Your data is safe with us.
We take security seriously at every layer — from the tokens we store to the infrastructure we run on. Here is an overview of how we protect your account and your content.
Encryption everywhere
All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. OAuth tokens for connected platforms are encrypted before storage using envelope encryption.
Minimal permissions
We request only the OAuth scopes required to publish content. We never ask for read access to your DMs, followers, or private data on any connected platform.
Access controls
Internal access to production systems is restricted to a small number of engineers, requires multi-factor authentication, and is logged for audit.
Regular audits
We conduct regular internal security reviews and plan annual third-party penetration testing as we scale. Findings are tracked and remediated with defined SLAs.
Security practices
- OAuth 2.0 for all platform integrations — we never store your social media passwords
- Automatic token rotation where supported by platform APIs
- Rate limiting and abuse detection on all authenticated endpoints
- Strict Content Security Policy (CSP) headers on all web pages
- Dependency scanning and automated vulnerability alerts via Dependabot
- Infrastructure hosted on SOC 2 Type II compliant cloud providers
Responsible disclosure
If you discover a security vulnerability in PPPP.dev, please report it to contact@pppp.dev. We ask that you give us a reasonable amount of time to investigate and address the issue before public disclosure. We do not pursue legal action against researchers who report vulnerabilities in good faith.