Trust · Security
Security
How Social Hype Technologies Pvt Ltd protects your data on SocialHype. We aim to describe what we actually do today — not aspirational claims.
Security at a glance
TLS Encryption
All traffic served over HTTPS with TLS 1.2 or higher; data encrypted at rest.
Role-Based Access Control
Granular workspace roles and least-privilege internal admin access.
Daily Backups
Encrypted production backups taken daily with point-in-time recovery.
Audit Logs
Security-relevant events are logged with restricted, access-controlled review.
Secure API Connections
OAuth-based connections to platforms; tokens stored encrypted, never exposed.
Data Retention Controls
Retention windows aligned to purpose and Indian law, with deletion on request.
How we secure the platform
We aim to describe what we actually do today — not aspirational claims. Each area below is a control we operate now.
Security architecture
The platform runs on managed cloud infrastructure with network isolation between tiers. Application, database, and background-processing layers are separated, and workspace data is logically partitioned per customer so one tenant cannot reach another’s data.
Authentication & access control
Customer accounts use email + password with optional two-factor authentication. Inside a workspace, role-based access control governs what each member can see and do. Internal admin access follows least-privilege principles and is restricted to named team members. We never ask for your password by email or phone.
Encryption standards
All traffic to the website and platform is served over HTTPS with TLS 1.2 or higher. Workspace data is encrypted at rest on managed cloud storage, and OAuth tokens for connected platforms are stored encrypted, never exposed in logs or to other tenants.
Incident response
We maintain an incident-response process to triage, contain, and remediate security events. If an incident materially affects your personal data, we will notify affected customers in line with the DPDP Act, 2023 and other applicable law, and describe the steps we are taking.
Monitoring & logging
Application and security-relevant events are logged with restricted, access-controlled review. Logs are retained for a period sufficient to investigate incidents and meet applicable legal requirements.
Backup & disaster recovery
Production databases are backed up daily, with retention sufficient to meet a 7-day point-in-time recovery target. Backups are encrypted and access-controlled, and recovery procedures are reviewed so we can restore service after a disruption.
Secure API infrastructure
Connections to Meta, Google, LinkedIn, and WhatsApp use OAuth 2.0 with least-privilege scopes. We request only the permissions a feature needs, tokens are revocable at any time, and we operate within each platform’s API and data-use policies.
Responsible disclosure
If you believe you have found a security issue, email support@socialshype.com with a description and steps to reproduce. We do not pursue legal action against researchers acting in good faith and following coordinated disclosure, and we aim to acknowledge reports promptly.
Payments
We do not store full card details on our servers. All card payments are processed by Razorpay, a PCI-DSS Level 1 certified payment provider; only payment metadata required for invoicing (such as the last four digits) is retained.
Report a security issue
Found something? Email us with steps to reproduce — we welcome good-faith, coordinated disclosure.