Security

Built so security isn't a year-three retrofit.

SocialCX is built on the same security primitives we'd want for our own data. Here's the foundation we ship every customer on.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). External channel access tokens are envelope-encrypted with a per-environment key.

Postgres row-level security gates every table by organization. There is no application-layer fallback — if a query slips, the database denies it.

Three role tiers (super-admin, customer-admin, team-member) scoped per workspace. Last-admin protection prevents accidental org lockouts.

Every administrative action — invites, role changes, plan changes, deletions — is recorded in an append-only audit log scoped to your workspace.

Sources track consecutive failures and back off automatically. Webhook events are deduplicated. Sensitive jobs run with retries and idempotency keys.

Bring your own identity provider. Provision and de-provision team members via SCIM (in roadmap).

Compliance roadmap

SOC 2 Type II — In progress. We follow the controls today; formal attestation is on track for this fiscal year. A SOC 2 readiness summary is available on request.
GDPR & UK GDPR. A Data Processing Agreement is available — see our DPA. SocialCX acts as a processor for the customer data you ingest.
Sub-processors. We maintain a public list of sub-processors and notify customers of material changes. Email security@socialcx.com to be added to the notification list.

We take responsible disclosure seriously. Email security@socialcx.com with details and we'll respond within one business day.