lynkr

Security Policy

How Lynkr protects your data and ensures platform security

Last revised: May 17 2025

Introduction

At Lynkr, the security of your data is our highest priority. This Security Policy outlines how LYNKR INC. ("Lynkr", "Company", "we", "us" or "our") implements technical, administrative, and physical safeguards to protect your information as it moves through our integration platform.

This policy applies to all Lynkr services, including our website, API, applications, and integration tools (collectively, the "Services"). By using our Services, you acknowledge that you have read and understood this Security Policy, which should be read alongside our Privacy Policy and Terms of Service.

Security Program Overview

Lynkr maintains a comprehensive security program designed to protect the confidentiality, integrity, and availability of your data. Our security practices follow industry standards and include:

  • Organizational security controls and policies
  • Risk management and regular assessments
  • Security architecture and engineering practices
  • Operational security procedures
  • Incident response and management
  • Business continuity and disaster recovery planning
  • Regular employee security training

Data Security Measures

Encryption

Lynkr employs industry-standard encryption practices to protect your data:

  • All data transmitted to and from our Services is encrypted in transit using TLS 1.2 or higher
  • Sensitive data stored within our systems is encrypted at rest using AES-256 encryption
  • API keys, authentication tokens, and credentials are encrypted using secure key management practices

Access Controls

We implement strict access controls to ensure data is only accessible to authorized individuals:

  • Role-based access control (RBAC) for all systems and data
  • Principle of least privilege access for all staff members
  • Multi-factor authentication (MFA) requirement for all administrative access
  • Regular access reviews and promptly removing access when no longer needed
  • Secure password policies and credential management

Network Security

Our network infrastructure is designed with multiple layers of security:

  • Firewalls and network segmentation
  • Intrusion detection and prevention systems
  • DDoS protection and mitigation
  • Regular vulnerability scanning and penetration testing
  • Real-time monitoring and alerting

Application Security

We follow secure software development practices:

  • Secure software development lifecycle (SDLC) methodology
  • Regular code reviews and security testing
  • Static and dynamic application security testing
  • Dependency vulnerability management
  • Web application firewall (WAF) protection

Data Processing & Storage

Lynkr implements specific controls around data processing and storage:

  • Data minimization practices - we only collect what's necessary for the functioning of our Services
  • Regular data purging based on retention policies
  • Secure decommissioning and disposal procedures
  • Physical and logical separation of customer data
  • All production environments hosted in SOC 2 compliant data centers
  • Customer data stored in Canada and/or the United States as specified in agreements

Third-Party Security

We maintain a vendor security assessment program for all third-party services:

  • Thorough security review of all third-party vendors and service providers
  • Contractual security requirements for all partners
  • Regular reassessment of third-party security posture
  • Oversight of subprocessors and service providers

Incident Response

Lynkr maintains a documented incident response program:

  • 24/7 monitoring for security incidents
  • Documented procedures for identifying, containing, eradicating, and recovering from incidents
  • Regular testing of incident response procedures
  • Notification processes aligned with legal and contractual requirements
  • Post-incident reviews to prevent recurrence

In the event of a security incident that affects your data, we will notify you promptly in accordance with our obligations under applicable laws such as PIPEDA and our contractual commitments.

Compliance

Lynkr's security program is designed to comply with relevant frameworks and regulations, including:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25)
  • ISO 27001 information security principles
  • SOC 2 security standards (working toward certification)
  • OWASP security best practices

We regularly review and update our security practices to maintain alignment with evolving industry standards and regulatory requirements.

User Responsibilities

While Lynkr implements robust security measures, effective security requires partnership. We ask our users to:

  • Maintain strong, unique passwords for your Lynkr account
  • Enable multi-factor authentication when available
  • Keep API keys and credentials secure and rotate them regularly
  • Promptly report any suspected security incidents or vulnerabilities
  • Ensure your own systems meet appropriate security standards
  • Review and comply with our integration best practices

Security Assessments & Testing

To maintain our security posture, Lynkr conducts regular security assessments:

  • Vulnerability scanning at least monthly
  • Penetration testing by independent third parties at least annually
  • Regular internal security reviews
  • Code security scanning as part of our CI/CD pipeline

Summary reports of our security assessments may be made available to customers under NDA upon request.

Security Vulnerability Reporting

We appreciate the security community's efforts in helping keep Lynkr and our users safe. If you believe you've discovered a security vulnerability in our Services, we encourage you to report it to us responsibly.

Please email info@lynkr.ca with details of the vulnerability. We commit to:

  • Acknowledging receipt of your report within 48 hours
  • Providing an initial assessment of the report within 5 business days
  • Working with you to understand and resolve the issue
  • Keeping you informed of our progress
  • Publicly acknowledging your contribution (if desired) after the vulnerability is fixed

Updates to this Policy

We may update this Security Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised policy on our website and update the "Last Revised" date accordingly. Your continued use of our Services after such changes constitutes your acceptance of the updated policy.

Contact Information

If you have questions or concerns about our security practices, please contact:

Security Team, LYNKR INC.
3300 Sunningdale Gardens,
Oakville, Ontario, Canada
L6M 5K5
info@lynkr.ca