SOC 2 Compliant

Security & Trust Center

Enterprise-grade data protection built into every layer of the Lynk AI platform. Your data is encrypted, isolated, and governed by strict access controls — so your AI agents operate with the security posture your business demands.

View Certifications

Certifications & Compliance

Independently verified controls that meet the standards your compliance team requires.

Compliant

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality. Our SOC 2 report is available under NDA upon request.

Certified

ISO 9001

Quality management system certification demonstrating consistent, high-quality processes across engineering and operations.

In Progress

ISO 27001

Information security management system certification underway. Expected completion aligns with our enterprise security roadmap.

How We Protect Your Data

Security is not an add-on. It is built into the architecture of every agent, every API call, and every data flow.

Data Handling & Encryption

  • All data encrypted in transit with TLS 1.2+ and at rest with AES-256.
  • Customer data is logically isolated per tenant. No cross-tenant data access.
  • Sensitive fields (PII, credentials) use application-layer encryption with managed key rotation.
  • Data retention policies are configurable per customer. Deletion requests are honored within 30 days.

Infrastructure & Network Security

  • Hosted on Vercel and AWS with SOC 2 certified cloud providers.
  • MongoDB Atlas with network-level isolation, IP allowlisting, and encrypted storage.
  • Automated vulnerability scanning and dependency auditing in CI/CD pipelines.
  • DDoS protection and Web Application Firewall at the edge layer.

Human-in-the-Loop Oversight

  • Every AI agent operates under configurable confidence thresholds. Low-confidence outputs are routed to a human reviewer.
  • Audit trails capture every agent action, decision, and data access for full traceability.
  • Customers define escalation rules that determine when the agent defers to a human operator.
  • No autonomous action on high-stakes decisions without explicit human approval.

Access Controls & Authentication

  • Role-based access control (RBAC) with least-privilege defaults across all services.
  • Multi-factor authentication enforced for all internal systems and admin consoles.
  • API access secured with scoped tokens and short-lived credentials.
  • Session management with automatic timeout and re-authentication for sensitive operations.

GDPR & Privacy Compliance

  • Data Processing Agreements (DPAs) available for all enterprise customers.
  • Right to access, rectify, and delete personal data honored within regulatory timelines.
  • No customer data is used for model training. Your data stays yours.
  • Privacy-by-design principles embedded in every feature from architecture to deployment.

Incident Response & Business Continuity

  • Documented incident response plan with defined severity levels and escalation paths.
  • Automated monitoring and alerting for anomalous activity across all services.
  • Regular disaster recovery drills with defined RTO and RPO targets.
  • Post-incident reviews published to affected customers within 5 business days.

Need More Detail?

We provide SOC 2 reports, penetration test summaries, and Data Processing Agreements under NDA. Reach out and our security team will get back to you within one business day.

Products Protected by These Standards

EmailAI

Document AI

Claims AI

DeepSearch