pagehouse. Subscribe

Security

Security Statement

Last updated: 6 May 2026

This Security Statement describes the safeguards Pagehouse is designed to use. It is a transparency statement, not a guarantee that any system, account, integration, or workflow is invulnerable.

Security Model

Pagehouse is designed around company page management, explicit page-admin access, weekly approval rhythms, activity visibility, limited internal access, and WhatsApp escalation for important client decisions.

We work on LinkedIn company pages only. We do not request founder personal-profile passwords, we do not operate personal profiles, and we do not ask clients to share personal credentials.

Access and Approvals

Clients should add Pagehouse through LinkedIn page-admin access and provide only the assets, contacts, brand notes, inbox permissions, and instructions needed for the selected plan.

  • Drafts and calendars are prepared for approval according to the plan and operating rhythm.
  • Qualified lead messages and sensitive replies are escalated to the client through WhatsApp where appropriate.
  • Admin access should be removed by the client when the subscription ends or if access is no longer required.

Infrastructure and Providers

Pagehouse may use cloud hosting, storage, logging, monitoring, billing, payment, messaging, design, automation, AI, analytics, and communication providers where configured.

We rely on provider-level controls as well as our own access, logging, operational, and approval controls. Provider infrastructure remains subject to the provider's own architecture, availability, security controls, terms, and incidents.

Core Controls

Our intended security controls include:

  • Transport encryption for application traffic where supported.
  • Least-privilege access for internal administration.
  • Company-page-only work, without personal LinkedIn password collection.
  • Controlled access to content calendars, page assets, inboxes, and account notes.
  • Secure handling of credentials, API keys, tokens, and connected-service access where used.
  • Backups, deployment controls, and operational monitoring appropriate to the service tier.
  • Human review expectations for sensitive replies, public posts, newsletters, and account changes.

Client Responsibilities

Security is shared. You are responsible for choosing the right plan, granting access carefully, limiting data provided to Pagehouse, reviewing outputs, keeping account credentials secure, and complying with laws that apply to your business.

  • Do not add Pagehouse to accounts, pages, files, or tools unless you have permission and lawful authority.
  • Do not provide private keys, payment credentials, medical data, legal privileged material, or regulated data unless a written agreement specifically supports that use.
  • Review scheduled posts, newsletter content, inbox replies, and escalations before relying on them for sensitive or regulated decisions.
  • Promptly report suspected vulnerabilities, unauthorised access, or mistaken publication.

AI and Content Risks

Some Pagehouse workflows may use AI-assisted drafting, research, summarisation, repurposing, or quality checks. AI output may be inaccurate, outdated, incomplete, or unsuitable without human review. Clients remain responsible for approving content before publication where approval is required.

Incident Handling and Disclosure

If we become aware of a security incident affecting your information, we will investigate and take appropriate steps based on the nature of the incident, applicable law, provider information, and customer impact.

Please report security concerns by email at hello@pagehouse.xyz. Do not access, modify, destroy, exfiltrate, or disclose data that does not belong to you.