Security at OneClick Onboard
Your agency data and your clients' OAuth tokens are protected with enterprise-grade security. We're obsessed with keeping everything secure.
How We Protect Your Data
Multiple layers of security work together to keep your information safe.
AES-256 Encryption
Your OAuth tokens and sensitive data are encrypted using military-grade AES-256 encryption at rest. We encrypt in transit with TLS 1.3.
OAuth 2.0 Security
We never see or store your account passwords. Instead, we use secure OAuth 2.0 flows that follow industry best practices and allow you to revoke access anytime.
SOC 2 Compliant
Our infrastructure and processes comply with SOC 2 Type II standards. We maintain strict access controls, audit logs, and regular security assessments.
Data Handling
Your client account data passes through our secure infrastructure only as needed for integrations. We never store or access client ad account data beyond what's required.
Secure Infrastructure
OneClick Onboard runs on Supabase with PostgreSQL databases, hosted with enterprise-grade cloud infrastructure. All data centers maintain 99.99% uptime guarantees.
Incident Response
We maintain a 24/7 security monitoring system. In the unlikely event of a breach, we have documented incident response procedures and will notify affected users.
OAuth 2.0 Explained
OAuth 2.0 is the industry-standard secure authentication protocol used by Google, Meta, and Microsoft. Here's how it works with OneClick Onboard.
1. Authorization Request
You authorize OneClick Onboard to access your client's Meta or Google account. You're redirected to Meta/Google's secure login page. Your password never touches our servers.
2. Token Exchange
Meta or Google issues us an OAuth token. This token is like a temporary key that lets us access only the permissions you approved. It's not a password.
3. Encrypted Storage
We encrypt the token using AES-256 encryption and store it securely in our database. Even our database administrators cannot see the plain tokens.
4. Revoke Anytime
You can revoke OneClick Onboard's access to your accounts at any time. In your account settings, click "Revoke Access" and we immediately delete the encrypted token.
Our Data Handling Philosophy
We follow these principles to keep your data private and secure.
Minimal Data Collection
We collect only the information necessary to operate the service. We don't harvest data or build profiles for advertising.
No Data Sharing
We never sell, rent, or share your data with third parties. Your information is yours alone.
Transparent Practices
Our Privacy Policy and this security page explain exactly how we handle data. No hidden practices.
Data Deletion on Request
When you delete your account, all your data is permanently deleted within 30 days, including encrypted tokens.
Compliance & Certifications
We meet and exceed industry standards for data protection and security.
SOC 2 Type II
Annual security and compliance audits
GDPR Compliant
Full compliance with European data protection regulations
CCPA Ready
California Consumer Privacy Act requirements met
OAuth 2.0
Industry-standard secure authentication protocol
HIPAA Compatible
Architecture supports healthcare industry compliance
PCI DSS Ready
Payment Card Industry Data Security Standards aligned
Incident Response & Monitoring
Security doesn't stop at prevention. We maintain active monitoring and response protocols.
24/7 Monitoring
Our systems continuously monitor for suspicious activity, unauthorized access attempts, and unusual patterns. Alerts trigger immediate investigation.
Rapid Response
If a security incident occurs, our incident response team activates immediately. We have documented procedures and notification protocols to protect you.
Responsible Disclosure
If you discover a security vulnerability, we appreciate your help in keeping OneClick Onboard secure. Please report it responsibly.
How to Report a Security Issue
Email us at security@oneclickonboard.com with details of the vulnerability. Please:
- Describe the vulnerability clearly
- Include steps to reproduce the issue
- Give us reasonable time to address it before public disclosure
- Keep the vulnerability confidential during the fix period
We take all security reports seriously and will work with you to resolve issues quickly.
Ready to Secure Your Onboarding?
Onboard your clients securely with OneClick Onboard. Send a link, get access, and start managing accounts in minutes.