Enterprise-grade security,
built in from day one.
Security is foundational to everything we build — not bolted on after. Here's how we protect your accounts, content, and connected platforms.
SOC 2 Type II
Annual audit
GDPR Compliant
EU data standards
ISO 27001
In progress
JWT-Based Authentication
Industry-standard JSON Web Tokens with short-lived access tokens (15 min) and secure refresh token rotation (30 days) to minimize session hijacking risk.
Encrypted at Rest and in Transit
All data is encrypted in transit with TLS 1.2+ and sensitive credentials are encrypted at rest. OAuth tokens for connected platforms are stored securely.
OAuth 2.0 Platform Connections
We never store your social media passwords. Connections to LinkedIn, Meta, X, and TikTok use industry-standard OAuth 2.0 flows with scoped permissions.
Email Verification
Every account requires email verification before accessing the platform. This prevents unauthorized signups and protects your workspace.
Rate Limiting and Abuse Prevention
API endpoints are rate-limited to prevent abuse. All requests include unique request IDs for traceability and audit purposes.
Role-Based Access Control
Team collaboration features include granular permissions. Brand owners control who can create, edit, approve, and publish content.
Platform compliance
Optomus integrates with social platforms through their official APIs and adheres to each platform's terms of service and rate limits.
We request only the minimum required permissions for each platform connection. You can revoke access at any time from your connections settings — no support ticket needed.
For details on how we handle your data, review our Privacy Policy and Terms of Service.
Trust starts with transparency.
Have security questions? We're happy to share our security documentation with enterprise teams.