← Back to Home

Security & Compliance

How we protect your data and maintain security standards

Security Overview

At Kitverify, security is our top priority. We implement industry-leading security measures to protect your data and ensure your social media accounts remain secure.

Data Encryption

Encryption in Transit

  • TLS 1.3: All data transmitted between your browser and our servers is encrypted using the latest TLS 1.3 protocol
  • HTTPS Only: We enforce HTTPS across all pages and API endpoints
  • Certificate Authority: SSL certificates from trusted providers

Encryption at Rest

  • OAuth Tokens: All access and refresh tokens are encrypted using AES-256-GCM before database storage
  • Unique Keys: Each token is encrypted with unique initialization vectors and authentication tags
  • Database Encryption: PostgreSQL database connections are encrypted
  • Media Files: Uploaded media stored with encryption on cloud storage

Authentication & Access Control

  • OAuth 2.0 with PKCE: Industry-standard authentication for social media platforms
  • NextAuth.js: Secure session management with httpOnly cookies
  • Google OAuth: Secure account creation with Google authentication
  • CSRF Protection: Anti-forgery tokens on all form submissions
  • Role-Based Access Control (RBAC): Principle of least privilege
  • Token Rotation: Automatic refresh token rotation for long-lived sessions

Infrastructure Security

  • Hosting: Deployed on Vercel with SOC 2 Type II certification
  • Database: PostgreSQL with automatic backups and point-in-time recovery
  • CDN & DDoS Protection: Cloudflare for global content delivery and attack mitigation
  • Environment Isolation: Separate development, staging, and production environments
  • Secrets Management: Environment variables encrypted and never committed to version control

Security Monitoring

  • 24/7 Monitoring: Automated monitoring for suspicious activity
  • Real-Time Alerts: Immediate notifications for security events
  • Audit Logs: Comprehensive logging of all data access and changes
  • Weekly Security Scans: Automated vulnerability scanning
  • Dependency Monitoring: Automated checks for vulnerable dependencies
  • Penetration Testing: Quarterly third-party security assessments (planned)

Compliance & Certifications

Current Compliance

✅ GDPR Compliant

Full compliance with EU data protection regulations

✅ CCPA Compliant

California Consumer Privacy Act compliance

Platform API Compliance

  • TikTok Content Posting API: Full compliance with data retention and security requirements
  • Twitter/X Developer Agreement: Adherence to API usage policies
  • Meta Platform Terms: Compliance for Instagram and Threads integration
  • YouTube API Services: Google API Services User Data Policy compliance
  • Google Limited Use Requirements: Restricted use of YouTube data

Planned Certifications

🔄 SOC 2 Type II

In progress - Target Q3 2025

📋 ISO 27001

Planned for 2026

Data Breach Response

In the unlikely event of a security breach:

  1. Detection & Containment: Immediate isolation of affected systems (within 1 hour)
  2. Impact Assessment: Comprehensive evaluation of breach scope (within 24 hours)
  3. User Notification: Email notification to affected users (within 72 hours per GDPR)
  4. Regulatory Notification: Compliance with local data protection authorities
  5. Remediation: Implementation of corrective measures and security enhancements
  6. Post-Incident Review: Detailed analysis and prevention planning

International Data Transfers

  • Primary Location: United States (Vercel/AWS infrastructure)
  • EU Region Option: Available for European customers
  • Standard Contractual Clauses (SCCs): EU Commission-approved data transfer mechanisms
  • GDPR Article 46 Safeguards: Additional protections for international transfers

Vulnerability Disclosure

If you discover a security vulnerability, we encourage responsible disclosure:

  • Email: [email protected]
  • PGP Key: Available upon request
  • Response Time: Acknowledgment within 24 hours
  • Assessment: Initial evaluation within 72 hours
  • Resolution: Critical vulnerabilities fixed within 7 days
  • Bug Bounty: Program launching in 2025

User Security Best Practices

Help us keep your account secure:

  • Use a strong, unique password for your Kitverify account
  • Enable two-factor authentication (2FA) on connected social accounts
  • Regularly review connected social accounts in your dashboard
  • Disconnect unused accounts immediately
  • Never share your account credentials with third parties
  • Report suspicious activity to our security team
  • Keep your browser and operating system updated

Contact Security Team

For security-related inquiries:

Security Officer: [email protected]

General Support: [email protected]

Privacy Officer: [email protected]

For urgent security matters, please include "URGENT" in the subject line.