Your data, your brand, our responsibility
We know what it means to hand over access to the accounts you have built for years. Security is not an afterthought — it is built into every layer of Social Agent.
Data Security
Your data is protected with industry-standard encryption and strict access controls.
Encrypted at Rest
All data stored in our PostgreSQL database is encrypted at rest using AES-256. Backups are encrypted with the same standard.
No Plain-Text Credentials
OAuth tokens, API keys, and sensitive credentials are never stored in plain text. Every secret is encrypted before it touches disk.
Encrypted in Transit
All communication between your browser and our servers uses TLS 1.2+ (HTTPS). Internal service traffic is also encrypted.
OAuth Security
We treat access to your social accounts with the care it deserves.
Encrypted Token Storage
OAuth access tokens and refresh tokens are encrypted with AES-256 before storage. Decryption only happens at the moment of use in a secure server-side context.
Minimal Permissions
We request only the permissions needed to publish and read basic analytics. We never ask for direct messages, follower lists, or private data beyond what is required.
Revoke Anytime
You can disconnect any social account instantly from your dashboard. Revoking access deletes the stored token and stops all scheduled publishing for that account.
Infrastructure
Enterprise-grade hosting in the European Union with multiple layers of protection.
EU-Hosted Servers
All application servers, databases, and file storage are hosted in EU data centres. Your data never leaves the European Union.
PostgreSQL with Encryption
Our primary datastore is PostgreSQL with encrypted connections, row-level security policies, and automated encrypted backups.
Redis with Auth & HTTPS Everywhere
Redis instances require authentication and run on private networks. All external endpoints enforce HTTPS with TLS 1.2+.
Access Controls
Fine-grained roles keep your team productive without exposing sensitive actions.
Role-Based Access
Three built-in roles: Admin (full control), Editor (create and edit content), and Viewer (read-only). Assign the right level of access per team member.
Audit Logs
Every significant action is logged with a timestamp, user, and description. Admins can review who did what, when, directly from the dashboard.
Activity Tracking
Real-time activity feed shows content approvals, platform connections, team invites, and setting changes across your workspace.
GDPR Compliance
Built for European data protection from day one.
Data Export
Request a full export of your data at any time. We provide a machine-readable archive of your account, brands, posts, and analytics.
Account Deletion
Delete your account and all associated data permanently. Deletion is processed within 30 days and includes encrypted backups.
Data Processing Agreements
We offer a standard DPA to customers who need one. Our sub-processors are documented and we notify you of any changes.
Cookie Consent
Our cookie banner gives you granular control over analytics and marketing cookies. Only strictly necessary cookies are set before consent.
Uptime & Reliability
Your scheduled posts go out on time, every time.
Background Job Processing
Post publishing runs on dedicated background workers with automatic retries. Transient failures are retried with exponential back-off.
Platform-Specific Error Handling
Each social platform has tailored error handling: rate limits, token expiration, and API changes are caught and handled gracefully.
Failure Notifications
If a post fails to publish after retries, you receive an instant email notification with the reason and a link to retry or reschedule.
Responsible AI
AI powers our content generation, but you stay in control.
How AI Is Used
We use Claude by Anthropic for caption generation, brand voice matching, and image analysis. Google Imagen generates images when you do not have your own photos.
No Training on Your Data
Your brand data, captions, and images are never used to train AI models. API calls to Claude and Imagen are stateless and not retained by the providers.
Human Review Step
Every AI-generated post lands in your approval queue before publishing. Nothing goes live without your explicit approval or bulk-approve action.
Have security questions?
Our team is happy to answer questions about our security practices, provide our DPA, or walk through our infrastructure.
Email security@social-agent.io