Security & Trust at Postly

Your data, protected by design. We pair strong security controls with official, compliant social media APIs to keep your brand and accounts safe.

Official APIs Only

We publish via platform-approved, secure endpoints — never via password scraping or unofficial methods.

Defense-in-Depth

TLS 1.3 in transit, AES-256 at rest, RBAC/MFA, audit logs, and continuous monitoring.

Transparency

Clear guidance, safe-use tips, and rapid incident response if something looks off.

Official API Assurance (All Platforms)

Postly has always used official, platform-approved APIs for publishing and analytics. For example, Instagram content is published via the Instagram Graph API (Meta) — the same secure, compliant endpoints used by enterprise partners. The same principle applies across supported networks.

Meta: Instagram Graph API & Facebook Pages API

LinkedIn Marketing Developer Platform: LinkedIn Marketing Developer Platform

X (Twitter) API v2: X (Twitter) API v2

YouTube Data API: YouTube Data API

TikTok Business/Marketing APIs: TikTok Business/Marketing APIs

Pinterest API: Pinterest API

Why a platform might flag activity

  • Previously connected to an unofficial tool or automation app.
  • Rapid bursts of actions (posting/liking/following) across multiple apps/devices.
  • Temporary token/session conflicts after password or role/page changes.
  • Platform policy constraints (e.g., Instagram requires a Business/Creator account connected to a Facebook Page for API publishing).

Stay safe — simple checklist

  • Connect accounts only through Postly (avoid tools that ask for your password or use browser extensions to “log in” as you).
  • If you change passwords, roles, or pages, reconnect via OAuth promptly.
  • Avoid running multiple schedulers on the same account at once.
  • Use platform-recommended account types (e.g., Instagram Business/Creator with a Page).

You’re safe to use Postly — thousands of creators and brands publish daily through official APIs without issues.

Core Protections

  • Encryption: TLS 1.3 in transit, AES-256 at rest.
  • Authentication: Email/OAuth logins with optional 2FA/MFA.
  • Access: RBAC (role-based access control), least privilege, scoped tokens.
  • Monitoring & Logs: Audit trails and anomaly detection for key actions.
  • Backups & Recovery: Regular backups and tested restore runbooks.

Compliance & Reviews

  • Periodic security assessments and remediation of identified risks.
  • Vendor risk management for critical third-parties (payments, email, hosting).
  • Secure SDLC practices (code review, dependency monitoring, CI/CD controls).
  • Data processing aligned with regional regulations where applicable.

Trusted Infrastructure & Services

Hosting & Data

Secure cloud hosting, hardened environments, network segmentation, and routine patching.

Payments & Email

Stripe for PCI-compliant billing and AWS SES for transactional emails.

Two-Factor Authentication (2FA)

Add a second step to log in with an authenticator app or one-time code. It significantly reduces account takeover risk even if a password is compromised.

Questions or Security Reports?

Reach our team at team@postly.com. We’re happy to help.