Security & Compliance

Your data security and privacy are our highest priorities

Enterprise-Grade Security

Politexting employs industry-leading security practices and infrastructure to protect your data, communications, and privacy. We maintain rigorous security standards to ensure your information remains confidential and secure.

Security Measures

Data Encryption

In Transit: TLS 1.3 encryption for all data transmitted between your browser and our servers

At Rest: AES-256 encryption for all stored data, including messages and contact information

Authentication & Access Control

• Secure password hashing with industry-standard algorithms

• Session management with automatic timeout

• Role-based access control (RBAC) for team accounts

Infrastructure Security

• Hosted on Microsoft Azure's SOC 2 certified infrastructure

• Automated backups and disaster recovery

• 99.9% uptime SLA with redundant systems

Privacy Protection

• We never sell your data to third parties

• Minimal data collection - only what's necessary

• Right to data deletion and export

Monitoring & Detection

• 24/7 security monitoring and threat detection

• Automated anomaly detection

• Regular security audits and penetration testing

Vulnerability Management

• Regular dependency updates and security patches

• Automated vulnerability scanning

• Responsible disclosure program

Spam Protection

• Automatic spam detection and blocking

• STOP/START keyword handling (TCPA compliant)

• User-controlled blocking and opt-out management

Rate Limiting

• High-frequency sender detection (50+ msgs/hour)

• Duplicate message pattern recognition

• Automated throttling and blocking

Spam Protection & Anti-Abuse

User Protection

Our multi-layered spam protection keeps your users safe:

  • Automatic Detection: AI-powered spam identification
  • High Frequency Blocking: Auto-blocks senders exceeding 50 messages/hour
  • Duplicate Pattern Detection: Blocks repetitive spam (3+ identical messages)
  • Manual Control: Users can block any sender instantly
  • Blocked Number Management: Full visibility and control via dashboard
TCPA Compliance

Full compliance with SMS regulations:

  • STOP Keywords: Automatic opt-out when recipients text STOP, UNSUBSCRIBE, CANCEL, END, QUIT
  • START Keywords: Easy re-subscription via START, SUBSCRIBE, YES, UNSTOP
  • Instant Confirmation: Automated confirmation messages
  • Opt-Out Enforcement: Blocked senders cannot send messages
  • Audit Trail: Complete logging of all opt-out/opt-in events
User Dashboard: Users can manage all blocked numbers at Campaign → Blocked Numbers, view statistics, and see blocking reasons (STOP request, spam detection, or manual block).

Compliance & Standards

GDPR Compliant

Full compliance with EU General Data Protection Regulation for data privacy and protection

CCPA Compliant

Adherence to California Consumer Privacy Act requirements for user rights and transparency

TCPA Compliant

Tools and features designed to help you comply with SMS regulations and consent requirements

Trusted Partners

We partner with industry-leading service providers who maintain their own rigorous security standards:

Microsoft Azure

SOC 2 Type II certified hosting

Twilio

ISO 27001 certified SMS delivery

Stripe

PCI DSS Level 1 payment processing

OpenAI

Enterprise-grade AI processing

Secure Communications for Sensitive Use Cases

For anti-corruption agencies, whistleblower programs, and other sensitive communications, we offer additional security features:

  • End-to-end encrypted messaging options
  • Anonymous contact submission capabilities
  • Audit logging and compliance reporting
  • Custom data retention policies
  • Dedicated support for government and civic institutions

Contact our security team to discuss your specific requirements.

Best Practices for Users

Do
  • Use a strong, unique password
  • Log out when using shared devices
  • Review your account activity regularly
  • Report suspicious activity immediately
  • Keep your contact lists updated
  • Obtain proper consent before messaging
Don't
  • Share your password with anyone
  • Leave your account logged in on public computers
  • Click suspicious links in emails
  • Store sensitive data without encryption
  • Send messages without proper consent
  • Use the same password across multiple services

Incident Response

Security Concerns?

If you discover a security vulnerability or have concerns about your account security, please contact us immediately:

We take all security reports seriously and will respond within 24 hours.

Additional Resources

Privacy Policy Documentation Contact Security Team