Security

SocialStudio is designed to keep real social media keys and tokens on the backend only. The current prototype uses fake keys and mock publishing.

Production requirements

Use HTTPS, OAuth, encrypted token storage, least-privilege scopes, audit logs, role-based access, rate limits, CSRF protection, and server-side secret management.

Reporting

Report security issues to hello@chaello.com.