Picmim protects your content, connected accounts, media, and collaboration workflows with encryption, workspace isolation, and limited access controls.
We protect access to it and only use it to provide Picmim features, support, security, and service operation.
Picmim uses HTTPS/TLS for browser and platform connections. Sensitive connected-account tokens are encrypted at rest using application encryption, and AI conversation storage or sensitive message handling uses encryption where implemented.
Your workspace data is encrypted and access-controlled. When a post is ready to publish, Picmim decrypts the scheduled content server-side only for the publishing workflow, then sends it securely to the selected social platform.
Workspace access is scoped across core flows. Media and folders are resolved inside the current workspace, and workspace membership checks protect team boundaries.
Picmim uses authenticated app sessions, API authentication, and workspace access middleware to keep private account and team areas separated.
Your workspace data is only available inside authorized workspace access flows. Picmim does not sell your data, and operational access is limited to what is needed for support, security, and service operation.
Social account access tokens are hidden from normal model output and stored through encrypted casts. Publishing and analytics flows use those tokens only to operate the connected social accounts you authorize.
Security headers include content security policy, frame protection, content type protection, HSTS, referrer policy, and permissions policy.
Important workflows use structured request validation. API, chat, streaming, and OAuth routes use rate limiting to reduce abuse and protect availability.
Application errors, queue failures, security events, and analytics activity are logged for operational review, with Sentry support for issue visibility.
Security is treated as a live practice. Current hardening notes include continued work on upload throttling, backup documentation, and operational runbooks.