Exlink

Lulo Solutions LLC

Security Policy

Version 2.0 Last Updated: June 20, 2024

This Security Policy, originally published as a standalone document, has been superseded in its entirety by Section 15 of the Terms of Service, effective June 20, 2024. As of that date, this standalone Security Policy is no longer in effect and carries no independent legal force.

For the current and binding security provisions governing the Exlink platform, please refer to the Terms of Service, Section 15.

The Terms of Service, Section 15 addresses the following subject matter:

(a) Data Protection Standards. The commercially reasonable organizational and technical measures maintained by the Company, including need-to-know access limitations, multi-factor authentication, and individually assigned SSH keys.

(b) Data Encryption. The use of AES 256-bit encryption for all data both in transport and at rest.

(c) Network, Physical, and Environmental Controls. The implementation of security patch assessment procedures, privileged access monitoring, VPN requirements, and adherence to industry best practices for infrastructure security.

(d) AWS Infrastructure. The operation of the platform on Amazon Web Services infrastructure with AES-256 encryption applied to data both in transit and at rest.

(e) Security Assessments. The conduct of regular penetration testing by independent third-party security experts to identify and address vulnerabilities.

(f) Incident Response. The obligation to notify the Client’s designated security contact within twenty-four (24) hours of any confirmed unauthorized access to Client data.

(g) Business Continuity. The maintenance of a disaster recovery plan with failover redundancy for systems, networks, and data storage to ensure continuity of service.

(h) Personnel Management. The requirements for employment verification, confidentiality training, continuous monitoring of personnel, and the immediate disabling of access upon termination of employment.

(i) Secure Software Development. The practices employed to protect software from tampering, minimize vulnerabilities, and ensure the timely remediation of identified security issues.

All questions regarding security practices should be directed to security@exlink.org.