Skip to content
EclusiveLink

Security

Secure link in bio, ready for your IT review.

If you are the person who signs off on new vendors, this page is for you. It states plainly how ExclusiveLink handles encryption, access, availability and personal data, and what we will do to support your review. No badges, no vague claims: just the controls, in writing.

01Encryption and hosting

Encrypted in transit, encrypted at rest

Creator pages carry audience emails and click records. We treat both as sensitive by default.

In transit

All traffic is served over HTTPS with TLS 1.2 or higher, including custom domains, which get certificates issued and renewed automatically. Plain HTTP is redirected, never answered.

At rest

Databases and backups are encrypted at rest with AES-256. Credentials and API keys are stored hashed or in a managed secrets store, never in code or logs.

EU hosting option

Enterprise customers can choose EU data hosting, keeping audience data and click records in EU regions to simplify transfer assessments.

02Access control

The right people, the right pages, on the record

SSO and SAML

Enterprise plans support single sign-on via SAML 2.0, so access follows your identity provider: joiners, movers and leavers included.

Roles and permissions

Studio and Enterprise teams assign per-seat roles, so an editor can update links without touching billing, domains or exports.

Audit log

Sign-ins, permission changes, exports and destructive actions are written to an audit log your admins can review, useful for both incident response and campaign reconciliation.

03Availability and data protection

Your bio link is your storefront. It stays up.

Enterprise agreements carry a 99.9% uptime SLA with service credits, backed by redundant infrastructure and monitored around the clock. A page that is down during a drop is revenue lost, and we write that obligation into the contract.

On data protection: we act as a processor for the audience data your pages collect, we sign a Data Processing Agreement on request, and we support GDPR rights requests end to end. Audience data is exportable as CSV at any time and deleted on instruction. We do not sell or share it.

At a glance

  • TLS 1.2+ in transit, AES-256 at rest
  • SSO/SAML on Enterprise
  • Per-seat roles and permissions
  • Audit log of sensitive actions
  • 99.9% uptime SLA on Enterprise
  • DPA and GDPR support
  • EU data hosting option
  • CSV export and deletion on instruction

04Working with your reviewers

We do the paperwork with you, not at you

Security review support

Running a vendor assessment? We complete security questionnaires, walk your reviewers through our architecture and controls on a call, and provide the DPA and subprocessor list your procurement process needs. Agencies and talent organizations do this with us routinely: see link in bio for agencies for how rosters run on ExclusiveLink, and the link in bio pricing page for what each plan includes.

Talk to sales

Responsible disclosure

If you believe you have found a vulnerability, email [email protected] with steps to reproduce. We acknowledge reports within one business day, keep you informed while we fix, and credit reporters who want credit. Please do not test against creator pages that are not your own.

We do not currently claim third-party certifications, and you will not find invented badges on this page. What we will do is show you the controls above, in as much detail as your review requires.

Cleared for entry

A link your audience trusts, and your IT team signs off on.

Talk to sales