Trust Center

Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Overview

Welcome to Hootsuite's Trust Center. Our commitment to data privacy and security is embedded in every part of our business.

Our Information Security Management System and program is aligned with the NIST Cybersecurity Framework (CSF), and Hootsuite has a comprehensive suite of security policies based on NIST CSF, NIST 800-53, ISO 27001, SOC 2 Trust Services Criteria, FedRAMP, and GDPR. The security policies are grounded in the key principles of least privilege, need-to-know, least functionality, and segregation of duties, and govern facility, system, and data access. The policies are reviewed and approved by senior management, reviewed by our external auditors, and reviewed annually and updated as required. Our independent annual SOC 2 audit report and FedRAMP certification provide details on our ISMS and its relationship with the various standards.

Use this portal to learn about our security and privacy posture and request access to our security documentation.

Compliance

AWS Qualified Software Logo
AWS Qualified Software
CCPA Logo
CCPA
Cyber Essentials Logo
Cyber Essentials
FedRAMP LI-SaaS Logo
FedRAMP LI-SaaS
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
TX-RAMP Logo
TX-RAMP
CSA STAR Logo
CSA STAR
Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Hootsuite is reviewed and trusted by

AllianzAllianz
IKEAIKEA
West Midlands PoliceWest Midlands Police
University of MiamiUniversity of Miami
Bacardi LimitedBacardi Limited
Live NationLive Nation
Meliá Hotels InternationalMeliá Hotels International
BumbleBumble
VITAS HealthcareVITAS Healthcare
World Resources InstituteWorld Resources Institute
InteracInterac
Save the ChildrenSave the Children
eBayeBay
SodexoSodexo

Documents

All
Public
Private
PCI DSS
Pentest Report
SOC 2 Report
SOC 3 Report
Cyber Essentials
ISO 27001
CAIQ
Other Questionnaires
SIG Lite
Cyber Insurance
Privacy FAQS
Information Security Policy
Data Protection Impact Assessment
Hootsuite Architecture Diagram
Hootsuite Data Flow Diagram
Hootsuite TX RAMP Certificate

Risk Profile

Data Access LevelInternal
Impact LevelLow
Recovery Time Objective< 12 Hours
See more

Product Security

Integrations
Multi-Factor Authentication
Role-Based Access Control
See more

Reports

PCI DSS
Pentest Report
SOC 2 Report
See more

Self-Assessments

CAIQ
Other Questionnaires
SIG Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Code Analysis
Credential Management
See more

Legal

Subprocessors
Cyber Insurance
Data Processing Agreement
See more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
BC/DR
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
See more

Network Security

Data Loss Prevention
DNSSEC
Firewall
See more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
See more

Policies

GDPR Statement
Information Security Policy
Modern Slavery Transparency Act Statement
See more

Security Grades

Qualys SSL Labs
Hootsuite.com
A+

Trust Center Updates

California Privacy Rights Act (CPRA) Update

GeneralCopy link

The California Privacy Rights Act (CPRA) will come into effect on January 1, 2023. This amends and enhances the existing privacy law (the California Consumer Privacy Act) and it imposes new requirements on customers handling the personal information of Californian residents. We have prepared an Addendum to help our customers comply with these new requirements, and expanded the scope to include other US state privacy laws that are also coming into effect in 2023. Hootsuite's updated DPA is available here: https://hootsuite.com/legal/data-processing-addendum.

Published at N/A*

2022 OpenSSL 3 Vulnerabilities Update

IncidentsCopy link

As you may be aware, two high severity vulnerabilities were disclosed by the OpenSSL team this week. Hootsuite did a careful review of our platform and IT infrastructure and determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022. We will continue to monitor the situation and will post updates on our Trust Center as necessary. Please contact security.support@hootsuite.com if you have questions.

Published at N/A*

Welcome to the Hootsuite Trust Center

GeneralCopy link

As an organization that is security conscious and values security, we are excited to announce the official launch of the Hootsuite Trust Center. By using this portal, you can request access to our compliance documents, review our standardized questionnaires such as the SIG and gain a general understanding of our security & privacy posture.

Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications for when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.

-Your Hootsuite Security Support Team

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered BySafeBase Logo