Xactly is aware of recent reports regarding compromised NPM packages, including the Shai-Hulud attack disclosed on September 16, 2025. Our security and engineering teams have conducted a review and have confirmed that there is no indication that Xactly products and platforms have been affected by any of the impacted packages. We understand the seriousness of the NPM supply chain vulnerabilities and remain vigilant. Xactly will continue to closely monitor for any new disclosures and evolving threat intelligence related to NPM supply chain attacks, and will provide an update if our assessment changes
Xactly’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements (as defined in said policy).
