We recognize that your data is one of your most valuable assets. When you use our services and entrust us with your data, we are committed to protecting it and only using it to provide the services.
Hootsuite has incorporated privacy and security practices across our organization to demonstrate our commitment to managing your data in a responsible manner. Below we have highlighted some key elements of this program.
Hootsuite offers a suite of social media management tools which brings together all of your social media accounts for easy access and management through a single online portal. Through this portal, you can manage your social media, marketing and advertising campaigns; engage your audiences; schedule and publish messages; and analyze the results of these activities to demonstrate the value of social to your team members.
When you link your social media accounts to Hootsuite, you are in control of the data that is shared with us. You can decide which social media accounts to link to your Hootsuite account and also which third-party applications to link to your account and customize your Hootsuite experience.
The personal information that we collect from you falls into two broad categories: Account Data and Content. Account Data consists of personal information that we collect from you and your devices to help you access our services (for example, the name and email address you provide when you sign up for our services).
Content refers to the data which you upload, download, or view on our services. In order to use our services, you will decide which social media accounts you wish to link to your Hootsuite account.
Hootsuite is a global organization headquartered in Canada. We provide services, such as sales and customer support, to you from our headquarters but also from our other global offices.
By its nature, social data can be shared with people around the globe. The social networks and third-party apps that you choose to integrate with our services, will collect, store and process your data from various locations around the world.
At Hootsuite, we host your content on Amazon Web Services’ (AWS) highly secure and reliable data centres in the United States. Information about Amazon’s compliance and security controls can be found on Amazon's website.
We also use other third-party service providers (such as card processors, and CRM systems) to help us operate our services. These third party providers may process, or store, personal information on servers around the world.
At Hootsuite, only designated employees are granted access to your data. For example, our Customer Support team may need access to your data when working with you to resolve a service ticket. Our development and maintenance teams may access your data to resolve performance and other related issues. Access to the systems that store your data is tracked using system logs, and is protected using various technology, such as multi-factor authentication.
Our service providers
We also use third party providers to help us provide the services to you. If those providers receive access to your data, they will undergo a security and privacy review to ensure they meet adequate data handling practices. We also ensure they are bound by a data protection agreement that requires them to adopt adequate security safeguards, including having the appropriate access controls in place to protect your data.
The social networks and third-party apps
Hootsuite has dedicated Security, GRC and Privacy teams that are responsible for developing and overseeing the privacy and security policies and practices of our organization. Hootsuite continuously seeks to enhance its privacy culture and all employees undergo privacy and security training so they are aware of the importance of protecting your data.
Our security controls are independently tested and audited by an international accounting firm on an annual basis, under a SOC 2 Type II audit. We also use a layered approach to protect your data. This includes implementing industry standard encryption protocols, strong firewalls, and logging and monitoring of unauthorized intrusions of its systems. Please visit our Best Practices for more information.
Hootsuite has a dedicated privacy team who has the responsibility of ensuring that Hootsuite is managing and processing personal information in compliance with applicable law. They monitor the privacy landscape to adjust company practices to comply with privacy best practices, but also with legislation such as Canadian PIPEDA and the EU GDPR.
As a Canadian company, Hootsuite is already subject to data protection legislation that provides for similar standards as existing European laws. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
As a company with millions of users in Europe, Hootsuite is well aware of the need to provide its users with services and solutions that will help them meet the EU’s new data protection requirements. We appreciate that the GDPR requires our users, as data controllers, to engage data processors that deploy appropriate safeguards. We fully appreciate and recognize the importance of GDPR to our users in the delivery of our services to them.
Below is a list of materials to help you understand how the GDPR applies to Hootsuite and your use of our services.
Subprocessors of Content