Our approach to data protection
Data protection is built into the platform’s architecture and operational processes, supporting secure handling without adding unnecessary complexity.
Our approach focuses on:
-
minimising unnecessary data exposure
-
controlling access and visibility
-
maintaining traceability
-
supporting compliance requirements across industries
Data handling and processing
Purpose-driven processing
Data is processed solely to support configured document flows, integrations and operational requirements. Information is not used outside of its intended purpose.
Logical data separation
Customer data is logically separated within the platform, ensuring document flows, partner configurations and operational data remain scoped appropriately.
Data lifecycle awareness
Documents and associated metadata are handled as part of controlled workflows, with clear processing stages and traceable events.
Access control and visibility
Role-based access
Access to data and platform functions is governed through user roles and permissions, helping ensure users only see what they need to perform their role.
Multi-user environments
XEDI supports multi-user access while maintaining accountability for actions such as retries, corrections and configuration changes.
Data transmission and storage
Secure transmission
Data is transferred using secure, encrypted protocols appropriate for enterprise integrations and partner connectivity.
Controlled storage
Operational data is stored in line with platform requirements and retention considerations, supporting traceability and audit needs.
Auditability and traceability
Strong traceability supports both operational control and data protection obligations.
XEDI provides:
-
document-level tracking
-
timestamps for key processing events
-
visibility into retries, corrections and outcomes
-
clear linkage between documents and partners
This helps organisations respond confidently to audits, investigations and partner queries.
Supporting regulatory requirements
Data protection obligations vary by organisation, geography and industry. XEDI is designed to support common requirements such as:
While compliance responsibilities remain with the customer, the platform provides the technical foundation to support those obligations.
Data protection in integrations and partnerships
-
Secure connectivity methods for inbound and outbound data
-
Validation and error handling to reduce unexpected data processing
-
Clear boundaries between partner configurations
-
Controlled retry and correction workflows to prevent data leakage
Frequently asked questions
Does XEDI process personal data?
Depending on your document flows, some data may be considered personal data. XEDI processes data only as required to support configured integrations and workflows.
How is access to data controlled?
Access is managed through user roles, permissions and secure authentication methods.
Can we audit how data is processed?
Yes. Document processing events, changes and outcomes are traceable within the platform.
Is data shared between customers?
No. Customer data is logically separated and scoped to each account.
