Social Fetch
Get API key

Security

Last updated 18 June 2026

Introduction

Social Freak Ltd (company no. 14659411), Unit 82A, James Carter Road, Mildenhall, Bury St Edmunds, IP28 7DE, UK, operates Social Fetch. This page summarises how we protect customer accounts and data. It is an overview — the Privacy Policy and Terms of Service are the binding documents. We do not hold SOC 2 or ISO 27001 certification. This page describes our current practices.

Account security

API access uses keys prefixed with sfk_. Treat keys like passwords: store them securely, rotate them if exposed, and do not commit them to source control. You can sign in with OAuth providers and enable two-factor authentication (2FA) on your account. You are responsible for activity under your account and for protecting your credentials.

Technical and organisational measures

We use industry-standard practices to protect the Services, including:

  • Encryption in transit: TLS for connections to our websites and API.
  • Cloud hosting: Production systems run on managed cloud infrastructure with provider-level physical and network controls.
  • Access control: Internal access to production systems is limited to what operations require and is reviewed as roles change.
  • Secrets management: API keys, database credentials, and similar secrets are stored via secure configuration, not in application source code.
  • Monitoring and logging: Operational logs support reliability, billing, abuse detection, and incident response.

What we store

We store account and billing metadata needed to operate the Services. We retain operational API logs for approximately 30 days, including request metadata and response previews, for support, billing, and reliability. We do not permanently archive third-party platform content on your behalf; API responses are returned to you at request time.

What we do not do

  • We do not sell personal data.
  • We do not warrant that your use of retrieved data complies with third-party platform terms or applicable law — that is your responsibility.
  • We do not claim formal security certifications we have not earned (see introduction above).

Service providers

We use trusted third-party providers for hosting, payments, email, and analytics. Stripe processes payments. A detailed subprocessor list is available on request for security reviews.

Privacy and GDPR

We process personal data in line with UK GDPR, the Data Protection Act 2018, and EU GDPR where it applies. This is not a third-party certification programme. For legal bases, retention, international transfers, and your rights, see the Privacy Policy. Questions: support@socialfetch.dev.

Report a security issue

If you believe you have found a security vulnerability, email support@socialfetch.dev. Include steps to reproduce and any relevant details. For API issues, include the requestId from the response when you have one. We also publish contact details at /.well-known/security.txt.

Security FAQ

Are you SOC 2 or ISO 27001 certified?
No. We do not hold SOC 2 or ISO 27001 certification. This page describes our current practices. For diligence questionnaires, contact support@socialfetch.dev.

Do you support GDPR?
We are designed to support UK and EU GDPR rights. See the Privacy Policy for how we collect, use, and retain data. This is our own privacy practice, not a third-party GDPR certification.

How long do you keep API request logs?
We retain operational API logs for approximately 30 days, including request metadata and response previews, for support, billing, and reliability.

Can I get a list of subprocessors?
Public pages describe categories only. A detailed list is available on request for legitimate security reviews — email support@socialfetch.dev.

Can I use two-factor authentication?
Yes. You can enable 2FA on your account in the dashboard. We recommend it for accounts with billing access or production API keys.

How are payments handled?
Stripe processes card payments. We do not store full card numbers on our systems.

Related documents

Privacy Policy · Terms of Service · Contact