Data Security Practices
Last updated: January 15, 2025
At LinksForYou.Fun, we take data security seriously. This page outlines our security measures, practices, and commitments to protecting your information.
Encryption & Transport Security
All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3 protocol, ensuring end-to-end security.
Passwords are hashed using bcrypt with salt before storage. We never store plain-text passwords and cannot retrieve your original password.
Sensitive data stored in our databases is encrypted at rest using AES-256 encryption standards.
Data Storage & Access Control
- ✓Role-Based Access Control (RBAC): Access to data is strictly limited based on job function and necessity
- ✓Row-Level Security: Database queries automatically filter data based on user permissions using Supabase RLS policies
- ✓Secure Data Centers: Data is hosted on enterprise-grade infrastructure with physical security and redundancy
- ✓Regular Backups: Automated daily backups with 30-day retention and encrypted storage
Authentication & Session Security
Secure Session Management: HTTP-only cookies prevent XSS attacks and session hijacking
Token Refresh: Authentication tokens automatically expire and refresh to limit exposure risk
Login Monitoring: Suspicious login attempts trigger security alerts and temporary lockouts
Device Fingerprinting: Unusual device or location access prompts additional verification
Threat Detection & Prevention
We employ multiple layers of security to protect against threats:
Security Monitoring
- 24/7 automated monitoring for unusual activity patterns
- Real-time alerts for potential security incidents
- Regular security audits and vulnerability assessments
- Logging of all administrative actions for audit trails
- Incident response team ready to address breaches within hours
Third-Party Security
We carefully vet all third-party services:
- Supabase: SOC 2 Type II certified, GDPR compliant database and authentication
- Vercel: Enterprise-grade hosting with DDoS protection and global CDN
- Ad Networks: Only reputable, vetted advertising partners with security standards
Security Limitations
While we implement robust security measures, users should understand:
- No system is 100% secure; zero-day vulnerabilities can emerge unexpectedly
- User account security depends partly on password strength and account practices
- We are not responsible for security of destination websites accessed through our links
- Social engineering attacks targeting users directly are outside our control
Your Security Responsibilities
✓ Use strong, unique passwords - Avoid reusing passwords from other sites
✓ Enable two-factor authentication - When available, use 2FA for added protection
✓ Keep devices secure - Use updated software and antivirus protection
✓ Be cautious of phishing - Verify emails claiming to be from us before clicking links
✓ Report suspicious activity - Contact us immediately if you notice unauthorized access
Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify affected users within 72 hours of discovery (as required by GDPR)
- Provide details about what information was compromised
- Explain steps we're taking to address the breach
- Recommend actions you should take to protect yourself
- Report to relevant authorities as required by law
Security Contact
To report security vulnerabilities or concerns:
Email: afhamyt777@gmail.com
Subject: Security Issue
We appreciate responsible disclosure and will acknowledge reports within 48 hours.
Security Updates
We continuously improve our security posture by staying current with best practices, updating dependencies regularly, conducting periodic security reviews, and implementing new protective measures as threats evolve.