This page summarizes FeedBlox’s security program at a high level. It is intended to help customers and prospects understand our practices. It does not create contractual commitments beyond those in the Terms of Service or any signed agreement, is not a substitute for a completed security questionnaire (SIG, CAIQ) or a Data Processing Addendum, and is not a warranty or certification.
Account Protection
We support password-based and federated sign-in (for example, GitHub and Google). Passwords are stored using a memory-hard hashing function with per-user salts. Sessions are bound to HTTP-only, secure cookies, and authenticated requests are protected against CSRF. We will support multi-factor authentication for dashboard sign-in; until it ships, treat your password and OAuth account as the trust anchor for your workspace, and protect embed tokens and other secrets you configure in the Service.
Data in Transit and at Rest
All public endpoints (marketing site, dashboard, APIs, and the embeddable widget) require TLS 1.2 or higher with modern cipher suites and HSTS. Customer data is stored in managed databases with encryption at rest. Encrypted backups are taken on a rolling schedule and retained for up to thirty-five (35) days.
Network and Platform
The Service runs on reputable cloud infrastructure with logically segmented production environments, restricted ingress, and managed secrets handling. Production deployments are performed from version- controlled, peer-reviewed source. Dependencies are tracked and updated when relevant security advisories are published.
Access Control
Access to production systems is restricted to a limited set of personnel with a documented business need, granted on a least-privilege basis, authenticated with strong credentials, and reviewed periodically. Access is revoked promptly when no longer required.
Logging and Monitoring
We log application and security-relevant events (such as authentication, administrative actions, and anomalous request patterns), monitor error rates and availability, and retain those logs for the period described in our Privacy Policy.
Vendor and Subprocessor Management
We use a small set of vendors (hosting, managed databases, email delivery, error monitoring, and federated identity) bound by contract to support our security and privacy commitments. Material changes to our subprocessor list will be communicated to account owners on reasonable notice.
Incident Response
We maintain an incident response process that identifies, contains, eradicates, and learns from security incidents. If we determine that an incident has resulted in unauthorized acquisition of unencrypted or unredacted personal information, we will notify affected account owners and, where required, regulators in the most expedient time possible and without unreasonable delay, consistent with the Illinois Personal Information Protection Act, 815 ILCS 530/, and other applicable law.
Coordinated Vulnerability Disclosure
If you believe you have discovered a vulnerability, send a detailed report to security@feedblox.net. Please do not access or modify data that is not yours, do not perform denial-of-service or social- engineering attacks against our personnel, and give us a reasonable opportunity to remediate before public disclosure. We will acknowledge receipt promptly and will not pursue legal action against good-faith researchers who follow these guidelines.
Customer Responsibilities
Security is shared. Customers are responsible for protecting their accounts and embed tokens; for appropriate moderation of visitor submissions; and for ensuring their use of the Service complies with their own legal and contractual obligations.