Security at SwarmPost

Your data is encrypted at every layer, in transit and at rest.

• ✓AES-256 encryption for all social account tokens stored at rest
• ✓PBKDF2 password hashing with per-user salt — we never store plaintext passwords
• ✓TLS 1.3 encryption for all data in transit between your browser and our servers
• ✓Encrypted database connections with certificate pinning

Deployed on hardened, globally distributed infrastructure.

• ✓Vercel edge network — your requests are served from the nearest global PoP
• ✓Neon PostgreSQL with encryption at rest and automated daily backups
• ✓Cloudflare DDoS protection and Web Application Firewall (WAF)
• ✓Zero-trust network architecture with least-privilege service accounts
• ✓Automated vulnerability scanning and dependency auditing

Modern authentication protocols with multiple layers of defense.

• ✓JWT session tokens with short expiry and automatic rotation
• ✓OAuth 2.0 with PKCE for all social platform connections — credentials never touch our servers
• ✓Rate limiting on all API endpoints to prevent brute-force attacks
• ✓CSRF protection on all state-changing requests
• ✓Strict Content Security Policy (CSP) headers

Privacy by design, with tools to help you stay compliant.

• ✓GDPR-ready with full data export and account deletion on request
• ✓Privacy by design — we collect only what is necessary to operate the service
• ✓No sale of personal data to third parties — ever
• ✓Data processing agreements available for enterprise customers
• ✓Transparent privacy policy with plain-language explanations