Security

Security at PostChime

Your data security is our top priority

SOC 2 Type II

Compliant (in progress)

256-bit Encryption

Data encrypted at rest & in transit

Infrastructure Security

  • Cloud hosting: Hosted on industry-leading cloud providers with enterprise-grade security
  • Data encryption: All data encrypted using AES-256 at rest and TLS 1.3 in transit
  • Network security: Firewalls, DDoS protection, and intrusion detection systems
  • Redundancy: Multiple availability zones for high availability
  • Backups: Automated daily backups with point-in-time recovery

Application Security

  • Secure authentication: Bcrypt password hashing, optional 2FA
  • OAuth 2.0: Secure social account connections (we never see your passwords)
  • Session management: Secure, httpOnly cookies with automatic expiration
  • Input validation: Strict input sanitization to prevent injection attacks
  • CSRF protection: Token-based protection on all forms
  • Rate limiting: Protection against brute force attacks

Social Account Security

When you connect social media accounts:

  • We use official OAuth protocols—we never ask for or store your social media passwords
  • Access tokens are encrypted and stored securely
  • We request only the minimum permissions needed
  • You can disconnect accounts instantly from your settings
  • Disconnecting immediately revokes our access

Payment Security

  • PCI DSS compliant: All payments processed by Stripe
  • No card storage: We never see or store your full card details
  • Secure checkout: All payment pages served over HTTPS

Operational Security

  • Access controls: Role-based access with principle of least privilege
  • Audit logging: Comprehensive logs of all administrative actions
  • Employee security: Background checks and security training
  • Incident response: Documented procedures for security incidents
  • Vendor management: Security reviews for all third-party services

Your Security Best Practices

We recommend:

  • Use a strong, unique password for your PostChime account
  • Enable two-factor authentication (2FA) when available
  • Regularly review connected social accounts
  • Log out from shared or public devices
  • Keep your email account secure (it's used for password resets)

Vulnerability Disclosure

We appreciate security researchers who help us keep PostChime secure. If you discover a vulnerability, please report it responsibly:

  • Email: security@postchime.com
  • Include detailed steps to reproduce the issue
  • Allow reasonable time for us to address the issue before disclosure

Questions?

For security questions or concerns, contact our security team:

security@postchime.com

Privacy Policy Terms of Service Cookie Policy