We use essential cookies to run LinkLane and, with your consent, cookieless analytics to improve the product. See our Privacy Policy.

LinkLane
TRUST

Trust & Security

Last updated June 3, 2026

Security is built into LinkLane, not bolted on. This page summarizes how we protect your account and your data. For privacy specifics see our Privacy Policy, and for the third parties that process data see our Subprocessors list.

Identity & access

  • Strong authentication: bcrypt-hashed passwords and optional two-factor authentication (TOTP) with recovery codes.
  • Enterprise SSO: sign in with your identity provider via OpenID Connect (Okta, Microsoft Entra, Google Workspace, OneLogin, Auth0).
  • Automated provisioning (SCIM 2.0): your IdP creates, updates, and — on offboarding — instantly deprovisions users, immediately revoking access.
  • Role-based access control: owner, admin, member, and read-only viewer roles, enforced on the server for every action.
  • Session safety: sessions can be revoked instantly (logout, password reset, or deprovisioning invalidates existing sessions).

Data protection

  • Encryption in transit: all traffic is served over HTTPS/TLS.
  • Encryption at rest: our managed database encrypts stored data; passwords, API keys, and authentication secrets are hashed or encrypted — never stored in plain text.
  • IP minimization: visitor IP addresses are never stored in raw form — they are salted-hashed and used only transiently for geolocation and unique-visitor counting.
  • Retention limits: analytics data is automatically deleted on a rolling schedule.

Application & network security

  • Strict access checks on every resource (no cross-account access).
  • Protection against SSRF, open redirects, and injection.
  • Hardened HTTP security headers and a strict Content Security Policy; locked-down CORS.
  • Signed, verified webhooks; malware/phishing checks on destination URLs.
  • Bot protection and durable rate limiting with account lockout to deter abuse and credential stuffing.

Monitoring & auditability

  • An append-only audit log records security-relevant events (sign-ins, security changes, key/role changes), visible to you in Settings.
  • Error monitoring is configured to exclude personal data.

Privacy & your rights

  • Self-serve data export and account deletion from Settings (GDPR/CCPA).
  • Cookieless, consent-gated product analytics — off until you accept.
  • We do not sell or share your personal information.

Reliability

Our database uses continuous, encrypted backups with point-in-time recovery, and we maintain documented recovery objectives and procedures.

Engineering practices

Every change ships through code review and automated checks, including a blocking dependency vulnerability scan, so known-vulnerable libraries can't reach production.

Reporting a vulnerability

Found a security issue? Email security@linklane.io. We aim to acknowledge within two business days and ask that you avoid public disclosure until a fix ships. Report abusive links to abuse@linklane.io.

Enterprise & compliance

For security questionnaires, a Data Processing Agreement (DPA), or details on our SOC 2 readiness, contact security@linklane.io.