This page gives a high-level view of the current security posture and operational controls visible in the product. It is intentionally factual and conservative rather than certification-led marketing copy.
Linxis is built around authenticated user accounts, tenant-aware application access, signed API request support for protected integration flows, CSRF protection in browser authentication and state-changing account actions, and sync-job status/history that helps teams review failures, callbacks, and retries.
Browser access is handled through Symfony authentication. Login uses CSRF validation, and the application can support remember-me sessions for returning users.
API access in the current application uses bearer credentials, and signed request flows can additionally validate HMAC signatures and timestamps before accepting protected requests.
Authenticated users operate inside a tenant-aware application context, which helps keep dashboard, onboarding, billing, and sync data scoped to the correct customer workspace.
Linxis keeps operational records for sync jobs, including status changes, callback outcomes, retry paths, and usage-related signals. This helps teams investigate failures instead of treating exports as a black box.
Billing and payment flows rely on third-party providers and dedicated webhook handlers. Customer-authorised integrations such as Magento and QuickBooks remain an important part of the overall data path.
Public vendor references are listed on the Subprocessors page.
If your team needs a DPA, subprocessors list, or a security walkthrough before approval, use the public documents on this site as the starting point and contact Linxis for anything contract-specific.
If you need a vendor review conversation or a deeper explanation of how the current application works, contact Linxis directly.
support@linxis.uk
WhatsApp 07946 233556
