Privacy Policy

9. Data Security and Protection Mechanisms

We take the protection of personal data and sensitive data — in particular OAuth credentials and data obtained from Google APIs and other third-party platforms — seriously, and we apply the following technical and organizational safeguards:

Encryption in transit. All traffic to and from the Platform, including OAuth handshakes, API gateway calls, and dashboard access, is served exclusively over HTTPS using TLS 1.2 or higher. Server-to-server calls to third-party providers (Google, TikTok, Facebook, LinkedIn, X, AWS, Supabase) are also performed over TLS.

Encryption at rest. The underlying Supabase (managed Postgres) database (managed by Supabase) and our object storage are encrypted at rest using AES-256. Database backups inherit the same encryption.

Credential storage. Third-party OAuth access tokens and refresh tokens (including Google, YouTube, Google Ads, Google Analytics, TikTok, Facebook, LinkedIn, X) are stored in dedicated per-integration tables, isolated per customer (tenant). BuzzMinter API keys issued to customers are never stored in plaintext — only a SHA-256 hash and a short non-secret prefix are persisted, so a database snapshot cannot be used to impersonate a customer.

Access controls. Tables holding sensitive data have Supabase (managed Postgres) Row-Level Security (RLS) enabled with no public policy, meaning they are unreachable through the public anon key and can only be queried by our backend using the service role. The service-role secret is stored as an encrypted environment variable on our hosting provider (AWS Amplify) and is never exposed to the browser or to client code. Administrative access to production infrastructure (AWS, Supabase, hosting) is restricted to a minimal number of authorized engineers and protected by individual accounts, strong passwords, and multi-factor authentication.

Tenant isolation. Every row of customer data carries a tenant_id, and all gateway endpoints authenticate the caller via a Bearer API key tied to a specific tenant before any read or write — preventing one customer from ever accessing another customer's connections, tokens, or analytics.

Limited human access. Data obtained from Google APIs (and other third-party APIs) is not read by humans, except (i) with the customer's explicit prior consent, (ii) for security purposes such as investigating abuse or a security incident, (iii) to comply with applicable law, or (iv) in aggregated and anonymized form for internal operations and capacity planning.

Network and platform hardening. The Platform runs on managed cloud providers (AWS, Supabase) that maintain SOC 2 / ISO 27001 compliance for their underlying infrastructure. Dependencies are kept up to date and monitored for known vulnerabilities; secrets are never committed to source control.

Incident response. In the event of a confirmed security incident affecting personal data or third-party credentials, we will notify affected customers without undue delay at the email address associated with their account, describe the nature of the incident and the data involved, and detail the remediation steps taken — including, where applicable, revoking and rotating impacted tokens and API keys.

Data deletion. When a customer disconnects an integration, terminates their account, or submits a written deletion request to hello@buzzminter.com, the associated tokens and personal data are deleted from our production database; residual copies in encrypted backups are purged according to our backup rotation (maximum 30 days).