Security Policy

1. Our Commitment

Security is a core concern in everything we build. We apply security-first thinking to all our products, services, and internal systems.

2. Infrastructure Security

• All data in transit is encrypted using TLS 1.2 or higher
• Data at rest is encrypted where applicable
• Access to production systems is restricted and requires multi-factor authentication
• We conduct regular dependency audits and apply security patches promptly
• API access is authenticated via API keys with rate limiting applied

3. Application Security

• Input validation and sanitisation on all user-facing inputs
• Protection against common OWASP Top 10 vulnerabilities
• Regular code reviews with security in scope
• Secure software development lifecycle practices

4. Data Handling

We follow the principle of minimum necessary data collection. Data submitted through our APIs is processed for the stated purpose and not retained beyond what is operationally required.

5. Vulnerability Disclosure

If you believe you have found a security vulnerability in any of our products or services, please report it responsibly. We ask that you:

• Do not publicly disclose the vulnerability before we have addressed it
• Do not exploit the vulnerability beyond what is necessary to demonstrate it
• Provide sufficient detail for us to reproduce and resolve the issue

Report security issues to: info@lintio.orgwith "Security Report" in the subject line. We will acknowledge receipt within 48 hours and keep you updated on our progress.

6. Incident Response

In the event of a security incident affecting customer data, we will notify affected parties in accordance with applicable data protection laws and within the required timeframes.

7. Contact

Security concerns: info@lintio.org