Security

Lyniro Security — Data Storage, Encryption, Access Control, and GDPR

How Lyniro protects your data and your customers' information.

Data Storage

Where your data lives.

Where is my data stored?

All Lyniro data is stored in a PostgreSQL database hosted on AWS infrastructure in the South Asia (Mumbai) region via Supabase. Your data never leaves this region.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

Is my data isolated from other Lyniro customers?

Yes. Lyniro uses Row-Level Security (RLS) at the database level. This means every database query is automatically filtered so you only ever see your own workspace's data.

Even if two companies use Lyniro, it is architecturally impossible for one company to access another's data.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

Are there regular backups?

Yes. Your database is backed up daily automatically. Backups are retained for 7 days. If you ever need to restore data, contact help@lyniro.com.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

Authentication and Access

How access is controlled.

How are passwords stored?

Passwords are never stored in plain text. They are hashed using bcrypt via Supabase Auth. Lyniro staff have no access to your actual password.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

How are client magic links secured?

Each magic link contains a unique, one-time token generated with cryptographically secure randomness.

  • Tokens expire after 24 hours
  • Once clicked, the token is marked as used and cannot be clicked again
  • The token only grants access to the specific plan it was created for

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

How are API keys stored?

API keys are shown once at creation time and never again. After that, only a SHA-256 hash of the key is stored in the database. If you lose a key, revoke it and create a new one.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

Is data encrypted in transit?

Yes. All data in transit uses TLS 1.3 encryption. All connections to app.lyniro.com use HTTPS. Unencrypted HTTP connections are automatically redirected to HTTPS.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

GDPR and Compliance

Data privacy and your rights.

Is Lyniro GDPR compliant?

Lyniro is built with GDPR principles:

  • Data is stored in the region you choose
  • Users can request data deletion at any time
  • Passwords are hashed, not stored
  • Access is role-based and all admin access is logged
  • Client data is isolated per workspace

For a Data Processing Agreement (DPA), email help@lyniro.com.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

How do I request my data to be deleted?
1
Email help@lyniro.com with your workspace name and the request
2
We will confirm the deletion request by replying to your email
3
All your workspace data is permanently deleted within 30 days
4
This action cannot be reversed

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

Can Lyniro staff access my customer data?

Lyniro support staff can access your workspace data only when you specifically request help (for example, troubleshooting a plan issue). All staff access is logged with timestamp and reason.

We never share your data with third parties. See our Privacy Policy at lyniro.com/privacy for full details.

Still stuck? Email us at help@lyniro.com — we respond within 24 hours.

Still need help?

Our team responds within 24 hours on business days. For urgent issues, mark your subject [URGENT].

Email help@lyniro.com