EU Data Hosting
Servers located in Europe
Encrypted in Transit
TLS 1.3 encryption
Encrypted at Rest
Database-level TDE
Privacy-First
No third-party tracking
Our Security Commitment
At LynxPrompt, security is not an afterthought—it's foundational to how we build and operate our platform. We implement industry-standard security measures to protect your data, your blueprints, and your privacy.
Infrastructure Security
European Union Data Residency
All primary data is stored on servers physically located in the European Union. This ensures your data benefits from strong EU data protection laws and never leaves European jurisdiction without appropriate safeguards.
Network Security
Our infrastructure is protected by Cloudflare's enterprise-grade DDoS protection and Web Application Firewall (WAF). Rate limiting is implemented at both edge and application levels to prevent abuse.
Internal Network Isolation
Database servers are not exposed to the public internet. All internal services communicate over encrypted private networks with strict access controls.
Data Encryption
Encryption in Transit
All data transmitted between your browser and LynxPrompt is encrypted using TLS 1.3, the latest and most secure version of the Transport Layer Security protocol. We enforce HTTPS on all connections and use HSTS (HTTP Strict Transport Security) headers.
Encryption at Rest
User data is encrypted at rest using Transparent Data Encryption (TDE) at the database level. This means your account information, sessions, API tokens, and other sensitive data are encrypted on disk using AES-256 encryption, protecting against unauthorized access to physical storage or database files.
Secure Headers
We implement comprehensive security headers including Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and Referrer-Policy to protect against common web vulnerabilities like XSS and clickjacking.
Authentication Security
OAuth 2.0 Authentication
We use secure OAuth 2.0 authentication via trusted providers (GitHub, Google). We never see or store your passwords from these providers—authentication is handled entirely by them using industry-standard protocols.
Passkeys (WebAuthn)
LynxPrompt supports passkeys—the most secure form of authentication available. Passkeys are phishing-resistant, use biometric verification, and eliminate the risks associated with passwords entirely.
Magic Links
Our passwordless email authentication uses secure, time-limited magic links. Links expire after a short period and can only be used once, reducing the attack window for potential interception.
Session Security
Sessions are protected with secure, HTTP-only cookies that cannot be accessed by JavaScript. CSRF tokens protect against cross-site request forgery attacks. Sessions automatically expire after periods of inactivity.
Payment Security
Stripe Payment Processing
All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor—the highest level of certification in the payment industry. We never see, store, or have access to your full credit card numbers. Payment data goes directly to Stripe's secure servers.
Privacy-First Infrastructure
Self-Hosted Analytics (Umami)
We use Umami, a privacy-focused analytics solution that we self-host on our own EU servers. It's completely cookieless, doesn't track individuals across sessions, and no data is shared with third parties. You cannot be personally identified through our analytics.
Self-Hosted Error Tracking (GlitchTip)
Error tracking is handled by GlitchTip, which we self-host on EU servers. Error data stays within our infrastructure and is automatically deleted after 90 days. No error data is sent to third-party services.
No Third-Party Tracking
LynxPrompt does not use Google Analytics, Facebook Pixel, or any other third-party tracking services. We don't sell your data, and we don't share it with advertisers. Your usage data stays with us.
Operational Security
Access Controls
Administrative access to production systems is restricted to authorized personnel only. Access is protected by VPN and SSH key authentication. We follow the principle of least privilege—team members only have access to the systems they need.
Regular Backups
Database backups are performed regularly and stored securely. Backup procedures are tested to ensure data can be recovered in case of incidents. Backups are retained according to our data retention policy.
Dependency Management
We regularly update our dependencies to patch known vulnerabilities. Our build process includes security scanning to identify and address potential issues before deployment.
Compliance
GDPR Compliance
LynxPrompt is fully compliant with the General Data Protection Regulation (GDPR). We provide data access, rectification, erasure, and portability rights. Data deletion requests are processed within 30 days.
Data Processing Agreements
For business customers who need formal data processing documentation, we provide a Data Processing Agreement (DPA) that meets GDPR requirements.
Subprocessor Transparency
We maintain a complete list of third-party services that process data on our behalf in our Privacy Policy. Each subprocessor is vetted for GDPR compliance and appropriate data protection measures.
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly to [email protected]. We take all reports seriously and will investigate promptly. Please do not disclose vulnerabilities publicly until we've had a chance to address them.
Questions?
If you have questions about our security practices or need additional information for your compliance requirements, please contact us at [email protected].
Related Documents
- Privacy Policy – How we collect and process your personal data
- Data Processing Agreement – For business customers who need formal DPA documentation
- Cookie Policy – Details on our minimal cookie usage
- Terms of Service – Rules for using LynxPrompt