Security
Secure link in bio, ready for your IT review.
If you are the person who signs off on new vendors, this page is for you. It states plainly how ExclusiveLink handles encryption, access, availability and personal data, and what we will do to support your review. No badges, no vague claims: just the controls, in writing.
01Encryption and hosting
Encrypted in transit, encrypted at rest
Creator pages carry audience emails and click records. We treat both as sensitive by default.
In transit
All traffic is served over HTTPS with TLS 1.2 or higher, including custom domains, which get certificates issued and renewed automatically. Plain HTTP is redirected, never answered.
At rest
Databases and backups are encrypted at rest with AES-256. Credentials and API keys are stored hashed or in a managed secrets store, never in code or logs.
EU hosting option
Enterprise customers can choose EU data hosting, keeping audience data and click records in EU regions to simplify transfer assessments.
02Access control
The right people, the right pages, on the record
SSO and SAML
Enterprise plans support single sign-on via SAML 2.0, so access follows your identity provider: joiners, movers and leavers included.
Roles and permissions
Studio and Enterprise teams assign per-seat roles, so an editor can update links without touching billing, domains or exports.
Audit log
Sign-ins, permission changes, exports and destructive actions are written to an audit log your admins can review, useful for both incident response and campaign reconciliation.
03Availability and data protection
Your bio link is your storefront. It stays up.
Enterprise agreements carry a 99.9% uptime SLA with service credits, backed by redundant infrastructure and monitored around the clock. A page that is down during a drop is revenue lost, and we write that obligation into the contract.
On data protection: we act as a processor for the audience data your pages collect, we sign a Data Processing Agreement on request, and we support GDPR rights requests end to end. Audience data is exportable as CSV at any time and deleted on instruction. We do not sell or share it.
At a glance
- TLS 1.2+ in transit, AES-256 at rest
- SSO/SAML on Enterprise
- Per-seat roles and permissions
- Audit log of sensitive actions
- 99.9% uptime SLA on Enterprise
- DPA and GDPR support
- EU data hosting option
- CSV export and deletion on instruction
04Working with your reviewers
We do the paperwork with you, not at you
Security review support
Running a vendor assessment? We complete security questionnaires, walk your reviewers through our architecture and controls on a call, and provide the DPA and subprocessor list your procurement process needs. Agencies and talent organizations do this with us routinely: see link in bio for agencies for how rosters run on ExclusiveLink, and the link in bio pricing page for what each plan includes.
Responsible disclosure
If you believe you have found a vulnerability, email [email protected] with steps to reproduce. We acknowledge reports within one business day, keep you informed while we fix, and credit reporters who want credit. Please do not test against creator pages that are not your own.
We do not currently claim third-party certifications, and you will not find invented badges on this page. What we will do is show you the controls above, in as much detail as your review requires.