LinkTime
Log inGet Started
All systems operational

Built for teams who take
scheduling seriously

LinkTime is engineered with the same rigor you'd expect from enterprise infrastructure. Every line of code is tested, every endpoint is authenticated, and every token is encrypted.

670+
Automated Tests
Unit + integration + E2E
37
Database Models
Fully typed with Prisma
152
API Endpoints
Every one authenticated & validated
14
Integrations
Calendars, CRMs, video, payments

Testing Discipline

Every feature ships with tests. Every deploy runs them.

670+
automated tests run on every commit
  • Unit tests for business logic — availability calculation, encryption, token refresh, CRM sync, workflow triggers
  • Integration tests for every API endpoint — authentication, validation, error handling, edge cases
  • E2E tests for critical user flows — booking creation, calendar sync, payment processing
# Every deploy follows this
$ npm run test:run
✓ 670+ tests passed
$ npm run build
✓ TypeScript compilation clean
$ prisma db push
✓ Database schema synced
$ railway up
✓ Deployed

Code that fails tests does not ship. There are no overrides, no skip flags, no "we'll fix it later."

Security Audit Program

We don't just build features — we regularly audit what we've built.

LinkTime maintains a living audit document that tracks every security finding, performance issue, and technical debt item across the codebase. Each finding is categorized by severity, assigned a resolution target, and tracked to completion.

2/2
Critical resolved
2/2
High resolved
3/8
Medium resolved
0/11
Low resolved

All critical and high severity findings are resolved. Medium and low findings are tracked with target versions and addressed in priority order during each release cycle.

View detailed security documentation

Encryption & Data Protection

Your credentials are encrypted. Your data is validated. Your sessions are protected.

At Rest

  • AES-256-GCM encryption for all OAuth tokens
  • SHA-256 hashed API keys (raw key never stored)
  • Encrypted database connections (SSL)

In Transit

  • TLS everywhere — no unencrypted traffic
  • Webhook signature verification (HMAC)
  • CSRF token protection on forms

At the Edge

  • Edge middleware validates every request
  • Redis-based rate limiting on public endpoints
  • Zod validation on every API input

Integration Reliability

14 integrations, all built with the same resilience patterns.

Fire-and-Forget Architecture

CRM sync, calendar creation, and notification delivery never block your core booking flow. If HubSpot is down, your booking still works. If Outlook is slow, your user still sees their confirmation. Integration errors are logged and retried — never surfaced as booking failures.

Proactive Token Management

OAuth tokens are refreshed 5 minutes before expiry — not when a request fails. If a token is permanently revoked, the integration auto-disconnects and notifies the user. No stale credentials, no silent failures.

Connected Ecosystem

Google Calendar
Calendar
Outlook
Calendar
CalDAV / iCloud
Calendar
Zoom
Video
Google Meet
Video
Microsoft Teams
Video
HubSpot
CRM
Salesforce
CRM
Attio
CRM
Stripe
Payments
Zapier
Automation
Make.com
Automation

Infrastructure

Production-grade infrastructure with zero-downtime deployments.

  • Railway — SOC 2 compliant hosting with automatic scaling
  • PostgreSQL — Managed database with daily backups and point-in-time recovery
  • Clerk — Enterprise authentication with OAuth 2.0 (Google + Microsoft)
  • Upstash Redis — Distributed rate limiting across all instances
  • Environment validation — Missing variables crash on startup, not on the first request
  • Automated cron jobs — 7 background processes for reminders, cleanup, webhooks, and reconciliation
  • Custom domains — Full DNS lifecycle management with automatic SSL
  • Webhook retries — 6-attempt retry strategy with exponential backoff up to 24 hours

Engineering Practices

The standards behind every release.

Type Safety

TypeScript strict mode across the entire codebase. 37 Prisma models generate fully typed database queries. 40+ Zod schemas validate every external input before it touches business logic.

Fail-Fast Philosophy

Environment variables are validated at startup — a missing secret crashes immediately rather than silently operating without protection. Required integrations are enforced. Optional ones degrade gracefully.

Immutable Deploy Pipeline

Every deploy follows the same pipeline: tests, type-check, database sync, deploy. The pipeline is a script, not a process someone might skip. If tests fail, the deploy doesn't happen.

Defense in Depth

Authentication at the edge (middleware), authorization in routes, validation on inputs, encryption on stored data, and signatures on webhooks. No single point of failure protects your data — multiple layers do.

Transparent Change History

Every release includes a public changelog, a technical changelog, and a versioned audit document. Users always know what changed, and we always know what to review.

Resilient Integrations

External API calls use parallel execution with individual error isolation. Three CRMs can sync simultaneously — if one fails, the others still succeed. Booking creation is never blocked by an integration failure.

Questions about our security practices?

We're happy to discuss our engineering practices, provide additional security documentation, or answer questions about data handling for your compliance requirements.

Security DetailsContact Security Team