We take security seriously.
TikImpact handles creator earnings, brand payments, and user data. Security is not a feature — it's the foundation. Here's what we do to protect you.
How we protect your data.
Data Encryption
All data in transit encrypted with TLS 1.3. Sensitive fields (API keys, payment tokens) encrypted at rest using AES-256. Passwords are bcrypt-hashed — never stored in plain text.
Access Control
Role-based access control (RBAC) across all platform surfaces. Least-privilege principle applied to all admin, ops, and API access. 2FA enforced for all privileged accounts.
Monitoring & Detection
24/7 automated anomaly detection on authentication, payment, and API endpoints. Rate limiting and brute-force protection on all user-facing endpoints.
Backup & Recovery
Daily automated backups with 30-day retention. Point-in-time recovery for database. Tested restoration procedures. Disaster recovery time objective: 4 hours.
Infrastructure
Hosted on dedicated hardware with CyberPanel + OpenLiteSpeed. Cloudflare DDoS and WAF protection. Content Security Policy headers on all responses.
Code Security
All user inputs validated and sanitized. Parameterized queries on all database operations. CSRF protection on all state-changing requests. XSS prevention enforced.
Your account security checklist.
Found a security vulnerability?
We operate a responsible disclosure program. If you discover a security issue, please report it to us privately. We aim to respond within 24 hours, and we're grateful for every genuine report.
security@tikimpact.comPlease include: description, reproduction steps, potential impact. We do not pursue legal action against good-faith reporters.