Security overview

Your data is safe with VoxBurst

We take security seriously. Here's an overview of the technical and operational measures we use to protect your account, your content, and your social media credentials.

Security practices

Encryption in transit

All traffic between your browser and VoxBurst is encrypted using TLS 1.2+. We redirect all HTTP requests to HTTPS and use HSTS headers to enforce secure connections.

Encryption at rest

Sensitive data — including OAuth tokens for your connected social accounts — is encrypted at rest using AES-256. Your social platform credentials are never stored in plaintext.

OAuth for platform connections

We never ask for your social media passwords. All platform connections use each platform's official OAuth flow. You authorize VoxBurst directly on the platform's own website and can revoke access at any time.

Role-based access control

Team members can only access what their role allows. Admins control who can publish, schedule, or view content. Revoking access is instant.

Audit logs

Every significant action in your workspace is logged: post creation, account connections, member invitations, API key usage, and Brand Voice and Persona consent events. Audit logs are available to workspace administrators.

Secure API key authentication

API keys grant programmatic access to your workspace. Keys can be scoped and revoked at any time from your workspace settings. Never expose API keys in client-side code.

Cloud infrastructure & backups

VoxBurst is hosted on Amazon Web Services (AWS) in us-east-1 with automated monitoring and alerting. AWS maintains extensive physical and network security certifications. VoxBurst performs automated daily backups of all customer data. Backups are encrypted at rest using AES-256 and stored in a geographically separate AWS region from primary data.

Responsible disclosure

If you discover a security vulnerability, please report it through our contact form. We will acknowledge valid reports within 1 business day and work to address confirmed issues promptly. We follow coordinated disclosure principles — please allow us reasonable time to address issues before public disclosure. We will credit researchers who report valid, previously unknown vulnerabilities.

Incident response & breach notification

In the event of a confirmed security incident affecting your personal data or workspace content, we will notify affected workspace administrators without undue delay and, where required by applicable law (including GDPR), within 72 hours of becoming aware of the breach. Notifications will include the nature of the incident, the categories and approximate volume of data affected, likely consequences, and measures taken or proposed.

Compliance status

HTTPS / TLS everywhereLive
Data encrypted at rest (AES-256)Live
OAuth-only platform authenticationLive
Role-based access controlLive
Audit loggingLive
Automated daily encrypted backupsLive
Cookie consent management (Cookiebot)Live
Incident response and breach notificationLive
SOC 2 Type IIIn Progress
GDPR data processing agreement (DPA)Available On Request
In the event of a confirmed security incident affecting your data, we will notify affected workspace administrators without undue delay and in accordance with applicable law — typically within 72 hours where GDPR applies.

Found a vulnerability?

Contact us through our contact form. We'll acknowledge within 1 business day. We follow coordinated disclosure and credit researchers who report valid issues.