Sign In
Get Started
Search
⌘K
Get Started
Platform
Dashboard
Developer Guides
API Reference
UI Widgets
Providers
Legal
Flow
Changelog
Roadmap
For Companies & Schools

How We Secure Your Data

Amanda Goodson
By Amanda Goodson
Unknown Date
Copy Markdown
Report an Issue

At Edlink, we take protecting your data seriously. Our layered approach to security ensures that every part of our platform is built to guard against risks while staying fully compliant with industry standards. From encryption to access controls, we've put strong measures in place to safeguard your data and give you peace of mind.

Compliance

Edlink is SOC-2 compliant, which means we follow strict controls to keep your data secure, available, and confidential. We also undergo regular independent audits to back up our commitment to transparency and accountability.

Here's what this means for you:

  • SOC 2 Controls: We meet all the necessary standards to handle your data securely, maintain operational resilience, and enforce access controls.
  • Regulatory Compliance: Alongside SOC 2, we align with GDPR and FERPA to meet the legal requirements of your industry.

Encryption and Data Protection

Encryption is a cornerstone of how we keep your data secure. We use AES-256 encryption—the gold standard—for all data, whether it's at rest or in transit. Our encryption keys are securely managed and regularly rotated to protect against unauthorized access. Additional safeguards include:

  • Secure Backups: We back up data daily, store it in geographically separate locations, and encrypt it just as securely as live data.
  • Multi-Factor Authentication (MFA): MFA is required for all system access, reducing the risk of breaches due to compromised credentials.

Access Control

We follow a "least privilege" approach to system access—employees and contractors only get access to what they need for their work. Every access request goes through strict approvals and is monitored. Key features of our access controls:

  • Role-Based Permissions: Only specific team members with defined responsibilities get administrative privileges.
  • Temporary Access: Access is granted for limited time periods and automatically revoked when it's no longer needed.
  • Activity Logging: All system activity is logged and reviewed to detect any issues or anomalies.

Monitoring and Incident Response

We continuously monitor our systems using tools like Google Cloud Security Command Center and Datadog to ensure everything stays secure and running smoothly. If there's ever an issue, our Incident Response Plan provides clear steps for identifying and resolving it quickly.