Security & proof, in plain terms
SMMapprove exists to turn a client's "yes" into evidence you can stand behind. Here's exactly how that works โ and how we handle your data.
๐งพHow the proof works
When your client taps Approve, we record three things: the exact post they saw (caption and media), the moment they approved it as a UTC timestamp, and a SHA-256 content hash of the post.
Those become a PDF certificate. Change a single character of the post afterwards and the hash no longer matches โ that is what tamper-evident means: the proof shows precisely what was signed off, not a vague "they said ok."
The client's IP is stored only as a salted hash for fraud-resistance. The raw IP address is not kept.
โ See the full anatomy of an approval proof, and a live sample you can verify
๐ช๐บWhere your data lives
- Media files are stored in EU object storage (Western Europe).
- The database is backed up continuously to EU storage, so a single server failure can't lose your records.
- SMMapprove is operated from Portugal (EU); processing is under GDPR.
โณWhat we keep, and for how long
Your approval record โ who approved, when, and the content hash โ is kept as your proof.
The media itself (images and video) is removed after 7 days. The certificate and hash remain, so your proof survives without us holding large files longer than needed โ which is also what data-minimisation under GDPR asks for.
๐Your client's privacy
Your client approves on a normal web link โ no account, no app, no tracking login. We collect the minimum needed to record the approval.
The approval page shows a short consent line with links to the Terms and Privacy Policy before anything is recorded.
๐ก๏ธAccess & accounts
- Sensitive integration keys are encrypted at rest.
- Email is sent through an EU-authenticated sender (SPF, DKIM and DMARC aligned), so notifications land and can't be spoofed.
- No card is required to start, and your client's link is never a bot โ always a plain web page.
This page describes how SMMapprove works and is provided for transparency. It is not legal advice. For the binding terms, see the Terms, Privacy Policy and DPA.