Bank-grade security, evidenced by default.
Missing Linx™ protects the systems that protect accounts. Every control is designed to pass a Tier 1 bank's vendor review.
Certifications & frameworks
SOC 2 Type II
AICPA — Security, Availability, Confidentiality
In audit window
ISO/IEC 27001
Information security management system
Roadmap Q3
PCI DSS Level 1
Payment card data handling
Service provider scope
GDPR
EU General Data Protection Regulation
Aligned — DPA available
CCPA / CPRA
California Consumer Privacy Act
Aligned
PSD2 SCA
EU Payment Services Directive 2
Compatible
How we protect customer data
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest, customer-scoped keys via envelope encryption.
Least-privilege access
SSO + hardware MFA, scoped IAM roles, just-in-time access with full audit trail.
Isolated tenancy
Enterprise customers can opt into single-tenant or in-VPC deployments in US, EU and APAC regions.
Hash-chained ledger
Every risk decision is SHA-256 chained to the previous, producing tamper-evident, exportable evidence for auditors and regulators.
Data residency
Pin processing and storage to the US, EU or APAC. No cross-region replication without explicit consent.
Continuous monitoring
24/7 SOC, EDR on every host, anomaly detection on the control plane, weekly penetration testing.
Sub-processors & legal
- Data Processing Addendum (DPA)Available on request
- Standard Contractual Clauses (SCCs)Included with DPA
- Sub-processor listNotified 30 days before any change
- Responsible disclosuresecurity@missinglinx.example