Security

In one sentence: Your LinkedIn messages and uploaded ZIP file are encrypted with a key tied to your password so that nobody (not even us) can read them.

🔐 Protecting your LinkedIn data

MySocialDash is built with privacy at its core. The most sensitive part of your LinkedIn export is your messages. That is why both your uploaded ZIP file and the message bodies stored in our database are encrypted in a way that keeps them private - even from us, the system operators.

How it works

1. Your personal encryption key

When you create an account, a unique Data Encryption Key (DEK) is generated just for you. This key is used to encrypt your messages and uploaded files. We do not store this key in plain form - it is protected using a second key derived from your password (which we never know - by design).

2. Logging in

When you log in with your password, we can temporarily unlock your DEK for use during your session. It is held securely in memory while you are signed in and wiped as soon as you log out. Without your password, the DEK is meaningless.

3. Uploading your ZIP file

Before your LinkedIn ZIP even touches our storage, it is encrypted using your DEK. This means that the file saved on our server is already encrypted. We cannot open it manually - only the automated import process can, using your key.

4. Processing in the background

Our background importer receives a short-lived token that allows it to temporarily access your DEK only for the purpose of completing the import.

The token is stored only in Redis (our secure in-memory cache).
It is never written to the database or to disk.
The token expires automatically after a few minutes, even if the job has not finished.
Once the import completes, both the decrypted ZIP and the temporary token are securely deleted from memory.

This means there is no permanent record of your DEK or its token anywhere on our servers. The importer has just enough access to process your data - and nothing remains afterwards.

5. Message storage

Every LinkedIn message body is encrypted individually before being saved in the database. What sits in storage is only ciphertext - scrambled data that is unreadable without your DEK. Even if someone could see the database, they would not see your messages in clear text.

Here is an actual example of what stored messages look like inside the database:

Example of encrypted messages in the database

As you can see, this is what we see in our database - meaningless encrypted strings, not readable text.

6. Reading your messages

When you open a thread in MySocialDash, the app fetches the encrypted text, decrypts it temporarily in memory using your DEK, and shows it in your browser. The plain text is never stored back on our servers.

⚠️ Important things to know

Password resets

If you reset your password, the original DEK cannot be recovered. Old encrypted messages would become unreadable and you would need to re-import your data. This design ensures that only you control access to your messages.

Temporary access during imports

The importer has access to your DEK only for a few minutes while processing your upload. After that window closes, the key is no longer available on the server. Because the token never touches disk or the database, it disappears completely when Redis clears it.

Server security

Like any online service, if an attacker gained full control of the server while you are logged in, they could potentially see decrypted data in memory. We reduce this risk with strict isolation, hardened servers, and short session lifetimes.

🛡️ System-level protections

All traffic passes through Cloudflare for DDoS protection, HTTPS enforcement, and rate limiting.
Our servers run behind a strict firewall: only Cloudflare traffic is allowed in, no public SSH or database ports are open.
Uploaded files are stored outside the webroot so they cannot be accessed directly by URL.
ZIP files and temporary extracts are automatically deleted after processing.
Sessions use secure, HttpOnly, and SameSite cookies and are fully encrypted over HTTPS.
Database access is logged and tied to support requests, minimising the chance of unauthorised access.

✅ The bottom line

Your uploaded ZIP file is encrypted the moment it arrives.
All LinkedIn message bodies are encrypted in the database - plaintext is never stored.
Temporary tokens exist only in Redis memory, never on disk.
We cannot read your messages - only you can, when logged in with your password.
If you lose your password, your DEK cannot be recovered and data must be re-imported.
Layered security (Cloudflare, firewalls, secure storage, session hardening) helps protect your data end-to-end.

Our goal is to balance convenience (automatic imports, easy dashboard access) with strong, practical security that keeps your private LinkedIn conversations safe.