InfluTo is built with security-first principles. Here's how we protect your app data, your influencers' information, and your revenue.
All data is encrypted in transit (TLS 1.3) and at rest. Webhook secrets, API keys, and sensitive credentials are encrypted using Fernet symmetric encryption before storage. Database connections use SSL.
All payment processing is handled by Stripe — a PCI DSS Level 1 certified payment processor. InfluTo never stores credit card numbers, bank account details, or payment credentials. Stripe Connect handles KYC, tax forms, and payout compliance.
InfluTo is designed for GDPR compliance. We collect only the data necessary for attribution and commission tracking. Users can request data export or deletion. Our Privacy Policy details exactly what we collect and why.
RevenueCat webhooks are verified using encrypted authorization headers. Each app has a unique webhook secret. Invalid or missing authorization headers are rejected with 401 responses. All webhook payloads are logged for audit trails.
API keys use prefix-based identification and bcrypt-hashed verification. Each app has isolated API credentials. Organization-level access control ensures team members only see their own data.
InfluTo runs on dedicated infrastructure with automated backups, container isolation, and health monitoring. Database backups are taken before every deployment. Sentry error tracking provides real-time alerting.
If you have security concerns or want to report a vulnerability, contact us at:
security@influ.to