Security
Your data is safe with us
Security isn't an afterthought — it's built into every layer of GoSocially. From encryption to audit logging, we take protecting your data seriously.
Encryption in transit and at rest
All connections use TLS encryption. Data at rest is encrypted by our infrastructure providers (Supabase, Vercel). Payment data is handled by Stripe (PCI DSS Level 1).
Comprehensive audit logging
Every data modification, authentication event, and admin action is logged with user ID, IP address, user agent, and timestamp. Audit logs are retained for 24 months.
Row-level security
Database access is enforced at the row level via Supabase RLS policies — your data is isolated from every other user. Every table has RLS enabled with ownership-based access controls.
Trusted infrastructure
We host on Vercel and Supabase — industry-leading providers that undergo regular independent security audits. Payment data is handled entirely by Stripe, so we never store your card details.
Input validation & rate limiting
All API inputs are validated with Zod schemas before processing. Every endpoint is rate-limited. We protect against injection attacks, XSS, CSRF, and other OWASP top 10 vulnerabilities.
Incident response
We monitor for security events and anomalies via system event logging. In the event of a data breach, affected users will be notified within 72 hours as required by GDPR.
Compliance
We support EU data protection requirements including data portability, right to erasure, right to restrict processing, and 72-hour breach notification.
We support California privacy rights including right to know, right to delete, right to opt out of sales (we do not sell data), and non-discrimination.
Responsible disclosure
Found a security vulnerability? We appreciate responsible disclosure. Please email hello@gosocially.io and we'll respond within 24 hours.