BlogDesk

Security

Last updated: March 2026

At BlogDesk, security is a top priority. We implement industry-standard measures to protect your data, your content, and your connected integrations.

Data Encryption

  • All data transmitted between your browser and BlogDesk is encrypted using TLS (Transport Layer Security).
  • Data at rest is encrypted using AES-256 encryption on our database servers.
  • API keys and integration tokens are stored encrypted and never exposed in plain text.

Authentication & Access Control

  • BlogDesk uses secure session-based authentication with HTTP-only cookies to prevent XSS attacks.
  • Passwords are hashed using industry-standard algorithms and are never stored in plain text.
  • OAuth 2.0 is used for third-party sign-in (Google) and platform integrations (Shopify).
  • Sessions expire automatically after a period of inactivity to reduce the risk of unauthorized access.

Payment Security

  • All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment provider.
  • BlogDesk never stores, processes, or has access to your full credit card details.
  • Subscription management and billing are handled entirely through Stripe's secure infrastructure.

Third-Party Integrations

  • Connections to WordPress use secure application passwords transmitted over HTTPS.
  • Shopify integrations use OAuth 2.0, ensuring BlogDesk only accesses the permissions you explicitly grant.
  • Webflow integrations use scoped API tokens with minimal required permissions.
  • All integration credentials are encrypted at rest and can be revoked at any time from your dashboard.

Infrastructure & Hosting

  • BlogDesk is hosted on Vercel, which provides enterprise-grade security, DDoS protection, and automatic SSL.
  • Our database runs on Neon, a secure serverless PostgreSQL platform with automated backups and encryption.
  • File storage uses encrypted cloud storage with access controls to prevent unauthorized access.
  • We perform regular security reviews and keep all dependencies up to date.

AI & Content Data

  • Your content and site data are never used to train AI models.
  • AI-generated content is processed on-demand and associated only with your account.
  • You retain full ownership of all content generated through BlogDesk.
  • Site context data (descriptions, audience, links) is used only to personalize your AI-generated content.

Incident Response

  • We actively monitor our infrastructure for security threats and anomalies.
  • In the event of a security incident, affected users will be notified promptly via email.
  • We maintain an incident response plan and conduct regular security assessments.

Contact Us

  • If you have security concerns or want to report a vulnerability, please contact us at contact@blogdesk.ai.