en DE RU
Request Demo

I am focused
on Tech & Security

Possible Positions: CTO, DPO, CISO, Head of IT, Tech Lead

Enhance your tech stack with Exponea. Ensure stability by enabling your team to create, send, test, and analyze campaigns, all within the same user-friendly platform.

background graphic graphic

Google Cloud

“Exponea’s progress has been spectacular.”

Read on to see how Exponea uses Google Cloud to drive scalability, flexibility, and security at scale.

Read the Article

Security is
our priority

Security commitment

Strong security culture


We are trying to create a strong security culture amongst all employees of Exponea. We strongly believe that every employee is an essential part of our defense against potential security breaches.

This culture has a strong impact on all employees and is present at all stages and everywhere, including the hiring process, employee on‑boarding, but also as a part of the ongoing trainings that Exponea provides and company events to raise awareness. Before an employee joins Exponea, we perform a check of his/her background. All our employees must be familiar with our security policies and go through security training as part of the on‑boarding process and receive regular security training throughout their stay here at Exponea. During the on‑boarding process, new employees agree to our NDA and go through OWASP training. This shows our commitment to keep the data of our customers secure.

All employees working at Exponea must follow our password security and lockout policy, must have 2FA authentication, must have a secure Wi‑Fi connection, or alternatively, be connected to our VPN when working remotely. Additionally, all of Exponea’s employees are using Okta which is a Single Sign‑On service that enables them to securely access their accounts and applications.


Security development practices


The developers in the IT segment receive instructions on topics like best coding and development practices, the principle of least privilege when granting access rights, etc. The IT department also attends technical presentations on security‑related topics, receives regular updates on the newest issues from the Cybersecurity space in our security channel.


Our certificates


Exponea has valid certifications to show how seriously we take the topics of security and compliance. We currently have the following certifications:

Security commitment
Security management

We Care About
Your Security

Endpoint Security

We take care that all of our endpoint devices are protected according to our Endpoint Security Policy. This includes that all of our endpoint devices have disc encryption, malware protection, guest access disabled, firewall, and have regularly updated OS. In addition, we perform regular checks to make sure that we maintain this high level of security.

Vulnerability Management

Exponea has a vulnerability management policy that includes processes such as regular web scans and scans for potential threats. Once a vulnerability requiring our attention has been identified, it is tracked, given a priority according to how urgent it is, and assigned to relevant people as a ticket. Our security team tracks such issues and follows up regularly until they can check that the issues have been resolved.

Quality Assurance

It is vital for us to properly test all new features before implementing them so that we make sure that no unexpected vulnerabilities are introduced to the application. The QA team guarantees that all new additions to our application are bug‑free prior to release. They also test private instances for our fresh clients just before they get into the hands of our Client Services team.


Our security monitoring is performed on information collected from internal network traffic and the knowledge of our vulnerabilities. Internal traffic is checked for any suspicious behavior. Network analysis and examination of system logs in order to identify unusual behavior are a vital part of monitoring. We place search alerts on public data repositories to look for security incidents and analyse system logs.

Incident Management

Exponea has well‑defined incident management processes for security events that may affect the confidentiality, integrity, or availability of our client's resources or data. If an incident occurs, the security team identifies it, reports it, assigns it to the correct resolver and gives it a resolution priority based on its urgency. Events that directly impact our customers are always assigned the highest priority and shortest resolution time. This process involves plans of action, procedures for identification, escalation, mitigation, and reporting.

Protecting our clients’ data

lines of code

Data Encryption

Whenever we store data in the Google Cloud Platform (GCP), there are several layers of encryption. By default, data is encrypted both at rest and in transit. Additional security controls are implemented depending on the requirements of our customers.

Without any further implementations, GCP encrypts and authenticates all data in transit at one or more network layers when data moves outside physical boundaries not controlled by or on behalf of Google. Google uses the Advanced Encryption Standard (AES) algorithm to encrypt data at rest. Transport Layer Security (TLS) is used to encrypt data in transit for transport security.


