All data encrypted at rest and in transit using AES-256-GCM. TLS 1.3 enforced on all API connections. No plaintext credentials ever stored.
API credentials are hashed using bcrypt. Lynqx never stores your bank credentials in plaintext. Keys are scoped, rotatable, and revocable per entity.
Independently audited by a Big 4 firm annually. Covers security, availability, processing integrity, confidentiality, and privacy. Report available under NDA.
Every API call, configuration change, and user action is immutably logged with timestamp, user identity, IP, and request payload. Exportable for compliance.
Granular permissions per user, per entity, per API scope. MFA enforced on all console access. SSO via SAML 2.0 and OIDC available on Enterprise.
All infrastructure runs in isolated VPCs with no public database exposure. Private Link available for Enterprise. IP allowlisting supported on all plans.
Quarterly penetration tests by independent security firms. Results shared with Enterprise customers. Responsible disclosure programme active.
Choose your data region: India, Singapore, UAE, EU, or US. All financial data stays within your chosen region. No cross-border transfer without explicit consent.
Defined SLA for security incidents: P0 acknowledged in 15 minutes, P1 in 1 hour. Customer notification within 24 hours of any breach. Post-mortems published.
Compliance by region
Built for regulated markets.
Banking infrastructure in emerging markets means navigating a patchwork of regulations. Lynqx maintains active compliance programmes in every market we operate in.
Request compliance documentationNeed our security documentation?
SOC 2 report, penetration test results, DPA, and compliance docs available under NDA for enterprise evaluations.