If you have security-related questions that look similar to these:

  1. How does XTM protect the files of our customers from being viewed by not permitted persons?
  2. Who exactly can get access to the files of created projects except for API clients or our admins?
  3. How does XTM delete files after deleting a project? Are files deleted or simply marked as deleted?
  4. How does XTM take care that the customer data will not be exposed?

You should be able to find answers and many more in the attached document.