Security

Last updated: June 4, 2026

Security is foundational to Carlink. Brokerages run their entire operation — leads, orders, payments, and customer data — on our platform, and we design our systems to protect that data. This page summarizes the technical and organizational measures we use.

1. Data Encryption

• In transit: All traffic to and from the platform is encrypted using TLS.
• At rest: Databases and backups are encrypted at rest by our hosting providers.

2. Access Control

• Authentication is enforced via signed tokens (JWT) with role-based authorization.
• Internal access to production systems follows the principle of least privilege.
• Each tenant’s data is logically isolated so that one customer cannot access another’s data.

3. Infrastructure

• The platform runs on reputable cloud infrastructure with managed PostgreSQL and Redis.
• Secrets and credentials are stored outside of source control and scoped per environment.
• Background jobs and real-time updates run on isolated, monitored services.

4. Monitoring & Reliability

• Systems are monitored with metrics and tracing for availability and performance.
• Automated backups are taken regularly to support recovery.
• Live service status is published at status.carlink.pro.

5. Payments

Card payments are handled through established payment processors. Carlink does not store full card numbers on its own servers; sensitive payment data is handled by our payment partners.

6. Data Handling

How we collect, use, and retain personal data is described in our Privacy Policy and, for customers, our Data Processing Agreement.

7. Responsible Disclosure

If you believe you have found a security vulnerability, we want to hear from you. Please email us with details and steps to reproduce, and allow us reasonable time to investigate and remediate before public disclosure. We will not pursue action against good-faith research.

Email: info@carlink.pro
Phone: (818) 337-0699