About
SocialGrow aims to help businesses of all sizes become better marketers, create stronger relationships with their customers, be more informed decision-makers, and create the world’s most beloved brands.
SocialGrow maintains organizational and technical measures to protect the information you provide to us from loss, misuse, and unauthorized access or disclosure. These measures take into account the sensitivity of the information SocialGrow collects, processes and stores; the current state of technology, the costs of implementation, and the nature, scope, context, and purposes of the data processing SocialGrow engages in.
GDPR Compliance
The EU’s General Data Protection Regulations (GDPR) take effect on May 25, 2018, and we are fully behind the spirit of these regulations for a safe and secure Internet. We aspire to embrace privacy by design and, whenever possible, to not collect and store personally identifiable information.
Our Privacy Policy contains mentions of the few instances where personally-identifiable information is required. Typically this will include an email address in order to log in to SocialGrow or a social network username in order to manage your account.
Overall, we aim for privacy by default: if data collection is not integral to the way our product works, then we won’t collect it. This approach has felt very much in line with the spirit of GDPR.
We commit to displaying a list of all current sub-processors in use by SocialGrow. A sub-processor includes any third party that we share personally identifiable info with.
Here is that list:
- AWS
- Stripe
- Facebook Pixel
- Twitter Ads
At any time, you may request your information to be exported and sent to you for review, and we promptly honor any requests by you to have your information deleted and forgotten. Mail us with your requests at [email protected]
Confidentiality
SocialGrow maintains appropriate controls to restrict its employees’ access to the Customer Content that you and your Authorized Users make available via the SocialGrow Services, and to prevent access to Customer Content by anyone who should not have access to it.
All of SocialGrow’s employees are bound by SocialGrow policies regarding the confidential treatment of Customer Content.
SocialGrow employees receive security training during onboarding and on an ongoing basis. Employees are required to read and sign information security policies covering the confidentiality, integrity, availability, and resilience of the systems and services SocialGrow uses in the delivery of the SocialGrow Services. Where applicable, including for particularly sensitive positions, SocialGrow also conducts criminal background checks on employees before employment.
Application Security
SocialGrow ‘s developers are given annual training on secure coding. All application code is written by SocialGrow employees, and each change undergoes peer review. Security vulnerabilities are promptly triaged and corrected.
Data Encryption
The SocialGrow Services support the latest industry-standard secure cipher suites and protocols to encrypt all traffic in transit.
Customer Content is also encrypted at rest, where appropriate and having regard to the nature of the content and associated risks. Almost all of the information SocialGrow processes is already publicly available elsewhere and so there are no associated privacy risks.
SocialGrow monitors the changing cryptographic landscape closely and makes commercially reasonable efforts to upgrade the SocialGrow Services to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve.
Third-party penetration testing
SocialGrow contracts with multiple penetration testing vendors to conduct several tests per year.
PCI DSS
At no point does SocialGrow store, transmit, or process your debit/ credit card information. SocialGrow simply stores anonymous tokens that identify the applicable processed transactions.
Product Security Features
Secure Credential Storage Account passwords are salted and hashed using the latest strong algorithms and approaches, which are routinely audited. No human, our staff included, can ever view them. If you lose your password, it can’t be recovered and must be reset.
Brute-force Protections
In addition to computationally challenging hashing, our authentication services implement additional rate-limiting protections and ReCAPTCHA.
Approval Workflows
Account Owners and Administrators may restrict certain activities behind approval workflows. These allow for tasks to be divided amongst a team, with the peace of mind that central decision makers may review and control public-facing actions.
Access Permissions
Account Owners and Administrators may restrict access to profiles, features, actions (including read and write), and other data, by applying granular controls to users on their account.
Email Signing
SocialGrow implements Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to ensure emails we send are authenticated as coming from SocialGrow, helping to prevent spoofing and ensure authenticity.