Post Wizard
Publishing automation
LoginGet Started
Trust & Security

Enterprise token review ready

We request minimum permissions, protect tokens like vault keys, and provide auditable logs and deletion controls.

Contact Security

What we access

Only the scopes required for publishing.

  • Connected account identifiers (Page/IG Business IDs)
  • Content you explicitly schedule (captions, media, URLs)
  • Job status + error codes (success/fail, retry reasons)
  • Optional analytics metrics (if enabled)
We do not access
  • DMs/messages
  • Social passwords
  • Data outside the scopes you approve

Token handling

Treat tokens like keys to a vault.

  • Encrypted at rest (AES-256-GCM)
  • Never logged (no tokens in logs, traces, analytics)
  • Least privilege scopes only
  • Immediate revocation on disconnect
  • Production/dev separation
Authorize
OAuth consent
Store
Encrypt + persist
Use
Job runner only
Revoke
Disconnect

Security controls

Concrete controls, not vague claims.

Application
TLS/HTTPS enforced, secure cookies, CSRF protection, input validation, rate limiting.
Infrastructure
Secrets manager, least-privilege IAM, audit logging for privileged actions, backups.
Access control
Role-based access (workspaces), internal access restricted and logged, MFA for admins.

Retention, deletion, incident response

Explicit and review-friendly.

  • Disconnecting an account revokes and deletes tokens immediately.
  • Account deletion removes tokens and associated content within 30 days.
  • Backups expire within 90 days.
  • Monitoring + alerting for unusual publish activity and token failures.
  • Notification within 72 hours after confirmed impact.
Security contact: security@postwizard.app
© 2026 Post Wizard. All rights reserved.
Trust & SecurityPrivacyTerms