What is data enrichment service?

Our data enrichment service provides professional email lookup for business emails and LinkedIn data extraction. Through data enrichment, you get detailed information from email addresses and comprehensive profile information. Our service specializes in data enrichment, email lookup, and LinkedIn profile data extraction.

What are the benefits of data enrichment service?

Data enrichment helps sales teams, recruiters, and marketers get comprehensive information through email lookup and LinkedIn data extraction. Benefits include: enhanced lead qualification, improved personalization for outreach, better prospect research, increased conversion rates, streamlined customer verification, and more effective networking. Perfect for B2B data enrichment and professional relationship building.

Can I try the data enrichment service for free?

Absolutely! Our free trial includes 20 data enrichment searches with full access to all features including email lookup, LinkedIn URL data extraction, and comprehensive data enrichment. No credit card required to start enriching your data.

Is Linkepy GDPR and CCPA compliant?

Linkepy is 100% GDPR and CCPA compliant. Unlike most solutions on the market, we do not use databases (neither purchased nor built up from our clients). We have developed our own search algorithms. This allows us to be systematically up to date in the information we deliver in real-time.

Linkepy Security Policy

Last updated: 21.09.2025

This Security Policy describes Linkepy's security program and the technical & organizational measures (TOMs) we use to protect customer data and the Services. We continuously improve our controls as threats and best‑practices evolve. Material changes will not reduce the overall level of protection described here.

1) Scope & Objectives

Applies to the Site (https://www.linkepy.com), dashboard, APIs, file‑enrichment jobs, and integrations (e.g., CRM connectors) operated by Linkepy.
Objectives: confidentiality, integrity, availability, and resilience of systems and data; lawful processing under GDPR/KVKK and other applicable laws.

2) Governance & Risk Management

Security is owned by the Executive Team and led day‑to‑day by a designated Security Lead.
Linkepy maintains a risk‑based ISMS aligned with ISO/IEC 27001 and SOC 2 principles (conceptual alignment; not a certification claim).
Policies: access control, encryption, secure development, vendor management, incident response, business continuity, acceptable use, and data retention. Policies are reviewed at least annually.

3) Personnel Security & Confidentiality

All personnel sign confidentiality agreements and complete onboarding and annual security & privacy training (phishing, data handling, incident reporting).
Role‑based security responsibilities; disciplinary procedures for violations.

4) Access Control & Identity

Least privilege and need‑to‑know enforced via RBAC.
MFA required for privileged access and production systems; SSO where supported.
Unique accounts; access reviews quarterly; immediate de‑provisioning on role change or exit.
Secrets (API keys, tokens) managed via a secrets manager; no secrets in code or CI logs.

5) Asset & Data Classification

Data classified (Public, Internal, Confidential, Restricted). Handling rules define storage, transmission, sharing, and disposal.
Prohibited data (e.g., special categories, children's data, full PANs) must not be submitted unless explicitly agreed in writing.

6) Cryptography

In transit: TLS (min TLS 1.2; modern ciphers) for all external endpoints; HSTS and secure cookies for the Site.
At rest: industry‑standard encryption (e.g., AES‑256) for databases, object storage, and backups provided by the cloud KMS.
Keys: generated/stored/rotated using managed KMS; access logged and restricted to least privilege.

7) Network & Infrastructure Security

Production environment isolated; security groups/firewalls default‑deny.
Only allow‑listed IPs/roles can access management planes; bastion or zero‑trust proxy for admin access.
DDoS protections provided by cloud/CDN; WAF and bot‑mitigation where applicable.
Container images and base AMIs are hardened and regularly patched.

8) Application Security & SDLC

Secure SDLC: design reviews, code reviews, dependency scanning (SCA), SAST/DAST where applicable, and pre‑deployment checks in CI/CD.
Secrets scanning on repositories; branch protection and mandatory reviews.
Third‑party libraries monitored for CVEs; patches prioritized by severity.
New features undergo security-by-design review; high‑risk changes may require threat modeling.

9) Logging, Monitoring & Detection

Centralized logging of auth events, admin actions, API errors, and security events; time‑synced and tamper‑resistant where feasible.
Metrics and alerts for availability, performance anomalies, and suspicious patterns (e.g., brute‑force, abuse of rate limits).
Retention aligned with legal and operational needs (see §13).

10) Vulnerability & Patch Management

Regular external surface scans and authenticated scans for infrastructure.
Critical & high‑severity issues remediated promptly per policy SLAs; emergency patch process for zero‑days.
Periodic independent penetration tests; results tracked to closure.

11) Data Segregation & Multi‑Tenancy

Logical separation by customer account/tenant identifiers; least‑privilege service accounts per component.
File‑enrichment jobs processed in segregated storage paths; temporary artifacts auto‑expired.

12) Backups, Business Continuity & Disaster Recovery

Automated backups of critical data; encryption at rest; restore tests periodically.
Documented BCP/DR with RTO/RPO objectives appropriate to service tier; runbooks maintained for regional failures and loss of a primary component.

13) Data Retention & Deletion

Account data retained for the subscription term and legal retention periods.
File‑upload enrichment outputs retained by default for ≤ 30 days (configurable or earlier deletion on request/API) to allow download and reconciliation.
Upon termination or verified request, Customer Personal Data is deleted or returned, then securely disposed from backups per policy.

14) Incident Response & Breach Notification

Documented IR plan: triage, containment, eradication, recovery, post‑mortem.
Customer notification without undue delay when a Personal Data Breach likely impacts data confidentiality, integrity, or availability; notifications include known facts, scope, mitigations, and contact channel.

15) Third‑Party & Vendor Risk Management

Security and privacy due‑diligence before onboarding vendors; DPAs and confidentiality required.
Sub‑processors listed at https://www.linkepy.com/subprocessors; changes notified in advance per DPA.
Continuous monitoring for material changes in vendor posture when feasible.

16) Physical Security (Cloud Providers)

Linkepy uses reputable cloud providers with certified data centers (e.g., ISO 27001, SOC 1/2). Controls include staffed security, CCTV, access badges/biometrics, visitor logs, and environmental protections.
No customer data is stored at Linkepy offices.

17) Customer Responsibilities

Maintain strong passwords/MFA for user accounts; manage user lifecycle within your organization.
Do not submit prohibited data; ensure lawful basis and notices for personal data you provide.
Configure integrations and webhooks securely; protect API keys and client secrets.

18) Compliance Statements

Designed to support obligations under GDPR, KVKK, and common audit criteria for SOC 2 and ISO 27001 (alignment, not a certification claim).
See also: Privacy Policy, DPA, Terms of Use, and Security Overview pages.

19) Hosting & Regionality

Primary hosting region: [To be announced] (EU region recommended). Exact providers and regions will be listed on /subprocessors and/or the Security Overview.
Data residency options may be available for enterprise plans on request.

20) Cryptographic & Password Standards (Baseline)

TLS 1.2+; disable legacy protocols/ciphers. HSTS enabled on public domains.
Passwords hashed with a modern KDF (e.g., bcrypt/argon2) with per‑user salts.
API tokens are random, high‑entropy values; rotation supported.

21) Policy Maintenance & Contact

This Policy is reviewed at least annually and after significant changes.
Security contact: [email protected] (preferred) | Privacy contact: [email protected].

Note: This document provides a transparent overview. Detailed runbooks, diagrams, and internal controls are maintained in Linkepy's private ISMS documentation.