Skip to main content
Security and Compliance

Enterprise-grade protection. Zero compromises.

Your data is encrypted, isolated, and protected by industry-leading security standards.

Security Controls

Aligned with industry best practices

AES-256 Encryption

Data encrypted at rest and in transit

High Availability

Multi-AZ deployment with auto-failover

How Your Data Flows
1

Your App

TLS 1.3 encrypted

2

API Gateway

WAF + Rate limiting

3

Sign Service

Secure key storage

4

Storage

AES-256 encrypted

Infrastructure
  • Cloud infrastructure with network isolation
  • Multi-region deployment
  • Automated backups
  • 24/7 monitoring
Compliance
  • Security Best Practices Implemented
  • GDPR Compliant Active
  • C2PA Member Active
  • Security Testing Regular

Data Encryption

At Rest

All stored data is encrypted using AES-256 encryption. Database fields containing sensitive information use additional field-level encryption.

In Transit

All API communications use TLS 1.3 with strong cipher suites. We enforce HSTS and support certificate pinning for mobile apps.

Key Management

Signing keys are securely stored with encryption at rest. Key access is strictly controlled with audit logging for all operations.

Access Control

Role-Based Access Control (RBAC)

Define granular permissions for team members. Separate roles for signing, verification, and administration.

  • Admin, Editor, Viewer roles
  • API key scopes
  • Audit logging

Single Sign-On (SSO)

Enterprise plans include SSO integration with your identity provider for centralized authentication.

  • SAML 2.0 support
  • OAuth 2.0 / OIDC
  • Okta, Azure AD, Google Workspace

Monitoring and Incident Response

Continuous Monitoring

  • 24/7 automated security monitoring
  • Real-time anomaly detection
  • Automated vulnerability scanning
  • DDoS protection at edge

Incident Response

  • Documented incident response plan
  • 15-minute response SLA for critical issues
  • Post-incident reports within 72 hours
  • Transparent status page at status.credlink.io

Need a security review?

We'll send our security controls documentation, penetration test summary, and architecture overview within 24 hours.

Request security pack
Privacy Policy → Terms of Service → Compliance →