GDPR Compliant

Exponea application supports our customers in finding the best ways how to be compliant with the GDPR. The application works in such a way that the clients have a complete control of consent management (they set a purpose for processing), data subject rights management (they can download all customer data, anonymize a customer or delete a customer).

Exponea has access management that enables the users to select specific data types as PII and then set/revoke permission to see PII per user. For every event it is possible to manage its retention and set expiration separately. In addition, data API enables the clients to integrate their systems to enable fast execution of data subjects requests.

Exponea Application

Security Within
Exponea’s Platform

Exponea Core Security

At Exponea, we make sure that all our clients have a secure set‑up. This includes 2‑FA Authentication (SMS, App Authenticator, Yubikey) and Captcha challenge‑response test when signing in. We use Google Load Balancer with firewall rules to protect load‑balanced resources during distribution and TLS to encrypt communication within the Exponea application. We ensure that static IPs used for webhooks and imports are encrypted in log files.

Exponea Secure Setup



  • Login + 2FA (username or Google login) + protection (CAPTCHA,..)
  • Google Load Balancer with firewall rules
  • Static IPs for Webhooks (HTTPS) and Imports (encrypted)
Exponea Enterprise Security

We go even further when working with extremely sensitive data such as data from the banking or telecommunications sector that we implement some extra measures in order to increase the level of security of their data and resources. Therefore, we provide a set of features for enterprises requiring an enhanced level of security and access management.

This includes SSO (Single sign‑on) integration system when signing in, WAF to filter http traffic from specific websites, audit log that is automatically tracked on each instance for each project, IP deny/allow list by Cloud Armor, site‑to‑site VPN to eliminate any unauthorised access to private instances, vulnerability scan reports by Tenable Nessus, and web scan reports.

Exponea Security Extras Setup


Extras List:

  • SSO (SAML2)
  • Web Application Firewall
  • Audit Log Access
  • IP Restriction (Cloud Armor)
  • VPN for Login (*SSO)
  • Vulnerability Scan Reports
  • Web Scans Reports

The protection of our clients’ data and resources is our priority and therefore, we will continue to improve our security measures and keep up to date with the newest cybersecurity advancements. Finally, we will keep up with the newest regulatory laws so that we stay compliant.

Exponea Integrations

See All Integrations
Exponea can simplify and optimize your tech stack, replacing multiple tools with an all‑in‑one platform, giving you more time for meaningful work.
But we understand that such a big change isn’t always possible. That’s why Exponea has a number of silky‑smooth native integrations, making it easy to take advantage of Exponea’s capabilities with the tools you already use.

Our Data Security Specialist

Exponea’s dedicated team of security engineers, led by a cybersecurity manager, are an essential part of our IT infrastructure. This team is responsible for maintaining Exponea’s protection and defense systems, building security frameworks, reviewing operational security processes, and creating new security policies. The security team is also responsible for monitoring any suspicious activity, address cybersecurity threats and perform regular health checks and audits.

In addition, our independent Data Protection Officer (DPO), Lenka Gondova, makes sure that we stay compliant. Our DPO is also tasked with monitoring our compliance with GDPR and other data protection laws, as well as our data protection policies, GDPR awareness-raising, training, and audits.

Lenka Gondova
Chief Information Security Officer (CISO)
and appointed as DPO:
shield icon
ISO 27001 LA
ISO 20000‑1 LA
ISO 22301 LA

Lenka is an expert on auditing, risk management and governance who support the national Office for Personal Data Protection by creation of execution law for GDPR certification and DPIA.

product calendar

See What's
Next for Exponea

See where we're heading: Roadmap
See our product history: Changelog

Have you not found what you

have been looking for?

Thank You!
The form was submitted successfully.

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close
Exponea CCPA

Unsure about CCPA and its
implications for your business?

See our CCPA compliance features

Get Compliant

I’m not interested in these features.