Please Confirm First
Toucan Post Toucan Post

Security

It's very important that we keep your social media account connections secure. You should never regret signing up for Toucan Post.

This article is intended as a reference to what Toucan Post does to accomplish that. It does not go in depth on our architecture or attempt to deeply explain security concerns in general.

How we keep your accounts secure

  • Good security practices. These include Cloudflare proxying, blocking ports, frequent security updates, resource isolation where possible, minimizing our attack surface, throttling bad actors, and backend code analysis.
  • We collect as little data as possible. We don't store any billing information or personally identifiable data past what we need.
  • Everything is SSL-only. We use HTTPS for the site and for all API connections.
  • Account access tokens are encrypted at rest. API tokens and other critical data are encrypted while in the database.
  • Email-only Authentication. This adds an extra layer of security to the login process.
  • Remote servers. We use the well-known provider Hetzner for our web servers and data storage.
  • Customers are our goal. We have a free tier for the sake of growth. We will never sell or monetize your data. See our privacy policy.

How we'll improve in the future

  • Use limited-scope access tokens when they become available. Trello has an all-or-nothing authentication model. Any site that integrates with Trello has full access to all your boards.
    • Tip: you can share single boards in Trello, so you could create a new Trello account and share one board to it, if you feel it's necessary.
  • Full two-factor authentication.
    • We plan to add additional levels of security in the future, such as TOTP two-factor authentication.

What we don't do

  • Encrypt your data with your password. Our server needs to use API access tokens to make posts on your behalf.

About data deletion

  • We retain a record of previously-made posts to allow you to monitor Toucan Post's interactions with your accounts, and prevent accidental duplicated posts. These logs contain post content and relevant URLs. You may delete these at any time.
  • We delete all system logs older than one month. These logs generally only contain event information and metadata.
© 2025 Austin Anderson
Home Privacy Security Terms About