feat: reorganise link docs and add proton mail

docs/link/features/backups.md

@@ -0,0 +1,35 @@
+---
+title: Backups
+sidebar_position: 20
+---
+
+## Daily Backups
+
+We manage daily backups of your data and retain the backups for 7 days after creation.
+As your helpdesk will constantly be updating with new tickets and replies we have not ever had a reason to retain
+backups for longer than this, and we always try to minimise the amount of sensitive data we keep in "hot" storage.
+
+The backups take the form of a full disk snapshot so we are not able to restore individual tickets if they are
+deleted accidentally, for example, we can only roll back the state of the whole helpdesk.
+
+The backups are stored on a physical server hosted in Hetzner's datacenter separate from your helpdesk's primary
+storage. As the backups are a snapshot of the disk, the data is encrypted there with the same per-instance key that is
+used to encrypt the primary storage (it's a byte-for-byte copy of the same encrypted data).
+
+If you need to request that a backup is restored for any reason, please
+[contact our support helpdesk](https://www.sr2.uk/contact).
+
+## Exporting Helpdesk Data
+
+If you wish to export data yourself in CSV or similar formats, you can do so through the
+[Zammad API](https://docs.zammad.org/en/latest/api/intro.html).
+
+## Receiving Regular Database Dumps
+
+If you are moving away from SR2 Cloud, see [our page on Moving Away](./moving_away.md).
+
+This feature is not currently available, however we plan to make available a feature that makes regular database dumps
+available to you via our upcoming object storage system, which would be encrypted to your GPG key.
+You would then be able to synchronise these to your local system.
+If you require regular database dumps before this feature has been implemented, please
+[contact our support helpdesk](https://www.sr2.uk/contact).

docs/link/features/index.mdx

@@ -0,0 +1,11 @@
+---
+sidebar_position: 10
+sidebar_label: Features
+---
+
+import DocCardList from '@theme/DocCardList';
+import {useCurrentSidebarCategory} from '@docusaurus/theme-common';
+
+# Features
+
+<DocCardList items={useCurrentSidebarCategory().items} />

docs/link/features/security.md

@@ -0,0 +1,27 @@
+---
+title: Security
+sidebar_position: 10
+---
+
+## Application Security
+
+Open Technology Funds’s Security Lab partner Assured Security Consultants performed a
+[white box audit of Link](/docs/link/Assured-AB-CDR001v_CDR_Link.pdf) between October 7 and October 22, 2024.
+A white box audit provides the tester with privileged access to the source code, testing infrastructure, and
+documentation.
+The audit included the Link application itself, its integrations with chat networks Signal and WhatsApp, as well as the
+deployment and hosting infrastructure underlying a typical Link instance. Auditors performed a verification test in
+December 2025 to validate fixes and mitigations in response to the original test.
+
+## Infrastructure Security
+
+Our Link instances run on SR2's vetted-access cloud, which in turn is hosted on servers rented from Hetzner Online GmbH.
+The datacenter runs on [100% green electricity](https://cdn.hetzner.com/assets/Uploads/oekostrom-zertifikat-2025.pdf)
+and has [stringent security measures](https://www.hetzner.com/assets/Uploads/downloads/Sicherheit-en.pdf) in place to
+prevent unauthorised access.
+Hetzner holds an [ISO 27001 certification](https://www.hetzner.com/assets/downloads/ISO-Certificate.pdf) relating to
+the security measures in place, and there are no exclusions from the scope in regard to measures mentioned in Annex A.
+
+SR2 exclusively and manages the servers from Scotland via mutually authenticated, end-to-end encrypted channels.
+All CDR Link helpdesk data is stored on a LUKS-encrypted volume with a per-instance key to protect the data at rest.
+Hetzner staff have physical server access, but strict controls are in place to prevent unauthorised access.