Linkana
PTEN
Sign inBook a demo
Security

Information Security Policy

Learn the practices and controls that protect your company information at Linkana.

Last updated:

Linkana is committed to protecting the security, confidentiality and integrity of information from our customers, partners and employees. This Public Information Security Policy describes, in a clear and accessible way, how we maintain a secure environment for data processing and operation of our services.

This public version reflects the principles and controls present in our complete Information Security Policy, which follows international standards such as ISO 27001, ISO 27017 and industry best practices.

1. Security Commitment

Linkana maintains a continuously improved Information Security Management System (ISMS), supported by company leadership and aligned with our strategic planning.

Our goal is to ensure that all data processed — our own, customers’ or partners’ — is protected against unauthorized access, misuse, loss, destruction or alteration.

2. Information Security Scope

Our security controls apply to:

  • information and data processed by Linkana;
  • our systems, platforms, applications and infrastructure;
  • corporate or personal devices used to access Linkana systems;
  • cloud environments used in our operations;
  • vendors and third parties processing data on our behalf.

We follow the shared responsibility model in cloud environments, ensuring that all providers used have robust security certifications and practices.

3. Technology Environment and Providers

Linkana operates in a primarily cloud-based environment, using providers with internationally recognized certifications, such as:

  • Heroku (AWS) – application hosting and execution;
  • CrunchyData (Crunchy Bridge PostgreSQL) – managed database with continuous backups and high availability;
  • Google Cloud (Workspace) – communication, productivity and corporate storage.

Each provider is periodically evaluated for security, compliance and service continuity.

4. Data Protection and Security Controls

To ensure security at all stages of information processing, we apply controls including, among others:

  • Encryption of data in transit and at rest;
  • Least-privilege access control ;
  • Multi-factor authentication (MFA) on critical systems;
  • Continuous monitoring, log recording and incident detection;
  • Secure development policy for the software lifecycle;
  • Anti-malware protection, updated antivirus and firewalls;
  • Risk management, with periodic assessments;
  • Continuous backup and disaster recovery mechanisms;
  • Compliance with privacy and data protection requirements, including LGPD, GDPR and other applicable laws.

5. Device Security and Remote Access

All devices (corporate or BYOD) used to access Linkana information must follow minimum security requirements, such as:

  • strong password or biometric authentication;
  • automatic lock after inactivity;
  • prohibition of account and device sharing;
  • updated antivirus;
  • use of VPN and other protection measures when working on public or remote networks.

Linkana applies the Clear Desk & Clear Screen policy, ensuring that sensitive information is not accessible unattended.

6. Cloud Security

As a Cloud Service Customer, we follow ISO 27017 standards to ensure:

  • secure environment configuration;
  • access and credential governance;
  • protection against vulnerabilities;
  • continuous oversight of provider compliance.

Each provider is responsible for infrastructure security; Linkana is responsible for security of hosted data, configurations and applications.

7. Security Incident Management

We maintain an Incident Response Process that includes:

  • immediate identification and analysis of incidents;
  • rapid communication to responsible teams;
  • impact mitigation;
  • communication to customers, authorities and partners when required by law or contract;
  • recording, root cause analysis and preventive actions.

All employees are instructed to immediately report any suspicion of incident or vulnerability.

8. Privacy and Data Protection

Linkana processes personal data in accordance with applicable laws, such as:

  • LGPD (Brazil) ;
  • GDPR (European Union and United Kingdom) ;
  • CCPA/CPRA (California) ;
  • other relevant international laws.

Our public privacy policy details:

  • categories of data collected;
  • processing purposes;
  • legal bases;
  • data subject rights;
  • sharing and international transfer practices;
  • DPO contact.

9. Training and Awareness

All employees receive periodic training on:

  • information security;
  • good practices for system and data usage;
  • privacy and data protection;
  • prevention of phishing, social engineering and fraud;
  • individual responsibility for information protection.

10. Working with Third Parties

Linkana evaluates vendors and partners with access to data or systems, ensuring:

  • contracts with specific security and privacy clauses;
  • adequate protection levels, compatible with our ISMS;
  • continuous reviews of compliance and performance.

11. Audit and Compliance

We conduct:

  • continuous monitoring;
  • internal audits;
  • external audits and compliance assessments (ISO 27001, ISO 27017, SOC 2, etc.);
  • periodic reviews of policies and practices.

Our complete Information Security Policy is reviewed at least once a year.

12. How to report security issues

If you identify or suspect any failure, incident, vulnerability or misuse involving Linkana information or systems, please contact us immediately: