Security

Your security is our priority. Learn about our protection measures.

Last updated: 10/15/2025

Data Encryption

Encryption in Transit

All data between your device and our servers is encrypted using TLS 1.3.

Encryption at Rest

Your content and personal data are encrypted at rest using AES‑256.

Key Management

We use advanced key management systems and rotate keys regularly.

Infrastructure Security

Hardened Cloud Infrastructure

Our services run in enterprise-grade cloud with layered defenses: firewalls, IDS, and DDoS protection.

Network Segmentation

Critical systems are isolated in protected network segments with limited access and monitoring.

Security Updates

We promptly apply security updates and vulnerability patches.

Access Control

Role‑based Access

Access follows least privilege with role-based permissions and regular reviews.

Session Management

Sessions use secure tokens with rotation and automatic timeouts.

Monitoring and Detection

24/7 Monitoring

Our security team continuously monitors systems for threats and suspicious activity.

Automated Threat Detection

Machine learning analyzes system behavior to detect and mitigate incidents.

Audit Logs

Comprehensive audit logs record access and actions for security analysis and compliance.

Compliance Statement

We follow industry security best practices appropriate for our size and risk profile. We do not currently claim formal certifications. This page describes our controls and processes.

Operational Security Details

JWT access tokens expire after 60 minutes; refresh tokens after 2 days.
Telegram bot tokens are stored encrypted using a server-side key and are never returned via API.
Uploaded media is stored under a server upload directory and used solely to publish to Telegram.
AI generation calls use HTTPS to third‑party providers.

Data Protection

Data Minimization

We collect and store only the minimum data necessary to operate the Service.

Retention Policies

We automatically delete data that is no longer needed according to retention policies.

Backups and Recovery

Regular encrypted backups ensure availability and fast recovery in incidents.

Incident Response

We maintain established security incident response procedures:

Immediate containment and assessment

Timely notification to affected users

Post-incident analysis and improvements

Security Recommendations for Users

Help us keep your account secure by following these guidelines:

Keep your browser and devices updated
Log out on shared or public devices
Report suspicious activity immediately
Review account activity regularly

Report a Security Issue

If you discovered a vulnerability or have questions about our security, contact our team:

Email: help.4posts@gmail.com

Encryption: PGP key available upon request

Response time: within 24 hours for critical cases

Security is an ongoing process. We continuously improve protections for your data and privacy.