Security & Data Safety

Servers and Networking

All servers that run fblive.ink software in production are recent, continuously patched Linux systems.

Our web servers encrypt data in transit using the HTTPS security (TLS 1.1+) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256. All connections to our database and subprocessors are encrypted using TLS.

Internal server-to-server requests are signed and authenticated to prevent request forgery, tampering, and replay. Firewalls are in place exposing only the necessary ports through the internet and between different servers.

All data retrieval from Instagram, Facebook, Twitter, TikTok and LinkedIn is done with your unique access token over a secure connection with the social netwoks' APIs.

Data storage

User and analytics data that fblive.ink collects through its software is stored in Frankfurt, Germany, European Union (EU) on the Linode and Amazon Web Services infrastructure. Access to the servers is limited to fblive.ink team members on a need-to-know basis. Only systems with a direct technical need are exposed (e.g. frontend web servers, load balancers, and other systems, which directly serve customer traffic).

For exception-based logging, fblive.ink is using subprocessors which are based outside of the EU. fblive.ink uses these designated subprocessors to provide reliable service to its users for infrastructure and application monitoring. The data they process is used solely by fblive.ink's engineering team to operate and improve the software's reliability. It is not queried or used for any other purposes.

Data access and authentication

Only fblive.ink engineers who require such access to perform their job efficiently are given this type of access. Engineers who do have access, have their own credentials and these are only valid when used from specific IPs. SSH Key-Based authentication is used for server access.

Data collected through fblive.ink is exclusively reserved for use by our users and customers.

Access to fblive.ink's systems is strictly controlled through both our Access Control policies as well as technical controls. Our approach will always be to provision on a 'need-to-know' basis.

  • The fblive.ink team is only permitted access to internal services via Virtual Private Networks.

  • Multi-factor authentication is used as a means of providing additional layers of security to authenticate the team.

  • Only a limited number of skilled engineers, whose job function is to support and maintain the fblive.ink environment, are permitted access to fblive.ink's production environment.

Data backup

At fblive.ink we use database replication to keep your data safe in the case of system failure. Database backups are taken every day, stored on Linode (Frankfurt) and Amazon Simple Cloud Storage (Ireland). In case two or more database nodes would fail concurrently we would have to revert to a backup.

Data at rest

User passwords are secured with BCrypt. They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the fblive.ink website, however, and it is the responsibility of the end user to protect his password with care.

Your billing data is encrypted at rest using industry-standard AES-256 encryption algorithms. We don't store your payment data (credit card numbers or PayPal account emails).

Credit Card Safety

When you purchase a paid fblive.ink subscription, your credit card and PayPal data is not transmitted through nor stored on our systems. Instead, we depend on Stripe and PayPal, online payment processors. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available at https://stripe.com/help/security.

Client and Server Hardening

We use Cloudflare to secure and ensure the reliability of our external-facing resources such as the website, the API. Request-handling code paths have frequent user re-authorization checks, payload size restrictions, rate limiting where appropriate, and other request verification techniques. All requests are logged and made searchable to operations staff.

Client code utilizes multiple techniques to ensure that using the fblive.ink application is safe and that requests are authentic, including

  • IFRAME sandboxing

  • XSS and CSRF protection

  • signed and encrypted user auth cookies

  • remote invalidation of extant sessions upon password change/user deactivation


Last updated: May 30, 2022