Security & Infrastructure

We built Redact.social with a paranoid level of security. Here is how we protect you.

Icelandic Data Haven

All our data processing and storage infrastructure is physically located in Iceland.

Why Iceland?

  • Non-US Jurisdiction: Our servers are outside the jurisdiction of US courts. We are not subject to US subpoenas, National Security Letters (NSLs), or the Patriot Act.
  • Strongest Privacy Laws: Iceland has some of the strictest data protection laws in the world (GDPR+), specifically designed to protect free speech and digital privacy.
  • Political Neutrality: Iceland is a neutral ground for data, ensuring your information is safe from geopolitical pressures.

Encryption Everywhere

We use military-grade encryption for data in all states:

  • In Transit: All data moving between your browser, our servers, and social media APIs is encrypted using TLS 1.3 (Transport Layer Security).
  • At Rest: Any data stored on our disks (such as your generated report) is encrypted using AES-256. Even if someone physically stole our servers, they would not be able to read your data.

"Scan & Shred" Architecture

Our most important security feature is that we don't keep your data.

  1. Fetch: We fetch your posts into a temporary, isolated memory sandbox.
  2. Analyze: Our AI models scan the text and images for risk flags.
  3. Report: We generate the risk report and send it to your secure dashboard.
  4. Shred: The raw social media data is immediately overwritten and deleted from memory. We do not archive your tweets, photos, or posts.

No Third-Party Trackers

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking scripts on our dashboard. Your usage of our tool is private and is not broadcast to ad networks.

Vulnerability Disclosure

If you are a security researcher and believe you have found a vulnerability in our system, please contact security@redact.social. We offer a bug bounty program for responsible disclosure.