Security

How LynkPilot protects your organization's data.

Last updated: June 2026

Our Commitment

LynkPilot is purpose-built for franchise operators who require their data to be accurate, available, and private. Security is a core design requirement, reviewed continuously as the platform evolves. This page describes the controls and practices we maintain.

Infrastructure Security

Our platform runs on enterprise-grade cloud infrastructure with established security certifications and global availability. We build on major cloud providers that maintain SOC 2 compliance, physical security standards, and incident response capabilities. We do not operate our own data centers — we rely on providers whose security posture is independently audited.

Data Encryption

All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted at the storage layer by our infrastructure providers. Files and documents uploaded to the platform are stored with encryption at rest and are only accessible via time-limited, authenticated download links — direct external access to stored files is not possible.

Authentication & Access

User authentication is handled by a dedicated identity platform that supports multi-factor authentication (MFA), secure session management, and credential protection. We do not store or handle raw passwords.

Within the platform, access is controlled by role-based permissions. Users can only access data and actions appropriate to their assigned role. Organization data is isolated — users from one organization cannot access another organization's data under any circumstances.

Internal Access Controls

Access to production systems is restricted to authorized personnel only. We follow the principle of least privilege — no broad standing access to customer data is granted. Internal access is reviewed periodically. Administrative actions within the platform are logged for accountability.

Monitoring & Incident Response

Our infrastructure is monitored continuously for anomalies, errors, and availability. We maintain alerting for unexpected access patterns and system health degradation. In the event of a confirmed security incident affecting customer data, we will notify affected organizations promptly and provide clear information on scope, impact, and remediation steps.

Data Backups

Customer data is backed up automatically by our infrastructure providers. Backups are retained and encrypted. We do not guarantee specific recovery point or recovery time objectives at this stage, but data durability is a core infrastructure requirement.

Rate Limiting & Abuse Prevention

The platform enforces rate limits on authentication attempts, API requests, and sensitive operations to protect against brute-force and abuse. File uploads are validated for type and size before being accepted by the platform.

Vulnerability Disclosure

If you discover a potential security issue in LynkPilot, please report it responsibly to support@lynkpilot.com. We will acknowledge your report within 2 business days and work to resolve confirmed issues promptly. We ask that you do not publicly disclose issues before we have had a reasonable opportunity to address them. We do not currently offer a formal bug bounty program but we take all reports seriously.

Questions

For security questions or concerns not covered here, contact support@lynkpilot.com.