been using SSL encryption since it was founded in 2003, and this can be seen by the "https://" in your browser's address line.
More information on SSL (Wikipedia).
Data sharing: It's your call!
Here at XING we give our members the tools they need to retain full control over their own data. This means:
- You specify for each XING member, irrespective of whether or not they are a contact, which of your contact data they can see and whether the member can send you messages.
- You can determine whether your profile is visible outside of the platform and whether it can be found by search engines like Google. As a result, you get to decide where you want to publish your XING profile as a digital business card.
- A preview function enables you to simulate how non-contacts see your profile. This helps you to decide whether you're happy with your online presence.
- You get to decide what and how much you write about yourself in your profile. XING as a business network does not request highly private information, with your name, sex, country/region and professional status (poss. company name and position) being the only required fields.
Find out more in the What you can do section!
Responsible Disclosure Policy
Here at XING we work closely with security researchers in order to act in a responsible way. XING is willing to address reported vulnerabilitiesquickly, which, depending on the complexity of the fix, generally means within one or two release cycles. We intend to patch the vulnerability before details become publicly available as it ensures safety for our end users. Please get in touch with us by sending an email to security-reports [at] xing [dot] com and we will get back to you as soon as possible.
Do you have any questions, requests or comments?
Do you have any questions, requests or comments? If so, please feel free to contact us via the contact form!
Press enquiries should be addressed to the press team.
We do everything in our power ...
We do everything in our power to make sure your data is secure, both on a personal and technical level.
Data protection in line with strict German regulations
XING AG is a German company with both its headquarters and data centers located in Germany. As a result, XING is subject to the strict data protection regulations in force in Germany whose overriding principle is "Verbot mit Erlaubnisvorbehalt" (prohibition pending approval) and/or the respective EU regulations.
If XING commissions other companies to process data1, it will always require said companies to process such data within the EU.
Providers based e.g. in the US are not subject to these strict standards.
Other protective measures
Our platform also incorporates a number of security measures to prevent a wide range of typical risks, including:
- so-called intrusion detection, which we use to track potential attacks and suspicious activity on our platform.
- scanning of the entire platform where members post text - e.g., in groups, events, search results, and profile information - in order to stop malicious code known as cross-site scripting from penetrating the platform.
- a number of monitoring tools which continually analyze activity on the platform while checking user entries for plausibility. Our Customer Care Team is immediately notified if certain strings are used (e.g. "asdf" in all input fields during registration) or if various members appear to log in to one computer. This may even lead to users being automatically blocked temporarily due to suspicious activity.
(1) XING AG commissions kununu GmbH to process, e.g. data on its behalf. To this end, kununu uses IT systems that are not located in the Federal Republic of Germany, but within the European Union. XING AG has taken the necessary steps to ensure that German data security standards are upheld.
The XING Security Team
Data Protection Officer & Junior Legal Counsel
Director BI Competence Centre
Team Leader Technical Risk Management
Team Leader Customer Care
Principal System Architect
IT Security Administrator
Principal Legal Counsel