TLS everywhere
All dashboard, API, and webhook traffic is encrypted in transit with modern cipher suites.
Trust
Security that matches serious publishing
Agencies and publishers connect production systems. We design for least privilege, encrypted transport, and clear audit trails from day one.
Controls
What we enforce by default
Security is a moving target—these practices describe our current baseline and roadmap commitments.
Scoped tokens
CMS credentials are stored encrypted and can be rotated or revoked per property without downtime.
Role-based access
Invite teammates with the least privilege required—viewer, editor, approver, or admin.
Tamper-aware logs
Publishing and approval events are retained for investigations and compliance exports.
Workspace separation
Client data never bleeds across workspaces; background jobs are keyed by tenant.
Safe retries
Failed publishes backoff automatically to avoid hammering fragile CMS endpoints.
Security FAQ
Do you support SSO?
Enterprise plans can integrate SAML/OIDC providers—contact us for the current rollout timeline.
Where is data hosted?
Primary regions are documented during onboarding. Enterprise customers may request dedicated deployment options.
How do I report a vulnerability?
Email security@blogpostscheduler.com with reproduction steps. We acknowledge critical reports within 48 business hours.
Need a vendor questionnaire?
We provide standard responses for SOC2-style reviews and can join security calls for large deployments.