Linkleb

Security at LinkLeb

Your data, your teams, your customers — protected by design. LinkLeb is built as a secure, cloud-hosted platform so companies can confidently use NFC and digital profiles without worrying about data safety.

Our Security Principles

  • Security by design: We follow modern SaaS and OWASP best practices when designing and reviewing new features, instead of “adding security later.”
  • Least-privilege access: Every internal tool and role is configured so people and systems see only what they need to do their job.
  • Transparency: We clearly explain how we protect your data and what you control as a customer, including deletion on request.

Data Protection

  • Encryption in transit: All traffic between your browser, mobile device, and LinkLeb uses HTTPS with industry-standard TLS encryption to prevent eavesdropping or tampering. All traffic to linkleb.com is routed through Cloudflare and served over HTTPS with modern TLS.
  • Encryption at rest: Our databases and backups are stored on encrypted disks with our cloud provider, helping protect data even if storage is accessed at a low level. Customer data is stored in Supabase (Postgres on top of a major cloud provider) where storage volumes are encrypted at rest, including automated backups.
  • Password security: User passwords are never stored in plain text; they are hashed with modern algorithms (e.g., bcrypt/argon2) plus salt before being written to the database. Authentication is handled by Supabase Auth, which stores passwords as salted, strong hashes rather than plain text.
  • Minimal data: LinkLeb only asks for the information needed to run your workspace (e.g., name, email, team details, profile content) and you can remove or update it at any time.

Infrastructure & Application Security

  • Cloudflare protection: DNS and edge traffic are fronted by Cloudflare, adding network-level protections (TLS termination, rate limiting options, and DDoS mitigation).
  • Bot protection: We use Cloudflare Turnstile on key forms and authentication flows to block automated abuse without adding friction for real users.
  • Application hosting: The LinkLeb web app is deployed on Vercel, which provides isolated deployments, automatic HTTPS, and secure build pipelines.
  • Data layer: Supabase provides managed Postgres, Row Level Security (RLS), and access policies to control which data can be read or written by different parts of the app.
  • Secure development: We use parameterized queries, input validation, and built-in framework protections to reduce risks like SQL injection, XSS, and CSRF.
  • Dependency management: Third-party libraries and containers are regularly updated, and we monitor for known vulnerabilities to patch them quickly.
  • Environment isolation: Production data is stored in a separate, hardened environment from development and testing.

Access Control & Authentication

  • Account security: Workspace access is protected by strong passwords, email verification, and optional multi-factor authentication for admins and owners (where supported).
  • Role-based permissions: Team-level roles (owner, admin, member, billing, etc.) ensure that only authorized users can manage pages, NFC tags, billing, or integrations.
  • Session management: We use secure cookies, automatic session expiry, and device-level checks to reduce the risk of session hijacking.

Email and Notifications

  • Transactional email: We use Resend for transactional emails (invites, password reset, notifications), which ensures secure email delivery and modern anti-abuse practices.
  • Minimal content in emails: Security-sensitive information (like passwords) is never sent by email; password resets always go through time-limited, single-use links.

Monitoring, Backups & Reliability

  • Monitoring & logging: Critical infrastructure and application metrics are monitored for unusual activity or performance issues, with alerts to our engineering team. We combine Supabase and Vercel logs with internal monitoring.
  • Automated backups: Encrypted backups are taken regularly and stored separately to allow recovery from accidental deletion or infrastructure failure. Supabase manages regular encrypted backups of the Postgres database.
  • Disaster readiness: We maintain runbooks for incident response and recovery so we can restore service and data as quickly as possible if something goes wrong.

Privacy & Data Ownership

  • You own your data: Customer content and team data always remain under your control; LinkLeb only uses it to provide and improve the service.
  • Data retention: We retain data only as long as your account is active or as required by law and then delete or anonymize it according to our retention policy.
  • Export & deletion: Workspace owners can request exports of their data or complete deletion of an account and related records.
  • Third-party sharing: We do not sell customer data. Limited third-party services (e.g., cloud hosting, analytics, payments) only receive what they need to operate, under strict agreements.

Shared Responsibility

Security in SaaS is a shared responsibility between LinkLeb and our customers.

LinkLeb is responsible for:

  • Securing the application, APIs, and underlying infrastructure.
  • Protecting data at rest and in transit.
  • Monitoring, backups, and incident response.

Customers are responsible for:

  • Managing who they invite into their workspace and assigning appropriate roles.
  • Keeping devices and browsers up-to-date and using strong, unique passwords (and MFA where available).
  • Configuring public vs private pages and links in line with their internal policies.

Report a Security Issue

If you believe you’ve found a security vulnerability in LinkLeb, please contact us at security@linkleb.com with a description, impact, and steps to reproduce.
We investigate all reports and aim to acknowledge critical issues quickly.