Skip to main content
Codlinh10 — Multi-channel Business Messaging Platform

Security

Last updated: July 11, 2026

Security is fundamental to Codlinh10. Our customers trust us with their business messaging and customer data — we take that responsibility seriously at every layer of our infrastructure and operations.

Encryption

  • TLS 1.3 for all data in transit — website, APIs, and webhooks
  • AES-256 encryption for all data at rest
  • WhatsApp messages are end-to-end encrypted by Meta's infrastructure
  • Database encryption with managed keys

Access controls

  • Role-based access control (RBAC) — principle of least privilege
  • Mandatory multi-factor authentication (MFA) for all team members
  • Regular access reviews and removal of stale access
  • Separate production and development environments
  • Privileged access management with full audit logging

Network security

  • Web Application Firewall (WAF) — protection against OWASP Top 10
  • DDoS protection at network and application layers
  • Private networking between services — minimal public exposure
  • Intrusion detection and network anomaly monitoring
  • Regular penetration testing

Application security

  • Static Application Security Testing (SAST) on every code commit
  • Software Composition Analysis (SCA) — dependency vulnerability scanning
  • Secrets scanning to prevent credential exposure
  • Security code review for all production changes
  • Regular third-party security assessments

Data residency & backup

  • Indian customer data stored in India-region data centres
  • Automated daily backups with point-in-time recovery
  • Cross-region backup replication for disaster recovery
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 1 hour

Incident response

  • 24/7 security monitoring with automated alerting
  • Documented incident response playbooks
  • Customer notification within 72 hours of confirmed data breach
  • Post-incident reviews and remediation tracking
  • Security incident log maintained for 1 year

Employee security

  • Background verification for all employees with access to customer data
  • Security awareness training on joining and annually thereafter
  • Signed confidentiality and data protection agreements
  • Clean desk and screen lock policies
  • Immediate access revocation on employee offboarding

Certifications and audits

SOC 2 Type II — In Progress

We are working toward SOC 2 Type II certification. Our audit is currently scheduled. In the meantime, we are happy to share our security questionnaire responses and provide a dedicated security review for Enterprise prospects.

Vulnerability disclosure

If you discover a potential security vulnerability in Codlinh10's systems, please report it responsibly to security@codlinh10.in. Include:

  • Description of the vulnerability and potential impact
  • Steps to reproduce the issue
  • Any proof-of-concept code or screenshots

We will acknowledge your report within 48 hours and provide a resolution timeline. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We do not currently offer a bug bounty program but we genuinely appreciate responsible disclosure.

Security contact

Security issues: security@codlinh10.in
General security questions: security@codlinh10.in