Security
How we protect customer data.
Practices
- · Encryption in transit (TLS 1.3) and at rest (AES-256)
- · JWT-based auth with rotating refresh tokens
- · Mandatory MFA for admin / super-admin roles, with elevated MFA for danger-zone actions
- · Per-product database isolation, row-per-tenant inside
- · Nightly off-site backups
- · Signed audit log for every critical action
Sub-processors
- · Paddle — subscription billing (Merchant of Record)
- · Postmark — transactional email
- · Cloud VPS provider — primary hosting
Responsible disclosure
Found a vulnerability? Email security@enlinka.co. We commit to acknowledging within 48 hours.