Data Security & Privacy

Is my data secure with Threadly?

Quick Answer

Yes — Threadly uses read/write OAuth tokens (never passwords), TLS 1.3 encryption in transit, AES-256 at rest, and is GDPR-compliant. You can revoke access from your social platforms at any time.

Security and privacy are foundational to how Threadly operates. Here is a full breakdown of how your data is protected.

Social account access

  • Threadly connects via OAuth 2.0 — your social platform passwords are never stored or seen by Threadly.
  • OAuth tokens are stored encrypted using AES-256 at rest.
  • Threadly requests only the minimum scopes required: publishing rights, analytics read, and inbox access. It never requests advertising account management or payment access.
  • You can revoke access at any time from the social platform's own settings (e.g., Twitter Connected Apps, Meta Business Settings).

Data transmission

  • All data transmitted between your browser and Threadly's servers is encrypted using TLS 1.3.
  • All API calls to social platforms are made server-side over HTTPS.

Data storage

  • Threadly's database is hosted on managed PostgreSQL with encryption at rest (AES-256).
  • Backups are encrypted and retained for 30 days.
  • Data is not sold to third parties or used for advertising targeting.

GDPR & privacy compliance

  • Threadly is GDPR-compliant. EU data is processed within the EU/EEA where applicable.
  • You can request a full export or deletion of your data at any time from Settings → Privacy.
  • Full Privacy Policy: threadlyhq.com/privacy