Storage Link Media
 Back home
Trust & Security

Trust & Security

Last updated: 29 June 2026

This page is maintained by Storage Link Media to answer common security and privacy questions about the platform. It describes controls that are enabled today and is not an independent certification or third-party audit.

Authentication & access

  • Email + password sign-in with passwords stored as hashed values by our authentication provider.
  • Google sign-in available as an alternative to passwords.
  • Per-account role separation: client, agency and admin roles are stored in a dedicated roles table, not on the user profile.
  • Row-level security policies on every user-data table scope reads and writes to the owning account (and to invited teammates where applicable).
  • Sensitive billing identifiers, including the recurring-billing token from our payment processor, are never returned to the browser.

Data handling

  • All traffic between your browser and the platform is served over HTTPS (TLS) by our hosting provider.
  • Uploaded media is stored in our object-storage provider; only the account that owns the asset (and teammates they invite) can request a download URL.
  • Sharing links are scoped, expirable and can be revoked at any time from your dashboard.
  • Auto-archive lets you choose how long unaccessed assets remain before being moved to cold storage.

Subprocessors

We rely on the following providers to operate the service. Each provider only receives the data needed to perform its function.

  • Lovable Cloud (Supabase) - application database, authentication and serverless functions.
  • Backblaze B2 - object storage for uploaded media.
  • PayFast - recurring card payments. Card details are entered on PayFast's hosted checkout; we never see or store full card numbers.
  • Resend - transactional email delivery.

Retention & deletion

  • You can delete individual assets, folders and projects at any time from your dashboard.
  • Account closure schedules permanent deletion of your stored media after a short grace period so you can recover from mistakes.
  • Operational logs (sign-in attempts, billing events) are retained for a limited period for security and audit purposes.

Reporting a security issue

If you believe you have discovered a security vulnerability, please contact us at support@storagelinkmedia.com with details and reproduction steps. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

Shared responsibility: Storage Link Media operates the application and the controls described above. Customers are responsible for keeping their account credentials safe, granting access only to people they trust, and configuring sharing, retention and roles in line with their own requirements.