Last updated: May 9, 2026

Security — filxo Links

This overview describes baseline security posture for filxo Links; it complements our Privacy Policy and Terms. It does not waive liability caps or disclaimers spelled out there.

1. Confidentiality & transit

  • Public dashboards and canonical web surfaces rely on HTTPS/TLS to protect payloads in transit between browsers and our edge/origin stacks.
  • Short-links and redirects pass through hardened infrastructure layered with CDN / worker controls where deployed.
  • Download delivery uses signed-origin policies on object storage gateways to reduce hotlink leakage; presigned uploads expire quickly.

2. Authentication

  • Passwords undergo strong one-way hashing; we never persist raw secrets.
  • Short-lived access tokens minimize exposure versus long-lived static keys on the dashboard.
  • Refresh sessions rotate and can be invalidated per device or wholesale via “sign out everywhere” flows implemented in-product.

3. Integrity & availability

  • Background workers execute queue jobs with timeouts; failures retry with backoff to avoid cascading outages.
  • Rate limits constrain abusive signup or brute-force bursts.
  • Housekeeping deletes expired objects and orphaned drafts pursuant to SLA-like windows described internally but communicated via retention statements.

4. Telemetry & observability without oversharing

  • Analytics aggregates may hash or truncate IPs before persistence to reduce reversible identification.
  • Structured logs segregate privileged operator actions from anonymous link fetch logs.

5. Your responsibilities

  • Maintain device hygiene; log out from shared computers.
  • Do not disclose presigned PUT URLs—they grant time-limited upload rights.
  • Report suspected hijacks swiftly to minimize blast radius.

6. Coordinated vulnerability disclosure

We invite good-faith security research. Submit findings with reproducible PoC, impacted components, and suggested severity to security@filxo.com. Encrypt if your material is sensitive—we will reciprocate keys on request where appropriate.

  • Please allow us reasonable remediation time before coordinated public disclosure (~90 calendar days absent mutual extension).
  • Do not degrade production availability, scrape private user data broadly, violate law, ransom us, publicly shame before contact window closes.
  • No fee is guaranteed; we acknowledge researchers in bulletins where appropriate.

7. Incident response

Potential incidents route through severity rubrics, executive notification thresholds, containment, eradication, customer notice when likely material under law, regulators when jurisdiction demands, voluntary security bulletins afterward.

8. Regulatory mapping (non-binding)

While not SOC2 or ISO-certified today, governance templates align SOC2 TSC mapping for future attestation backlog. Procurement teams may request detailed questionnaires offline.