Security
Last updated: January 15, 2025
At LYYNX LLC, security is fundamental to everything we do. We understand that protecting your data and maintaining the integrity of our systems is crucial for building trust and delivering reliable AI solutions for the retail industry.
1. Our Security Commitment
We are committed to implementing and maintaining comprehensive security measures that protect your data, our platform, and our customers' business operations. Our security approach encompasses technical, operational, and organizational safeguards.
2. Data Security Measures
Encryption at Rest and in Transit
All data is encrypted using industry-standard AES-256 encryption when stored and TLS 1.3 when transmitted between systems.
Access Controls
We implement role-based access controls (RBAC) and multi-factor authentication (MFA) to ensure only authorized personnel can access sensitive data.
Data Minimization
We collect and process only the minimum amount of data necessary to provide our services and delete data when it's no longer needed.
Secure Backups
Regular encrypted backups are maintained with geographic redundancy to ensure data availability and business continuity.
3. Infrastructure Security
3.1 Cloud Security
Our infrastructure is built on leading cloud platforms that provide enterprise-grade security, including:
- SOC 2 Type II certified data centers
- Physical security and environmental controls
- Network security and DDoS protection
- Regular security audits and compliance certifications
3.2 Application Security
Our applications undergo rigorous security testing, including:
- Static and dynamic application security testing (SAST/DAST)
- Penetration testing by third-party security experts
- Code reviews and secure development practices
- Vulnerability scanning and management
4. Operational Security
4.1 Security Monitoring
We maintain 24/7 security monitoring with:
- Real-time threat detection and response
- Security information and event management (SIEM)
- Intrusion detection and prevention systems
- Automated security alerts and incident response
4.2 Incident Response
Our incident response program includes:
- Defined incident response procedures
- Trained security response team
- Regular incident response drills
- Communication protocols for security events
5. Employee Security
5.1 Security Training
All employees receive comprehensive security training covering:
- Data protection and privacy principles
- Secure coding practices for developers
- Social engineering and phishing awareness
- Incident reporting procedures
5.2 Background Checks
We conduct appropriate background checks for all employees with access to sensitive systems and data, in compliance with applicable laws and regulations.
6. Compliance and Certifications
We maintain compliance with relevant security standards and regulations:
- SOC 2 Type II: Annual audits of our security controls
- GDPR: Compliance with European data protection regulations
- CCPA: Compliance with California privacy laws
- ISO 27001: Information security management system certification (in progress)
7. Third-Party Security
We carefully evaluate and monitor the security practices of our third-party vendors and partners through:
- Security assessments and due diligence
- Contractual security requirements
- Regular security reviews and audits
- Incident notification requirements
8. Data Breach Response
In the unlikely event of a data breach, we have established procedures to:
- Immediately contain and assess the incident
- Notify affected customers within 72 hours
- Coordinate with law enforcement if required
- Provide regular updates on remediation efforts
- Conduct post-incident reviews to prevent future occurrences
9. Customer Responsibilities
While we implement comprehensive security measures, customers also play a role in maintaining security:
- Use strong, unique passwords for accounts
- Enable multi-factor authentication when available
- Keep software and systems updated
- Report suspected security incidents promptly
- Follow best practices for data handling
10. Continuous Improvement
Security is an ongoing process. We continuously improve our security posture through:
- Regular security assessments and audits
- Staying current with emerging threats and technologies
- Participating in security research and industry forums
- Implementing feedback from security experts
- Regular updates to security policies and procedures
11. Transparency
We believe in transparency about our security practices. We regularly publish:
- Security documentation and policies
- Compliance certifications and audit reports
- Security incident summaries (when appropriate)
- Updates to our security measures
12. Contact Our Security Team
If you have security-related questions or need to report a security issue, please contact our security team:
Security Email: security@lyynx.ai
For urgent security issues: Include "URGENT SECURITY" in the subject line
Response Time: We respond to security inquiries within 24 hours
For responsible disclosure of security vulnerabilities, we offer recognition and, where appropriate, rewards for valid security findings.