Trust & Safety
Security
How we protect your data and how to report security vulnerabilities.
Our security practices
Encryption in transit and at rest
All data transmitted between your browser and Linkport is encrypted using TLS 1.3. Data stored on our servers is encrypted at rest using AES-256.
OAuth — no password storage
Linkport uses LinkedIn's OAuth 2.0 — we never see or store your LinkedIn password. OAuth tokens are stored encrypted and rotated regularly. [Token rotation policy placeholder — TBD in Round 3].
Infrastructure in Germany
Our servers are located in Germany (Berlin region), subject to GDPR and German data protection law. [Hosting provider: Hetzner — Placeholder, confirm before launch].
Principle of minimal access
Linkport requests only the LinkedIn API scopes strictly required to display your analytics and schedule your content. We do not request write access beyond post scheduling. [Exact scopes TBD during LinkedIn API review].
Responsible disclosure
If you discover a security vulnerability in Linkport, we ask that you disclose it to us responsibly. Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and address it.
We commit to acknowledging your report within 72 hours and providing a resolution timeline within 14 days for critical issues.
Report a security issue
Please include: a description of the vulnerability, steps to reproduce, affected component, and your contact information.
security@kaxtus.comPGP key available on request. [Key fingerprint placeholder — TBD]
Bug bounty
Linkport does not currently operate a formal bug bounty program. We appreciate responsible disclosure and will publicly acknowledge researchers who report valid vulnerabilities (with their permission). [Bug bounty program placeholder — may be introduced post-launch].