Security

This overview offers answers to common questions about Linkr’s security.

Our product, processes and systems are designed to protect our users and data. Linkr’s software engineers complete regular API reviews and code reviews to address security issues upfront. In addition, a full suite of tests are automatically performed on an ongoing basis to verify each security measure’s functionality.

The Linkr team is currently working on a Higher Education Community Vendor Assessment Toolkit (HECVAT) and will attach the documentation here as soon as the process is completed.

In the meantime, here is an overview of how Linkr approaches security:


Privacy

  • Linkr has been designed following “Privacy by Design” guidelines.
  • The only personal information Linkr collects are a username and email address; these can be deleted at the user’s request
  • Linkr usernames can be pseudonyms.
  • Ownership of the content submitted by any user to Linkr remains the property of said user.
  • Each Linkr user controls the visibility of their content.
  • Privacy settings can range from “private” to “public”.
  • Linkr does not allow any advertising.
  • Linkr does not share data with any third parties.
  • Entire user account can be deleted at the user’s request.

Read more about Linkr's commitment to Data Privacy.


Data Storage

  • Linkr’s physical servers are on Microsoft Azure and are only accessible to those with security clearance.
  • Linkr’s databases are secured with web roles that have appropriate read and write access.
  • Stored data is encrypted, using access keys, passwords and “salts”, key strings that are not decryptable, for password generation.

Data Hosting

  • Linkr web apps are hosted “as a service” in Microsoft Azure; these are not accessible to those without security clearance from Microsoft. However, performance and scalability can be managed.
  • All data is transported through SSL funnels (https).

Data Authentication & Protection

  • We use a Bearer token distribution to authenticate users. Those tokens are created in an Identity server app to centralize all token distribution in a single access point.
  • This Identity server uses OAuth 2 authentication framework combined with OpenId Connect to authorize Linkr’s software to access and write data.
  • Linkr uses DDoS attack protection with Cloudflare to prevent server failure in the case of hack or brute force attack.
  • Linkr’s source code is hosted on Visual Studio Team Services, under a GITs repository only accessible to the associated developer.

For further technical specifications, please contact support@linkreducation.com.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us