Security at Sinkto.Link

At Sinkto.Link, security is a core value, not an afterthought. We've built our platform with a security-first mindset, implementing industry best practices at every layer of our infrastructure and application.

Our comprehensive security program includes:

• End-to-end data encryption
• Robust authentication mechanisms
• Regular security audits and penetration testing
• Continuous monitoring for suspicious activities
• Employee security training and awareness

This page provides an overview of our security practices. If you have specific questions or concerns, please contact our security team.

Protecting your data is our highest priority. We employ multiple layers of encryption and access controls to ensure your information remains secure.

Encryption

We encrypt your data using industry-standard protocols:

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites.
• Data at Rest: Your data is encrypted when stored in our databases using AES-256 encryption.
• Sensitive Information: Passwords and authentication tokens are hashed using bcrypt with appropriate work factors.

Data Access Controls

We implement strict access controls to limit who can access your data:

• Access to production systems is limited to authorized personnel only
• Role-based access control (RBAC) determines what actions team members can perform
• All access to sensitive data is logged and monitored
• Regular access reviews ensure that permissions remain appropriate

Data Retention

We retain your data only as long as necessary to provide our services or as required by law. Our retention policies are designed to minimize the storage of unnecessary data.

Our infrastructure is designed with multiple layers of security to prevent unauthorized access and ensure service availability.

Hosting Infrastructure

Sinkto.Link is powered by a modern, secure infrastructure stack:

• Vercel Platform: Our application is hosted on Vercel's globally distributed platform, providing automatic HTTPS, serverless architecture, and continuous deployment with built-in security checks
• Cloudflare Protection: We integrate Cloudflare's advanced security services including DDoS mitigation, bot protection, and Web Application Firewall (WAF)
• Edge Network: Content is served from edge locations around the world, ensuring both performance and resilience
• Immutable Deployments: Each deployment creates an immutable snapshot, enabling reliable rollbacks and preventing configuration drift

Network Security

• TLS 1.3 encryption for all data in transit
• Intelligent threat detection to identify and block malicious traffic
• Regular vulnerability scanning and penetration testing
• Rate limiting to prevent abuse and brute force attacks

Application Security

We implement multiple layers of security in our application:

• Secure coding practices and framework-level protections
• Strict Content Security Policy (CSP) implementation
• Regular dependency scanning for known vulnerabilities
• Automated security testing in our CI/CD pipeline

Monitoring and Incident Detection

Our platform is continuously monitored for security issues:

• Real-time monitoring of application and network metrics
• Automated alerting for unusual activity patterns
• Logging of security-relevant events
• Regular review of security logs and access patterns

Your account security is essential to protecting your data and links:

Authentication Methods

Sinkto.Link currently provides secure authentication through:

• Email and Password: Our current authentication system uses secure email and password verification
• Coming Soon: We plan to implement additional login options including Google and GitHub authentication for enhanced security and convenience

Password Security

• Secure Storage: All passwords are securely hashed using industry-standard algorithms before being stored in our database
• Password Reset: Secure password reset functionality with time-limited tokens sent to your verified email address

As a new platform, we take a practical approach to managing security vulnerabilities:

Security Practices

• Dependency Updates: We keep our software dependencies updated to incorporate security fixes
• Security Alerts: We monitor security alerts relevant to our technology stack
• Basic Security Testing: We perform fundamental security checks on our code and infrastructure

Issue Resolution

When security issues are identified, we follow a straightforward approach:

• Evaluate the severity and potential impact of the vulnerability
• Address critical security issues promptly
• Apply updates and patches from our technology providers
• Test fixes before deploying to production

As we grow, we're building our platform with compliance and best practices in mind:

Privacy Principles

We respect your privacy and strive to follow key principles:

• Collecting only the data necessary to provide our services
• Being transparent about how we use your information
• Giving you control over your data where possible
• Implementing reasonable security measures to protect your information

Compliance Efforts

While we're in the early stages of our compliance journey, we're working to align our practices with:

• Key principles of data protection regulations
• Industry-standard security practices
• Basic accessibility guidelines for our website

In the event of a security incident, we have a basic process to address it:

Basic Monitoring

We employ fundamental monitoring to help us detect potential issues:

• Vercel and Cloudflare platform alerts
• Error tracking for application issues
• Regular review of system logs

Response Steps

If we identify a security incident, we will:

1. Investigate to understand the nature and scope of the issue
2. Take immediate actions to contain the incident when possible
3. Implement necessary fixes to resolve the underlying problem
4. Review what happened to prevent similar issues in the future

Communication

In case of a security incident that affects your data:

• We will notify affected users in a timely manner
• Our notification will include information about what happened and what we're doing about it
• Where appropriate, we'll provide guidance on steps you can take to protect yourself

We appreciate the work of security researchers and the broader community in helping us maintain the security of our platform. If you discover a security vulnerability in our services, we encourage you to report it to us.

Responsible Disclosure

We follow a responsible disclosure policy:

• Report vulnerabilities directly to our security team, not publicly
• Provide sufficient information to reproduce and understand the issue
• Allow reasonable time for us to address the vulnerability before any public disclosure
• Do not exploit vulnerabilities beyond what is necessary to confirm the issue

How to Report

To report a vulnerability, please contact our security team:

• Email: security@sinkto.link
• Include "Security Vulnerability" in the subject line
• Encrypt sensitive information using our PGP key

Our Commitment

We commit to:

• Acknowledge receipt of your report within 24 hours
• Provide updates on our progress in addressing the vulnerability
• Not pursue legal action against reporters who follow our responsible disclosure policy
• Recognize your contribution (with your permission) once the issue is resolved