xentral
Security

Your data, sealed inside your workspace.

Security isn't a feature we added later — it's how Xentral is built. Every company is a fully isolated tenant, credentials are encrypted at rest, access is governed by clear roles, and you bring your own email, WhatsApp and AI keys so you stay in control of the tools that touch your data.

Start free Book a demo

Workspace-isolated tenants · AES-256-GCM encryption at rest · Role-based access · audit logging

app.xentral.ae/settings/security

Roles & access

Tenant isolated
RoleViewEditBillingOwnerManagerSales

Built around isolation, encryption and least privilege.

When several businesses share one platform, the most important guarantee is that one company can never see another's data. In Xentral, every workspace is a sealed tenant: contacts, conversations, mailboxes, numbers, documents and keys are scoped to your company and accessible only to the users you authorise.

Sensitive credentials — your email, WhatsApp and AI provider keys — are encrypted at rest with AES-256-GCM, never written to logs and never exposed back to the browser. They're used only to operate the service on your behalf.

Inside your workspace, access follows the principle of least privilege. Roles such as Owner, Admin, Manager, Sales and Support each see only what they need, and sensitive actions are gated and recorded.

Tenant isolation

One company can never reach another's data.

Every query in Xentral is scoped to your company. There are no shared mailboxes, numbers or records between tenants, and cross-tenant access paths are removed by design — even platform administration respects the boundary for customer data.

  • Sealed per-company workspace (multi-tenant isolation)
  • No shared channels, records or keys between companies
  • Company-scoped queries throughout the platform
  • Isolation verified across modules
app.xentral.ae/settings/security

Roles & access

Tenant isolated
RoleViewEditBillingOwnerManagerSales
Encryption & keys

Credentials encrypted, and yours to control.

Email, WhatsApp and AI provider credentials are sealed with AES-256-GCM encryption at rest. Because you bring your own keys, you decide which providers power your workspace, and you can rotate or revoke them at any time.

Keys are never logged, never returned to the client, and resolved per user and per workspace so each team controls its own access.

  • AES-256-GCM encryption of credentials at rest
  • Bring-your-own email, WhatsApp and AI keys
  • Per-user and per-workspace key resolution
  • Never logged, never exposed to the browser
app.xentral.ae/crm/contacts
SK

Sara Khan

Procurement Lead · Acme Health LLC

Active

Open deals

3

Lifetime

AED 48k

Health

Good

Activity

WhatsApp replyInterested in Professional
Quote sentQUO-2026-0042 · AED 4,200
Call loggedDemo booked for Tue
Access & accountability

Least privilege, with a record of what happened.

Role-based access control keeps people in their lane: Support can't touch billing, Sales can't change admin settings. Sensitive and money-related actions require permission, and AI actions run through the same checks as humans.

Important actions — including everything the AI does — are written to an audit and usage log, so you always know what changed and on whose behalf.

  • Owner, Admin, Manager, Sales, Support roles
  • Permission checks on money and admin actions
  • Confirmation required for sensitive operations
  • Audit and per-event AI usage logging
app.xentral.ae/dashboard

Open deals

42

New contacts

128

Security you can explain to your team.

Workspace isolation

Every company is a sealed tenant — no shared data, ever.

Encryption at rest

Credentials sealed with AES-256-GCM, never logged or exposed.

Your own keys

Bring and control your email, WhatsApp and AI provider keys.

Role-based access

Least-privilege roles so people see only what they should.

Audit logging

Sensitive and AI actions are recorded for accountability.

Data control

Export your data, and request deletion of personal data.

Security — frequently asked questions

Is my company's data isolated from others?

Yes. Every workspace is a sealed tenant. Contacts, conversations, mailboxes, numbers, documents and keys are scoped to your company and reachable only by the users you authorise.

How are my credentials stored?

Email, WhatsApp and AI keys are encrypted at rest with AES-256-GCM, never written to logs and never returned to the browser. They're used only to operate the service for you.

Who can see what inside my workspace?

Access follows least privilege through roles like Owner, Admin, Manager, Sales and Support. Money and admin actions require explicit permission.

Do AI actions respect the same security?

Yes. The AI runs through the same role-based permission checks as people, requires confirmation for sensitive actions, and every action is logged.

Can I export or delete my data?

Yes. You can export your workspace data, and request deletion of personal data, subject to applicable law.

Ready to start?

Run on a platform built to protect your data.

Isolated workspaces, encrypted credentials, least-privilege access and your own keys. Create a workspace and see for yourself.

Start free Book a demo