Security & privacy
Your accounts stay yours.
We never overstep.
Handing a tool access to your social accounts is a trust decision. Here's exactly what we do — and don't do — with that access.
Our commitments
Six rules we don't break.
OAuth-only connections
We connect to TikTok, X, and Reddit through official OAuth flows — the same way 'Sign in with Google' works. We never see, store, or transmit your social media password.
You approve every post
Every AI-drafted post lands in your review queue. You edit, approve, or delete. Nothing is published to your accounts without your explicit approval.
Encryption at rest
Credentials, tokens, and sensitive configuration are encrypted using AES/GCM before being written to our database. Media URLs are signed and scoped.
Input masking in analytics
All form inputs are masked in product-analytics session recordings. We don't replay what you typed — only the pages and clicks we need to improve the product.
Revoke access any time
You can disconnect Audenci from your Settings page, or revoke our access directly from TikTok, X, or Reddit. Revocation is immediate and complete.
Full data deletion on request
Email security@audenci.com to delete your account and associated data. We process deletion within 30 days per GDPR and CCPA.
What we don't do
- ✕We don't post without your explicit approval.
- ✕We don't store your social media passwords — we never receive them.
- ✕We don't sell, rent, or share your content or analytics data.
- ✕We don't email your audience on your behalf.
- ✕We don't keep data longer than needed. Revoke access and we delete tokens immediately.
Subprocessors
Third-party services Audenci uses to operate. We vet each for their own security posture.
| Provider | Role | Region |
|---|---|---|
| Supabase (PostgreSQL) | Primary database | US/EU |
| AWS S3 | Encrypted media storage | ap-southeast-1 |
| LemonSqueezy | Payment processing (merchant of record) | Global |
| Resend | Transactional email | US/EU |
| PostHog | Product analytics (consent-gated) | US/EU |
| Upstash Redis | Rate limiting & caching | Global |
Report a security issue
Found something that looks wrong? Email security@audenci.com. We respond within 48 hours and we won't pursue good-faith researchers who act responsibly.
Our security.txt lists the same contacts.
Full legal detail
This page is a plain-English summary. For the formal data protection, retention, and user-rights terms, read our Privacy Policy and Terms of Service.