Security & Compliance

Last Updated: December 10, 2025

1. Our Security Commitment

At Lyynx, security is fundamental to everything we do. As a customer reference management platform, we understand that you entrust us with valuable business relationships and sensitive information. We take this responsibility seriously and have implemented comprehensive security measures to protect your data.

This page provides an overview of our security practices, infrastructure, and compliance commitments.

2. Infrastructure Security

2.1 Cloud Infrastructure

  • Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification
  • Geographically distributed data centers for redundancy
  • Automated backups with point-in-time recovery
  • 99.9% uptime SLA (see our Service Level Agreement)

2.2 Network Security

  • Enterprise-grade firewalls and intrusion detection systems
  • DDoS protection and mitigation
  • Network segmentation and isolation
  • Regular vulnerability scanning and penetration testing
  • 24/7 security monitoring and alerting

2.3 Physical Security

  • Data centers with 24/7 security personnel
  • Biometric access controls
  • Video surveillance and monitoring
  • Environmental controls (fire suppression, climate control)

3. Data Protection

3.1 Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • At Rest: All stored data is encrypted using AES-256 encryption
  • Database: Database connections are encrypted and access is strictly controlled
  • Backups: All backups are encrypted with separate encryption keys

3.2 Data Isolation

  • Multi-tenant architecture with strict data isolation
  • Row-level security ensuring tenant data separation
  • Unique encryption keys per tenant (where applicable)
  • Logical separation of customer data

3.3 Data Retention & Deletion

  • Data retained only as long as necessary for service provision
  • Secure data deletion upon account termination
  • Backup data purged within 30 days of deletion request
  • Compliance with data subject deletion requests (GDPR, CCPA)

4. Application Security

4.1 Secure Development

  • Secure Software Development Lifecycle (SSDLC)
  • Code reviews for all changes
  • Static and dynamic application security testing (SAST/DAST)
  • Dependency vulnerability scanning
  • Regular security training for development team

4.2 Authentication & Access Control

  • Secure password hashing using industry-standard algorithms
  • OAuth 2.0 integration (LinkedIn)
  • Session management with automatic timeout
  • Role-based access control (RBAC)
  • Audit logging of authentication events

4.3 Protection Against Common Threats

  • Cross-Site Scripting (XSS) prevention
  • Cross-Site Request Forgery (CSRF) protection
  • SQL injection prevention
  • Input validation and sanitization
  • Rate limiting and abuse prevention

5. Organizational Security

5.1 Personnel Security

  • Background checks for all employees with data access
  • Confidentiality agreements and security policies
  • Regular security awareness training
  • Principle of least privilege for system access
  • Immediate access revocation upon termination

5.2 Vendor Management

  • Security assessments for all vendors/subprocessors
  • Contractual security requirements
  • Regular vendor security reviews
  • See our Subprocessor List for current vendors

5.3 Incident Response

  • Documented incident response procedures
  • 24-hour incident response team
  • Customer notification within 72 hours of confirmed breach
  • Post-incident analysis and remediation
  • Regular incident response drills

6. Compliance

6.1 Regulatory Compliance

Regulation Status Description
GDPR Compliant EU General Data Protection Regulation
CCPA/CPRA Compliant California Consumer Privacy Act
SOC 2 Type II Planned Service Organization Control audit

6.2 Privacy Compliance

7. Your Security Responsibilities

While we implement robust security measures, security is a shared responsibility. We recommend:

  • Use strong, unique passwords for your account
  • Keep your login credentials confidential
  • Log out when using shared or public computers
  • Report any suspicious activity immediately
  • Keep your browser and operating system updated
  • Review and manage your team members' access regularly

8. Security Updates

We continuously improve our security posture. Major security updates and enhancements will be communicated through:

  • Updates to this Security page
  • Email notifications for significant changes
  • In-app announcements when relevant

9. Reporting Security Issues

If you discover a security vulnerability or have security concerns, please report them immediately:

We appreciate responsible disclosure and will work with you to address any legitimate security concerns promptly.

10. Contact Us

For security-related questions or to request additional security documentation, please contact:

VRLY Ventures LLC
d/b/a Lyynx
1346 How Lane, Unit 7
North Brunswick Township, NJ 08901

Security: security@lyynx.com
Compliance: compliance@lyynx.com