Security and trust at SocialBoiler.
What we do to protect your account, your content and your connected platforms — and how to reach us if you find something that could be done better.
Foundations
Six things we always do.
TLS everywhere
All traffic between your browser, our app, our database, AI providers and publishing partners flows over TLS 1.2+ with modern ciphers. No plain HTTP.
Authentication & session hygiene
Supabase Auth handles password hashing (bcrypt), email verification, password reset and refresh-token rotation. Optional row-level security gates every database query to the signed-in user.
Encrypted at rest
Database, file storage and backups are encrypted at rest by our hosting providers. Daily Postgres point-in-time backups are retained for 7 days.
Isolated environments
Production and development environments are fully separated, with distinct credentials, networks and audit logs. Staff access uses least-privilege roles and SSO with 2FA.
Monitoring & audit
Application logs are kept for 12 months. Authentication anomalies, abnormal generation patterns and infrastructure errors trigger alerts to the on-call team.
Secrets management
API keys for AI, publishing and database services are stored as environment variables in our hosting provider's secret manager — never committed to source control or shared in plaintext.
Where your data lives
Sub-processors and data location.
We use a small, audited set of vendors to deliver the service. Each gets the minimum data it needs and is bound by a written data-processing agreement. For deeper detail see our Privacy Policy.
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Auth, database, file storage | US / EU |
| Vercel | Web hosting and edge delivery | US |
| n8n Cloud | Workflow automation | EU |
| OpenAI / Groq | Text generation | US |
| Google Gemini | Script generation | US |
| Lightricks (LTX) | Video generation | Global |
| json2video | Video rendering / TTS | EU |
| Upload-Post | Multi-platform publishing | US |
Vulnerability disclosure
Found something? Tell us.
We welcome security research and treat reports with care. If you discover a vulnerability:
- Send a detailed report to security@socialboiler.app.
- Give us reasonable time to investigate and remediate before public disclosure.
- Do not access, modify or download data that isn't yours, and avoid actions that degrade the service for others.
- We will acknowledge confirmed reports within 24 hours and keep you updated on fix progress.
We will not pursue legal action against good-faith research that follows these guidelines.
On your side
A few habits that help.
Use a unique, strong password
12+ characters with a password manager. Don't reuse passwords across services.
Keep connected accounts in your control
Periodically review which platforms are linked from /connections, and disconnect any you no longer use.
Watch the Publish Status panel
Every publish writes its own row with the real platform response — if something looks wrong, you'll see it there in real time.
Read AI Outputs carefully
AI-generated scripts and visuals are powerful but not infallible. The review step on every video exists for exactly that.
Questions we haven't answered?
The Privacy Policy goes into more detail on data handling. For anything else, write to us.