AuthLN Security

Our Commitment to Security

AuthLN is built to protect identity systems against modern automated attacks. Our platform introduces Pay Factor Authentication (PFA) — an economic control on authentication designed to prevent automated abuse before it reaches protected systems.

Security is foundational to our platform architecture and operational practices. We implement industry-recognized security controls, encryption standards, and operational safeguards to protect customer data and system integrity.

AuthLN leverages trusted cloud infrastructure providers and supporting service providers to operate our platform. A current list of subprocessors is available upon request.

Security Controls

Security Architecture

AuthLN is a cloud-based identity security platform designed to integrate with existing enterprise identity providers such as Okta, Microsoft Entra ID, and Google Workspace without requiring organizations to replace their current identity infrastructure.

The platform consists of:

  • AuthLN Mobile Application

  • AuthLN Public APIs

  • Lightning Network payment verification infrastructure

  • Cloud-hosted backend services

All services are designed with secure-by-default architecture and defense-in-depth principles.

Foundational Security

Data Protection

Encryption in Transit

All network communications use TLS 1.2+ encryption to protect data in transit between clients, mobile devices, and AuthLN infrastructure.

Encryption at Rest

Sensitive system data stored within AuthLN infrastructure is encrypted using industry-standard encryption mechanisms provided by our cloud infrastructure provider.

Key Management

Encryption keys and secrets are managed through secure cloud key management systems and access-restricted secrets management systems.

Access Control

Access to AuthLN systems follows least-privilege access principles.

Controls include:

  • Role-based access control (RBAC)

  • Multi-factor authentication for administrative access

  • Secure credential management

  • Periodic access reviews

  • Audit logging of privileged actions

Access to production environments is restricted to authorized engineering personnel.

Infrastructure Security

AuthLN infrastructure is hosted within secure cloud environments with enterprise-grade physical and network security protections.

Infrastructure protections include:

  • Network segmentation

  • Firewalls and traffic filtering

  • Infrastructure monitoring and logging

  • Vulnerability scanning

  • Security patch management

Production infrastructure access is tightly restricted and monitored.

Security Controls

Secure Development Practices

AuthLN follows secure software development practices designed to identify and mitigate security risks throughout the development lifecycle.

Security practices include:

  • Secure code review

  • Dependency vulnerability monitoring

  • Security testing

  • Controlled deployment pipelines

  • Change management procedures

Engineering teams follow documented development and deployment workflows.

Foundational Security

Monitoring and Incident Response

AuthLN maintains monitoring systems designed to detect abnormal behavior and security events.

Operational capabilities include:

  • Security event logging

  • Alerting and monitoring systems

  • Incident response procedures

  • Root cause analysis and remediation processes

Our team maintains documented procedures for responding to potential security incidents.

Compliance and Certifications

AuthLN maintains security and compliance practices aligned with recognized industry standards.

Current compliance posture includes:

  • SOC 2 Type I audit in progress

  • SOC 2 Type II audit in progress

  • Alignment with NIST security frameworks

  • FIDO2-based authentication standards

Compliance documentation is available upon request under appropriate confidentiality agreements.

Security Documents Available Under NDA

  • SOC 2 report

  • Penetration testing summary

  • Security whitepaper

  • Data processing agreement

Responsible Disclosure

AuthLN encourages responsible disclosure of potential security vulnerabilities.

Security researchers who identify vulnerabilities may report them to:

security@authln.com

Our team will review and respond to all legitimate reports.

Contact

For security or compliance inquiries:

security@authln.com