▌ 01
If you're a client
Use the incident channel in your runbook, or escalate directly to your engagement lead. Off-hours, email security@novalinklabs.com — monitored 24/7 for client incidents.
§ Security
Posture & practice
Security at Novalink Labs.
Cybersecurity is one of our three pillars — we run it for clients, and we apply the same discipline to our own systems. This is how.
§ 01
What we commit to
How we approach security
▌ Posture management
We treat security posture as continuous, not a once-a-year audit. Perimeter, identity, data and endpoint layers are scoped, monitored and tightened as part of normal operations.
▌ Monitoring & response
Where we operate systems for clients, we instrument them for visibility — log collection, alerting and runbooks for the incidents that matter. We default to least-privilege access and audited credentials.
▌ Compliance-ready
We design engagements with audit-readiness in mind, even when formal certification isn't in scope. Access controls, change records and incident logs are kept in shape so an auditor never finds the cupboard bare.
▌ Vendor & supply chain
We're deliberate about the third-party tools we depend on. Critical vendors are reviewed for their own security posture, data-handling practices and incident history before they touch client systems.
§ 02
Report an issue
How to reach our security team
▌ 02
If you're a researcher
Found a vulnerability in novalinklabs.com or a product we own? Email security@novalinklabs.com with reproduction steps. We don't pursue good-faith research and aim to acknowledge within 2 business days.