VYRALVYRAL
Log inSign up for early launch

Security Statement

Last updated: December 2025

At VYRAL, security is a top priority. We implement industry-standard security measures to protect your data at every level.

1. Infrastructure Security

We use Supabase with enterprise-grade security, built on top of AWS infrastructure.

  • SOC 2 Type II compliant infrastructure
  • Regular security audits and penetration testing
  • 24/7 infrastructure monitoring
  • Automatic security patches and updates
  • DDoS protection

2. Data Encryption

In Transit

  • TLS 1.2+ encryption for all connections
  • HTTPS enforced across all endpoints
  • Secure WebSocket connections

At Rest

  • AES-256 encryption for stored data
  • Encrypted database backups
  • Secure key management

3. Access Control

  • Row-Level Security (RLS) – Database policies ensure users can only access their own data
  • Principle of Least Privilege – Employees only have access to data necessary for their role
  • Role-Based Access Control – Granular permissions for different user types
  • Audit Logging – All access is logged and monitored

4. Authentication Security

  • Secure password hashing (bcrypt)
  • Session token management
  • Rate limiting on authentication endpoints
  • Protection against brute-force attacks
  • Secure password reset flows

5. AI Safety

Data used for AI features is always anonymized before processing.

  • No personally identifiable information sent to AI providers
  • AI prompts are sanitized to remove sensitive data
  • AI model providers are bound by data processing agreements
  • AI responses are not used to train third-party models

6. LinkedIn Integration Security

We implement comprehensive security measures for LinkedIn integration:

OAuth Token Security

  • OAuth tokens are encrypted using AES-256 before storage
  • Tokens are stored in isolated, access-controlled database tables
  • Token refresh is handled server-side only
  • Tokens are immediately deleted when you disconnect LinkedIn

Publishing Security

  • All publish requests require authenticated user session
  • Every publish action is logged for audit purposes
  • Rate limiting prevents abuse and spam
  • Content validation before publishing
  • Users must explicitly confirm before content is published

7. Application Security

  • Regular code reviews
  • Dependency vulnerability scanning
  • Input validation and sanitization
  • Protection against common vulnerabilities (XSS, CSRF, SQL injection)
  • Content Security Policy headers

8. Payment Security

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor.

  • VYRAL never stores credit card numbers
  • All payment data is encrypted
  • Stripe handles all sensitive payment information

9. Incident Response

We maintain comprehensive incident response procedures:

  • 24/7 monitoring and alerting
  • Defined incident response team and procedures
  • Notification of affected users within 72 hours of confirmed breach
  • Post-incident analysis and remediation
  • Regular incident response drills

LinkedIn-Specific Incident Response

In the event of a security incident involving LinkedIn API data or member data:

  • We will notify LinkedIn at security@linkedin.com within 24 hours of discovering a breach
  • We will cooperate fully with LinkedIn's security team
  • Affected member data will be identified and secured immediately
  • We will follow LinkedIn's incident response guidelines as specified in their API Terms

10. Business Continuity

  • Regular automated backups
  • Point-in-time recovery capability
  • Disaster recovery procedures
  • Multi-region data redundancy

11. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please contact us at johan@getvyral.io

We commit to:

  • Acknowledging receipt within 24 hours
  • Providing regular updates on remediation progress
  • Not pursuing legal action against good-faith security researchers

Contact

For security-related inquiries: johan@getvyral.io