Security

Our commitment to keeping your data and connected accounts secure.

1. Platform Security Philosophy

At SuperPost, we treat security as a foundational feature. Since our platform bridges developers, companies, and their most critical communication channels—their social media accounts—we employ a zero-trust architecture. Our systems are built to ensure your credentials, data payloads, and API keys are fundamentally secure from inception to transmission.

2. OAuth and Token Security

When you connect a social media account to SuperPost, we use secure OAuth 2.0 protocols. Consequently, we never see, handle, or store your actual third-party passwords.

  • Generated access tokens are immediately encrypted prior to storage in our databases.
  • Encryption is implemented at rest using an industry-standard AES-256 cipher.
  • Decryption keys are isolated securely within our Key Management Service (KMS), accessible only by the specific backend proxy layers responsible for finalizing HTTP requests to social networks.

3. Developer API and SDK Security

SuperPost provides robust APIs intended for server-to-server communication. For developers integrating our SDKs:

  • We require API keys for all endpoints. Keys are scoped and can be dynamically regenerated instantly from your developer dashboard.
  • We strongly enforce strict rate-limiting policies categorized by IP and API key to thwart scraping, abuse, and brute-force denial of service attempts.
  • API keys exist on our backend only as cryptographic hashes; any lost keys cannot be recovered, only rolled.

4. Infrastructure & Data Transmission

Our architecture is fully hosted on managed cloud infrastructure that complies with SOC2 and ISO27001 standards.

All data transmitted between you, SuperPost's dashboard, our API endpoints, and our SDKs is strictly secured using Transport Layer Security (TLS 1.2 or TLS 1.3). We actively enforce HTTP Strict Transport Security (HSTS). Non-encrypted HTTP connections to any of our services or APIs immediately drop or forcefully redirect.

5. Vulnerability Disclosure & Support

We believe working with skilled security researchers across the globe is crucial in identifying weaknesses. If you believe you have discovered a security vulnerability, please contact us at security@superpost.com.

For general security inquiries or platform support, please reach out to: support@superpost.dev

Security - SuperPost