Security you can verify.
Trusting us with your marketing means trusting us with sensitive credentials. Here's exactly how we protect them — straight, with no certifications we don't hold.
Encryption at rest
API keys and sensitive credentials are encrypted with AES-256 before they're stored. They're decrypted in memory only when needed, never logged.
Encryption in transit
All traffic between your browser, our servers and connected platforms is protected with industry-standard TLS.
Read-scoped access
Integrations request only the permissions they need — to publish content or read engagement — not broad administrative control.
Two-factor authentication
Add an extra layer to your account with optional 2FA, protecting against unauthorised access.
Audit logging
Significant actions are recorded in an internal audit log so unusual activity can be spotted and reviewed.
You own your accounts
The Cockpit never takes ownership of your social or ad accounts. You keep full control and can revoke access any time.