Your message has been successfully sent. Thank you.

Infrastructure

Hootsuite utilizes both cloud and physical servers in our infrastructure. Our cloud is provisioned by a well-known top tier provider. Our physical servers are located in Tier-4 datacenters with full power, cooling, and network redundancy.

Security

We value your data, and we work hard to protect it. We store it on multiple hosts in multiple locations and back it up regularly, as often as four times per day per datastore. Data stored on our physical servers is protected by biometric locks, multiple layers of access security, and 24x7 interior and exterior surveillance.

Host Security

Only our Engineering team has access to our production environment. SSH keys or Kerberos tokens are required for console access to servers in all of our environments. We have automated processes in place that monitor each host for unauthorized login attempts, and offending IP addresses are automatically blacklisted and alerted.

Data Rights

Hootsuite Media Inc. uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run Hootsuite. Although Hootsuite Media Inc. owns the code, databases, and all rights to the Hootsuite application, you retain all rights to your data.

Data Protection

In 2016 the European Commission approved and adopted a new framework for European data protection law called the General Data Protection Regulation (GDPR). The GDPR requirements will become effective on May 25, 2018 and will affect all companies who process personal data of individuals in the EU.

More information on the General Data Protection Regulation (GDPR).


How to Contact Hootsuite about Security Questions

Twitter: @Hootsuite_Help
Web: http://hootsuite.com/help

We take security very seriously at Hootsuite, and have an Information Security Bug Bounty program geared towards the identification and remediation of security issues. At this point, we do not offer monetary compensation for findings due to Hootsuite company policy, but we do offer other rewards.

  • For critical findings, we offer a Hootsuite branded Herschel Retreat 15” Computer Backpack and a Hootsuite branded Unisex Full-Zip Hooded Sweater
  • For high severity findings, we offer a Hootsuite branded Herschel Retreat 15” Computer Backpack.
  • For medium severity findings, we offer a Hootsuite branded Unisex Full-Zip Hooded Sweater
  • If your finding is of medium, high, or critical severity we offer to include your name in our Hall of Fame (see below for our current list).
  • We do not offer rewards for low severity issues.

If you are interested in submitting your findings for review, please email hootsec@hootsuite.com. Please note that, upon your submission, it might take up to 5 business days to triage and identify the right severity for the issue. If Hootsuite is already aware of the issue, we do not offer any reward for the finding.

How to Report a Security Incident

To report an incident of suspected abuse, misuse, or a security issue you have discovered please see our Security Response page. For incidents that affect a single account, please contact Hootsuite Help.

Thank You

We respect the effort and skill that goes into finding and disclosing security flaws. We are grateful for the generosity and support of the following individuals and organizations: