Social Remix

Security

Our approach to keeping your data private, secure, and available.

Last updated: October 22, 2025

Overview

Security is a shared responsibility. Social Remix secures the platform; customers are responsible for safe use of the product, including access management, content choices, and publishing destinations.

Data classification and storage

  • Customer Content (prompts, assets, outputs) and account data are stored in cloud providers with regional redundancy.
  • We avoid collecting sensitive data unless strictly required.
  • Backups are encrypted and retained for a limited window to support disaster recovery.

Encryption

  • Transport: All traffic uses TLS with modern ciphers.
  • At rest: Data is encrypted using provider‑managed keys; secrets are stored in a managed secrets vault.

Access control

  • Least‑privilege IAM, role separation, and just‑in‑time access for production operations.
  • MFA enforced for administrative accounts; SSO available for enterprise plans.
  • Audit logs retained for critical administrative actions.

Secure development and change management

  • Peer code review, automated tests, and CI/CD with protected branches.
  • Dependency scanning and container/image updates for known CVEs.
  • Infrastructure as Code (IaC) with change approvals.

Vulnerability management

  • Regular patching cadence for OS, runtimes, and dependencies.
  • Third‑party penetration testing at least annually (in progress as we scale) and ad‑hoc as needed.
  • We welcome responsible disclosure at security@socialremix.app.

Monitoring and logging

  • Centralized logs for infrastructure and application events.
  • Alerting for availability and security‑relevant anomalies.

Incident response

  • Documented escalation, investigation, and communication procedures.
  • Customer notification without undue delay where legally required.

Business continuity and disaster recovery

  • Automated backups with periodic restore testing.
  • Multi‑AZ deployment patterns where supported.

Subprocessors

We rely on a small set of vetted providers for cloud hosting, analytics, email, and payments. Contracts include confidentiality and security obligations. A current list is available upon request.

Compliance

We align practices with industry frameworks as we scale (e.g., SOC 2 readiness). Data protection terms and DPAs are available for eligible plans.

Contact

Questions about security? Email security@socialremix.app.