Security
Last updated: July 11, 2026
Security is fundamental to Codlinh10. Our customers trust us with their business messaging and customer data — we take that responsibility seriously at every layer of our infrastructure and operations.
Encryption
- TLS 1.3 for all data in transit — website, APIs, and webhooks
- AES-256 encryption for all data at rest
- WhatsApp messages are end-to-end encrypted by Meta's infrastructure
- Database encryption with managed keys
Access controls
- Role-based access control (RBAC) — principle of least privilege
- Mandatory multi-factor authentication (MFA) for all team members
- Regular access reviews and removal of stale access
- Separate production and development environments
- Privileged access management with full audit logging
Network security
- Web Application Firewall (WAF) — protection against OWASP Top 10
- DDoS protection at network and application layers
- Private networking between services — minimal public exposure
- Intrusion detection and network anomaly monitoring
- Regular penetration testing
Application security
- Static Application Security Testing (SAST) on every code commit
- Software Composition Analysis (SCA) — dependency vulnerability scanning
- Secrets scanning to prevent credential exposure
- Security code review for all production changes
- Regular third-party security assessments
Data residency & backup
- Indian customer data stored in India-region data centres
- Automated daily backups with point-in-time recovery
- Cross-region backup replication for disaster recovery
- Recovery Time Objective (RTO): 4 hours
- Recovery Point Objective (RPO): 1 hour
Incident response
- 24/7 security monitoring with automated alerting
- Documented incident response playbooks
- Customer notification within 72 hours of confirmed data breach
- Post-incident reviews and remediation tracking
- Security incident log maintained for 1 year
Employee security
- Background verification for all employees with access to customer data
- Security awareness training on joining and annually thereafter
- Signed confidentiality and data protection agreements
- Clean desk and screen lock policies
- Immediate access revocation on employee offboarding
Certifications and audits
SOC 2 Type II — In Progress
We are working toward SOC 2 Type II certification. Our audit is currently scheduled. In the meantime, we are happy to share our security questionnaire responses and provide a dedicated security review for Enterprise prospects.
Vulnerability disclosure
If you discover a potential security vulnerability in Codlinh10's systems, please report it responsibly to security@codlinh10.in. Include:
- Description of the vulnerability and potential impact
- Steps to reproduce the issue
- Any proof-of-concept code or screenshots
We will acknowledge your report within 48 hours and provide a resolution timeline. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We do not currently offer a bug bounty program but we genuinely appreciate responsible disclosure.
Security contact
Security issues: security@codlinh10.in
General security questions: security@codlinh10.in