Socializioz uses a hosted authentication system to manage sign-in. This page covers how to keep your account secure, reset your password, harden your account without MFA, and recover from unauthorized access.Documentation Index
Fetch the complete documentation index at: https://docs.socializioz.com/llms.txt
Use this file to discover all available pages before exploring further.
Authentication methods
Socializioz supports two sign-in methods:| Method | How it works |
|---|---|
| Email and password | Create an account with your email and a password. Password strength and recovery are managed through the authentication provider. |
| Sign in with your Google account. Account security is managed through your Google account settings. |
Password management
Resetting your password
If you signed up with email and password and need to reset it:Check your email
Look for a password reset email from the authentication provider. Click the reset link in the email.
Password best practices
- Use a unique password that you do not reuse across other services.
- Choose a password with at least 12 characters, mixing letters, numbers, and symbols.
- Consider using a password manager to generate and store strong passwords.
Session security
Socializioz maintains your session across browser tabs and devices. See session management for details on signing out, session duration, and multi-device behavior. Key session security points:- Sign out when using shared devices — always sign out after using Socializioz on a public or shared computer.
- Sessions expire after inactivity — if you are signed out unexpectedly, your session timed out. Sign in again to continue.
- Multiple device sessions — signing out on one device does not affect sessions on other devices.
Compensating for no MFA
Until native MFA is available, use these practices to strengthen your account:| Approach | How to set it up |
|---|---|
| Sign in with Google and enable Google 2-Step Verification | Use Google sign-in for Socializioz, then enable 2-Step Verification at myaccount.google.com/security. Every Socializioz login then requires your Google second factor. |
| Use a unique, generated password | If you use email/password sign-in, generate a random password of at least 16 characters in a password manager. Never reuse it on another site. |
| Monitor the activity log | Review the activity log regularly for actions you did not perform — posts created, accounts connected, or settings changed by someone else. |
| Limit workspace membership | Keep team membership small. Remove inactive members promptly from Settings > Workspace > Members. |
| Revoke unused platform connections | Disconnect social accounts you no longer manage. Each connected account is an additional attack surface. |
Active sessions
Socializioz does not expose a list of active sessions, login history, or device information. You cannot view which devices are currently signed in or see IP addresses associated with past logins. To check whether your account is in use elsewhere:- Look for unexpected entries in the activity log — any action you did not perform suggests another active session.
- Sign out on every device you have physical access to via Settings > Profile > Log out.
- Change your password to invalidate sessions on devices you cannot reach.
A dedicated active sessions panel showing device, IP, and last-seen time is not currently available. Changing your password is the most reliable way to force sign-out across all devices.
Compromised account recovery
If you believe your Socializioz account has been accessed without your authorization, follow these steps immediately:Change your password
If you use email and password sign-in, reset your password using the password reset flow. If you use Google sign-in, change your Google account password at myaccount.google.com.
Sign out of all sessions
Sign out from every device you have access to by clicking Log out in Settings > Profile on each device. Since there is no “sign out all devices” feature, you need to do this on each device individually.
Review the activity log
Open the activity log and look for unfamiliar actions — posts you did not create, accounts connected or disconnected without your knowledge, or settings changes you did not make. Filter by date range to focus on the suspicious time period.
Check connected accounts
Go to the connections page and verify that all connected social accounts are ones you authorized. Disconnect any accounts you do not recognize.
Review team members
If you are a workspace owner or admin, check Settings > Workspace > Members for any unfamiliar users. Remove anyone you did not invite.
Contact support
Open a support ticket describing the unauthorized access. Include the approximate time you noticed the issue and any suspicious activity from the activity log. The support team can investigate further and help secure your account.
Protecting your connected social accounts
Your connected social media accounts use OAuth tokens that grant Socializioz specific permissions. To minimize risk:- Review permissions regularly — check what permissions each platform has granted to Socializioz. Admin users can use the Meta token debug panel to inspect granted scopes for Facebook and Instagram.
- Disconnect unused accounts — if you no longer manage a social account through Socializioz, disconnect it to revoke the access token.
- Revoke access on the platform — disconnecting from Socializioz removes the token locally, but you should also revoke access from the platform’s settings. See revoking third-party access for platform-specific instructions.
