Xplora PSTI Policy

1. Introduction

At Xplora, we are committed to ensuring the highest standards of security, privacy, and compliance in our connected devices. This Product Security and Telecommunications Infrastructure (PSTI) Policy establishes the principles and responsibilities for safeguarding the integrity of our smartwatches and other IoT-enabled products.

2. Scope

This policy applies to all Xplora hardware, software, and services, including but not limited to:

  • Xplora smartwatches and related accessories
  • Xplora cloud infrastructure and backend services
  • Mobile applications and web-based platforms
  • Any third-party integrations within the Xplora ecosystem

3. Security Principles

Xplora adheres to the following core security principles:

3.1 Secure Development Lifecycle (SDL)

  • All products undergo a rigorous security review during development, including threat modeling and penetration testing.
  • Regular security updates and patches will be provided throughout the product lifecycle.

3.2 Authentication and Access Control

  • Multi-factor authentication (MFA) is implemented where applicable.
  • Device pairing and user access require secure authentication mechanisms.

3.3 Data Privacy and Protection

  • User data is encrypted at rest and in transit using industry-standard protocols.
  • Minimal data collection practices ensure compliance with GDPR and other regulatory frameworks.
  • Users have full control over their personal data, including options for data deletion.

3.4 Software and Firmware Integrity

  • All firmware updates are cryptographically signed and verified.
  • Over-the-Air (OTA) updates follow strict security guidelines to prevent unauthorized modifications.

3.5 Incident Response and Vulnerability Management

  • A dedicated incident response team is in place to handle security breaches and vulnerabilities.
  • Vulnerabilities are disclosed and remediated according to a transparent Responsible Disclosure Program.

4. Compliance and Regulations

Xplora products and services comply with:

  • UK Product Security and Telecommunications Infrastructure (PSTI) Act
  • EU General Data Protection Regulation (GDPR)
  • Other relevant regional and international cybersecurity standards

5. Third-Party and Supply Chain Security

  • All suppliers and third-party partners must adhere to Xplora’s security standards.
  • Regular security audits and assessments are conducted on third-party services and integrations.
  • Secure software supply chain practices are implemented to mitigate risks of compromised components.

6. Responsibilities and Enforcement

  • The Xplora Security Team is responsible for enforcing this policy and ensuring compliance across all departments.
  • Employees must report any security incidents or suspected vulnerabilities immediately.
  • Non-compliance with this policy may result in disciplinary actions in accordance with company regulations.

7. Continuous Improvement

  • This policy is reviewed and updated annually to align with emerging security threats and regulatory changes.
  • Xplora encourages responsible security research and welcomes collaboration with ethical hackers and industry experts.

8. Continuous Improvement

Any Xplora customer can report a vulnerability issue observed on an Xplora hardware, software, and services on the following email address xplora.system@xplora.com.

Reports may be submitted anonymously. If the customer shares the contact information, we will acknowledge receipt of your report within 7 business days per email.

 

 In order to help Xplora triage and prioritize submissions, we recommend that your reports:

  • ·       Precisely describe the concerned product by for example giving the Xplora hardware, software, and services.
  • ·       Describe the location the vulnerability was discovered and the potential impact of exploitation.
  • ·       Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
  • ·       Be in English.
  • ·       When the Xplora customer choose to share his contact information with Xplora , we commit to coordinating with you as openly and as quickly as possible.
  • ·       Within 7 business days, NEXTINNN will acknowledge that your report has been received.
  • ·       To the best of his ability, Xplora will confirm the existence of the vulnerability to the customer and be as transparent as possible about what steps have been taken during the remediation process, including on issues or challenges that may delay resolution.
  • ·       Xplora will maintain an open dialogue to discuss issues.
  • ·       Xplora will and keep the customer updated per email on the progress in a regular way.
  • ·       The customer will be informed by Xplora when the reported issue can be considered as closed.

This PSTI Policy serves as a foundational framework for Xplora’s commitment to security, privacy, and regulatory compliance. For any security concerns or inquiries, please contact the Xplora Team at xplora.system@xplora.com.