αAlphaPostBack to home

AlphaPost

Security

How we keep your data safe

Last updated: May 13, 2026

Why this page exists

Your API keys and personal data are private. We take that seriously. This page explains what we do to keep them safe.

HTTPS everywhere

Every page on AlphaPost uses HTTPS (SSL). This means anything you type or click is encrypted between your browser and our server. No one in the middle can read it.

Passwords are hashed

We never store your real password. We use bcrypt, a slow and safe hash, to turn your password into a long random string. Even our team cannot read your password. If you forget it, we cannot tell you what it was. We can only reset it.

API keys are encrypted

Your Gemini API key and Blogger API key are encrypted with AES-256 before being saved in our database. The key to decrypt them is stored on our server, not with the data.

Only the tool can read them, and only when it needs them to make a post for you.

OAuth tokens are encrypted

When you authorize Blogger or GitHub, we get a token. We encrypt this token too. Same AES-256 protection.

You can disconnect any time

You are in control. Any blog you connect can be removed. Any token can be revoked from your dashboard. When you disconnect, we delete the tokens from our database.

We do not show your data to anyone

We do not sell, rent, or share your data. We do not give it to advertisers. We do not let other users see it. Your data stays for you.

Backups

We back up the database daily. Backups are encrypted. Old backups are deleted after 30 days.

Smart steps you should take

Even with our security, please do these simple things to stay safe:

  • Use a strong password. At least 12 characters. Mix letters, numbers, and symbols.
  • Do not reuse passwords. Use a different password for AlphaPost than your other accounts.
  • Set a $1 spending limit on Gemini. This protects you if the key is ever leaked.
  • Restrict your Gemini API key to only the Generative Language API. Restrict the Blogger API key to only the Blogger API.
  • Do not share your keys with anyone. Even people you trust. Make new keys for them if they need access.
  • Log out when you use a shared computer.

What we do if something goes wrong

If we ever find a security issue, we will:

  • Fix it as fast as we can.
  • Email affected users to tell them what happened.
  • Tell them what to do to stay safe (like change passwords).
  • Post a public note about what happened and how we fixed it.

Found a security bug?

If you find a security bug, please email us right away at contactalphapost@gmail.com. Do not post it online. We will reply fast.

We will thank you in writing. If the bug is serious, we may add your name to a public credits page.

Our promises

  • We will never sell your data.
  • We will never share your API keys with anyone.
  • We will tell you within 72 hours if there is a data leak.
  • We will let you delete your data any time.
  • We will keep updating our security as new threats come up.

Have a question?

We are happy to help. Send us an email and we will reply within 24 to 48 hours.

contactalphapost@gmail.com