ASSETLINK TRUST CENTER
Commitment to Security & Trust
At AssetLink, protecting our clients’ data is at the heart of everything we do. As a trusted partner to financial institutions and advisors, we maintain the highest standards of information security, privacy, and compliance to ensure your data remains safe, confidential, and available at all times.
We have built our security program in alignment with leading industry frameworks — including SOC 2 Type I & II and the NIST Cybersecurity Framework (CSF) — to continuously assess, monitor, and enhance our controls across all layers of our environment.
CYBERSECURITY & DATA PRIVACY OVERVIEW
AssetLink maintains a comprehensive cybersecurity and data privacy program aligned with industry standards to secure client data across all systems and services. please read our latest overview.
INFORMATION SECURITY CONTROLS
AssetLink enforces strict identity and access management using the principle of least privilege, ensuring only authorized users can access systems and data.
All employees receive ongoing cybersecurity awareness and role-based training to maintain a culture of security and compliance across the organization.
AssetLink maintains tested business continuity and disaster recovery plans to ensure operational resilience and rapid recovery from disruptions.
Our cloud infrastructure is protected through layered network defenses, including firewalls, segmentation, and continuous monitoring.
We proactively identify, assess, and remediate vulnerabilities across our environment through regular scanning, patching, and configuration reviews.
AssetLink’s incident response program ensures rapid detection, investigation, and resolution of security events to minimize impact and maintain transparency with stakeholders.
Independent audits, internal reviews, and continuous monitoring validate the effectiveness of our security controls and compliance with applicable standards and regulatory requirements.
Information security governance is embedded within Assetlink’s leadership structure, ensuring policies, accountability, and oversight are aligned with business objectives.
We continuously evaluate emerging threats and business risks to prioritize mitigation strategies and strengthen our security posture.
All third-party service providers undergo security due diligence, contractual confidentiality agreements, and periodic reassessments to verify continued compliance with AssetLink’s standards.
We protect personal and financial data through strict privacy controls, regulatory compliance, and transparent data handling practices.
DATA PRIVACY & CONFIDENTIALITY
AssetLink respects your right to privacy and complies with all relevant data protection obligations.
Our Commitment
At AssetLink, protecting the privacy and confidentiality of client information is a core component of our mission. We recognize that our clients entrust us with sensitive financial and personal data, and we uphold that trust by applying rigorous controls and transparent practices to safeguard every piece of information we manage.
Privacy by Design
AssetLink embeds privacy and security principles into every phase of our product lifecycle — from architecture and development to deployment and maintenance.
We follow Privacy by Design and Data Minimization principles to ensure only necessary data is collected, processed, and retained, and only for legitimate business purposes.
Data Classification & Handling
All data handled by AssetLink is classified according to its sensitivity and business impact. Strict access controls, encryption, and monitoring are applied to protect data at every stage:
In Transit: Encrypted using industry-standard TLS 1.2+ protocols.
At Rest: Encrypted with AES-256 or stronger algorithms.
In Use: Access limited to authorized personnel under least-privilege and zero-trust principles.
Client Transparency & Rights
We are committed to transparency in how we collect, use, and protect information. Clients can request details on data handling, access logs, and retention periods, or raise privacy concerns directly via security@assetlink.ai.
All requests are handled in accordance with regulatory obligations and our internal data governance policies.
Data Retention & Secure Disposal
We retain data only as long as required for business or regulatory purposes.
Once data is no longer needed, we perform secure deletion using cryptographic wiping and verification processes.
SOC 2 TYPE II
Assetlink’s SOC 2 Type II attestation confirms that our internal controls and processes have been independently audited against the Trust Services Criteria for Security, Availability, and Confidentiality.