Data Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.
API Credentials
Your WordPress, LinkedIn, and Brevo API credentials are stored using industry-standard encryption. Credentials are never exposed in logs, emails, or support conversations. Access is restricted to the automated publishing systems that need them.
Authentication
User accounts are protected with bcrypt-hashed passwords. We support secure session management with automatic timeout and device tracking.
Infrastructure
WordPush runs on secure, managed cloud infrastructure with automatic security updates, DDoS protection, and regular penetration testing.
GDPR Compliance
WordPush is fully GDPR compliant. We process data lawfully, transparently, and for specific purposes only.
- Data minimisation: We only collect data necessary to provide the service
- Right to access: Request a copy of your data at any time
- Right to deletion: Request complete deletion of your account and data
- Data portability: Export your content and settings
- Data location: All data is stored within the UK/EU
Third-Party Integrations
When you connect WordPress, LinkedIn, or Brevo, we use official APIs with the minimum required permissions. We never request or store more access than needed. You can revoke access at any time from your account settings.
Incident Response
We maintain an incident response plan and will notify affected users within 72 hours of any confirmed data breach, in compliance with GDPR requirements.
Questions?
If you have questions about our security practices, contact us at security@wordpush.co.uk.