Sign in Start free →

Security

Last updated 2026-05-10

Posture

  • TLS 1.2+ everywhere; HSTS enabled at the edge.
  • Postgres encrypted at rest; daily snapshots with 30-day retention.
  • API keys stored only as sha256(secret) + 8-char prefix; never recoverable.
  • Webhook payloads signed (HMAC-SHA256) with per-subscription secrets.
  • Per-API-key rate limits and optional IP allowlist.
  • Visitor IP addresses anonymized at write time; no raw IPs persisted.

Reporting a vulnerability

Please email info@folowise.com with details. We respond within 2 business days and will not pursue good-faith research.