Your data is
safe with us.
We take security seriously. Here's exactly how we protect your account, your LinkedIn access, and your content.
Encryption at rest
All data stored in our database is encrypted using AES-256. LinkedIn access tokens are stored in encrypted form and never exposed in plain text.
Encryption in transit
All communication between your browser and our servers uses TLS 1.3. We enforce HTTPS everywhere — no exceptions.
OAuth 2.0 for LinkedIn
We use the official LinkedIn OAuth 2.0 flow. We never ask for your LinkedIn password — only the minimum scopes required to publish posts.
Infrastructure security
Hashtag Hero runs on Supabase (Postgres with RLS) and Vercel. Both providers maintain SOC 2 Type II compliance and independent security audits.
Row-level security
Every database query is scoped to the authenticated user. It is architecturally impossible for one user's data to be accessed by another.
Secure authentication
Passwords are hashed with bcrypt. We support email magic links and OAuth sign-in. Failed login attempts trigger rate limiting.
Responsible disclosure
Found a security vulnerability? We appreciate responsible disclosure and will respond within 48 hours.
Please email security@hashtaghero.io with details. Do not disclose vulnerabilities publicly until we've had a chance to address them.
Report a vulnerability →What we never do
- ✗ We never sell your data to third parties
- ✗ We never store your LinkedIn password
- ✗ We never request more LinkedIn permissions than needed
- ✗ We never share access tokens with external services
- ✗ We never access your posts for AI training without consent
Compliance & certifications
Full EU data protection compliance. See our GDPR page. Learn more →
Our infrastructure providers (Supabase, Vercel) are SOC 2 Type II certified.
We comply fully with LinkedIn's API Terms of Service and Developer Policies.
California residents have additional rights under CCPA. Contact us to exercise them.