Legal

Security

How SociGrab protects your workspace and content.

Last updated: February 13, 2026

01Authentication

Passwords are hashed with bcrypt (12 rounds). Google sign-in is delegated to Google OAuth 2.0 — we never see your Google password. Session tokens are stored as HTTP-only cookies (Google Auth) or short-lived JWTs (email/password).

02Data at rest

MongoDB is hosted on a managed service with encryption at rest. OAuth tokens are additionally encrypted with a per-installation Fernet key before being written to the database.

03Data in transit

All traffic between your browser and SociGrab is served over TLS 1.2+.

04Media storage

Uploaded media is stored in Emergent's Object Storage. Raw upload files are auto-deleted after successful publish; only thumbnails and metadata are retained.

05Reporting a vulnerability

Email security@socigrab.com. We acknowledge reports within 48 hours.