Security at Social Intel

Our platform is hosted on industry-standard cloud infrastructure with the following protections in place:

• All traffic is encrypted in transit using TLS 1.2 or higher
• Sensitive data is encrypted at rest using AES-256
• Database access is restricted to application servers only — no public database endpoints
• Infrastructure is isolated using private networks and firewall rules
• Automated backups run daily with point-in-time recovery

• Passwords are hashed using bcrypt — plaintext passwords are never stored or logged
• API keys are hashed server-side and only shown to you once at creation
• All authenticated endpoints require a valid session token or API key per request
• Internal systems follow least-privilege access — team members only access what their role requires
• Admin access requires multi-factor authentication

Payments are processed entirely by NowPayments. We never receive, transmit, or store private keys, wallet addresses, or transaction details. All payment data flows directly between you and NowPayments over their encrypted infrastructure.

We receive only a transaction confirmation (order ID, status, amount) after a successful payment.

Every dataset download is logged with the timestamp, IP address, and authenticated user account. This serves two purposes:

• Delivery confirmation — so we can verify you received your purchase
• Fraud protection — to resolve refund disputes and chargeback claims

Download logs are retained for 12 months. They are never shared with third parties except as required for payment disputes or by law. See our Privacy Policy for details.

• All user inputs are validated and sanitised server-side
• SQL queries use parameterised statements — no raw query construction from user input
• CSRF protection is enforced on all state-changing requests
• HTTP security headers are set on all responses (CSP, HSTS, X-Frame-Options, etc.)
• Rate limiting is applied to authentication endpoints and the API to prevent brute-force attacks
• Dependencies are regularly updated and scanned for known vulnerabilities

Each user can only access datasets they have purchased. Access tokens are scoped per user and per dataset — there is no way to access another user's purchases through the API. Subscription access is revoked immediately upon cancellation or refund.

We take security vulnerabilities seriously. If you discover a security issue in our platform, please report it to us privately before disclosing it publicly.

To report a vulnerability: email info@socialintel.io with a description of the issue and steps to reproduce it. We will acknowledge your report within 48 hours and aim to resolve confirmed issues within 14 days.

We ask that you do not access, modify, or delete any user data beyond what is necessary to demonstrate the vulnerability. We will not take legal action against researchers who follow these guidelines.

In the event of a security incident affecting user data, we will notify affected users by email within 72 hours of becoming aware of the breach. Notifications will include the nature of the incident, data involved, and steps we have taken to contain it.

For security-related enquiries or to report a vulnerability: info@socialintel.io

For general privacy questions, see our Privacy Policy.