Security you can build on

AEOpack is built security-first, with encryption, strict multi-tenant isolation and privacy-conscious defaults at every layer. Here is how we protect your brand data.

Encryption in transit & at rest

All traffic is served over TLS. Data is encrypted at rest, and sensitive fields such as provider credentials are additionally encrypted with a dedicated application key.

Strict tenant isolation

Every request is scoped to your organization and resolved from a verified membership. No endpoint can return another tenant’s data — isolation is enforced in code and verified with a second test tenant.

Authentication & sessions

Passwords are hashed with bcrypt and never logged. Sessions use signed, httpOnly, Secure cookies with a separate secret for the admin surface, verified in edge middleware.

Role-based access control

Granular roles (owner, admin, analyst, viewer, developer) govern who can view data, manage billing and members, or rotate secrets — enforced on every mutation.

SSO / SAML on Enterprise

Enterprise plans support single sign-on so your team authenticates through your identity provider, with centralized provisioning and de-provisioning.

Input validation everywhere

All API input is validated with strict schemas; malformed requests are rejected with field-level errors and never reach the database.

Privacy-first data handling

Where we process visitor signals, IP addresses are hashed immediately with a salted SHA-256 and truncated — we avoid storing raw IPs. Buckets are private and access is key-normalized to prevent traversal.

Fail-closed operations

Services validate their environment at startup and refuse to boot on missing or default secrets. Auth endpoints are rate-limited to stop credential stuffing and brute force.

Engineering practices

Defense in depth, by default

Security is not a single control but a set of overlapping ones. A few of the practices baked into AEOpack:

  • Separate secrets for customer and platform-admin sessions
  • First-party cookies only — no permissive cross-origin exposure
  • HMAC-signed, replay-protected server event ingestion
  • Encrypted provider credentials with a dedicated key, isolated from session secrets
  • Least-privilege access for platform operators, with no tenant data scope
  • Regular dependency and environment validation
All systems operational

Platform status

We monitor AEOpack around the clock and target high availability for the dashboard and scanning pipeline. For incidents and maintenance windows, our team communicates proactively with affected customers.

Have a security question or want to report a vulnerability? Email support@aeopack.com. We support responsible disclosure and will work with you to resolve valid reports.

Ready to see your AI visibility — securely?

Start a free scan today. Your brand data stays isolated, encrypted and yours.

No credit card required · Cancel anytime