Security
Two-Factor Authentication (2FA)
XBuddy supports TOTP-based 2FA (compatible with Google Authenticator, Authy, 1Password, etc.).
Enable 2FA
- Go to Settings → Profile → Security
- Click Enable Two-Factor Authentication
- Scan the QR code with your authenticator app
- Enter the 6-digit code to confirm
- Save your backup codes in a secure location
Admins can require 2FA for all workspace users under Settings → Security → Require 2FA.
Session management
- Sessions expire after 24 hours of inactivity
- You can view and revoke active sessions from Settings → Profile → Active Sessions
Security logs
All significant security events are logged and visible to admins under Settings → Security → Audit Log:
- Login attempts (success and failure)
- Password changes
- 2FA enable/disable
- User role changes
- Data exports
Role-based access control
XBuddy uses a permission matrix per module and action type (view, create, edit, delete, approve). Custom roles can be created with any combination of permissions.
Data isolation
Each XBuddy workspace is fully isolated at the database level — your data is stored in a dedicated schema separate from all other tenants.
Reporting a security issue
Please report security vulnerabilities to security@xbuddy.co. We respond within 24 hours.