Security practices
Socializioz follows these principles to protect your data:- Encryption in transit — all traffic uses HTTPS with TLS 1.2 or later. Unencrypted HTTP connections are rejected.
- Encryption at rest — sensitive data (tokens, credentials) is encrypted at rest by the hosting provider’s managed encryption.
- OAuth-only integrations — Socializioz never stores your social media passwords. All platform connections use official OAuth flows with scoped permissions.
- Token lifecycle management — access tokens are refreshed automatically (hourly for Meta). Tokens are revoked when you disconnect an account and during compromised-account recovery.
- Least privilege — the app requests only the permissions needed for each feature. Admin users can inspect granted scopes for Meta accounts via the Meta token debug panel.
- Monitoring — runtime error tracking via Sentry detects anomalies. Automated health checks run on a recurring schedule.
Login protection
Authentication is managed through a hosted provider, which includes standard protections against brute-force attacks such as rate limiting on login attempts and temporary lockouts after repeated failures. These protections are applied at the authentication layer and are not configurable by workspace owners.Specific rate limits and lockout thresholds are managed by the authentication provider and may change. If you are locked out due to too many failed attempts, wait a few minutes before trying again or use the password reset flow.
Incident response
If a security incident affects your data, Socializioz will notify affected users by email as promptly as possible. Notifications will include what happened, what data was affected, and what steps you should take. For Enterprise customers with an SLA agreement, incident communication follows the agreed escalation path and response times. To proactively monitor for issues, review the activity log regularly and enable email notifications for account-related events. For full details on data handling, third-party processors, and regulatory compliance, see privacy and data management.Team security practices
If you manage a multi-user workspace, apply these additional controls:- Assign the minimum required role — give members the Member role unless they need to manage connections, billing, or team settings. See team collaboration — roles and permissions for the full permission matrix.
- Enable approval workflows — require a second person to approve posts before they publish. See approvals.
- Audit AI activity — filter the activity log by Agent action to review everything the AI assistant did on behalf of your team.
- Separate workspaces per client — agencies should create one workspace per client to isolate data, connections, billing, and team access. See team collaboration — organize workspaces for agencies.
- Review connections quarterly — check Settings > Workspace for connected accounts that are no longer in use and disconnect them.
Reporting a security issue
To report a security vulnerability or concern, email admin@socializioz.com with a description of the issue. Do not share security-sensitive details in public support channels.Compliance and certifications
Socializioz aligns with the following regulatory frameworks:| Framework | Status |
|---|---|
| GDPR (EU) | Data processing aligned with GDPR principles. Cookie consent, data deletion requests, and third-party processor disclosures are documented in privacy and data management. |
| CCPA (California) | Users can request data access and deletion per CCPA requirements. |
| SOC 2 / ISO 27001 | Not currently certified. Enterprise customers requiring formal compliance documentation should discuss requirements with their account manager. |
Socializioz does not currently provide a formal Data Processing Agreement (DPA). Enterprise customers who require a DPA should raise this during onboarding with their dedicated account manager.
Troubleshooting
| Problem | Resolution |
|---|---|
| Cannot reset password | Make sure you are using the email address associated with your account. If you signed up with Google, there is no Socializioz password to reset — manage your password through Google account settings. |
| Password reset email not received | Check spam/junk folders. The email comes from the authentication provider. If it still does not arrive after a few minutes, try requesting another reset. |
| Locked out after too many login attempts | The authentication provider may temporarily lock your account after repeated failed login attempts. Wait a few minutes before trying again, or use the password reset flow to regain access. |
| Suspect unauthorized access | Follow the compromised account recovery steps above. Change your password first, then review activity and contact support. |
| Session keeps expiring | Sessions expire after inactivity. If this happens frequently, check that your browser is not blocking or clearing cookies for the Socializioz domain. See session management. |
| Want to enable MFA | Multi-factor authentication is not currently available in Socializioz. If you use Google sign-in, you can enable MFA on your Google account for additional protection. See compensating for no MFA. |
| Need a session list or login history | Socializioz does not expose active sessions or login history. Use the activity log to check for unexpected actions and change your password to force sign-out on unknown devices. See active sessions. |
| Need compliance documentation | GDPR and CCPA alignment is described in privacy and data management. For SOC 2 or DPA requests, contact your account manager or support. |