document id · SEC-v3.1 · 2026-04-12effective · soc 2 type ii
Security overview
Architecture summary, control inventory, incident-response timeline. The full SOC 2 Type II report is available under NDA to enterprise workspaces.
§1Posture
xlinked is designed read-only by construction: the node binary has no POST verb to LinkedIn. Session material is encrypted at rest (AES-256-GCM via our infrastructure providers). TLS 1.3 everywhere on the wire. SOC 2 Type II audit completed Q1 2026 — report available under NDA to enterprise workspaces.
§2Control inventory (summary)
| control | status |
|---|---|
| access · SSO + 2FA enforced for staff | operating |
| change management · PR review + CI | operating |
| vulnerability scanning · weekly | operating |
| backup · RPO 1h · RTO 4h | operating |
| penetration test · annual third party | 2026-03 passed |
§3Incident response
- T+0 — on-call acknowledges P1 within 15 minutes.
- T+4h — containment and customer notification for data-impacting events.
- T+72h — regulatory notification where required (GDPR Art. 33).
Report vulnerabilities: security@xlinked.app (PGP key on request).