We recognize that your data is one of your most valuable assets. When you use our services and entrust us with your data, we are committed to protecting it and only using it to provide the services.

Hootsuite has incorporated privacy and security practices across our organization to demonstrate our commitment to managing your data in a responsible manner. Below we have highlighted some key elements of this program.

  • Our Services - You are in control of the services that you subscribe to.
  • What we collect from you - We collect data that is necessary to provide the services and the content you choose to upload, download, or view when you use our services.
  • Know where your data is located -  Social data comes from and flows to people and organizations all over the world. However, when using our services, your data is housed in secure data centres in the United States.
  • Understand who can access your data - We have implemented strong measures to protect your data from inappropriate access.
  • How we protect your data - Hootsuite has implemented industry standard security safeguards to protect your data.
  • Understand how long we retain your data - We retain your data for limited business and legal purposes to provide the services to you.
  • Privacy Legislation - Hootsuite complies with applicable international privacy laws such as the European Union General Data Protection Regulation (GDPR).

Our Services

Hootsuite offers a suite of social media management tools which brings together all of your social media accounts for easy access and management through a single online portal. Through this portal, you can manage your social media, marketing and advertising campaigns; engage your audiences; schedule and publish messages; and analyze the results of these activities to demonstrate the value of social to your team members.

When you link your social media accounts to Hootsuite, you are in control of the data that is shared with us. You can decide which social media accounts to link to your Hootsuite account and also which third-party applications to link to your account and customize your Hootsuite experience.

Privacy Regulations And Legislation

What We Collect From You

The personal information that we collect from you falls into two broad categories: Account Data and Content. Account Data consists of personal information that we collect from you and your devices to help you access our services (for example, the name and email address you provide when you sign up for our services).

Content refers to the data which you upload, download, or view on our services. In order to use our services, you will decide which social media accounts you wish to link to your Hootsuite account.

Our Privacy Policy provides more information about how we collect, use and share Account Data and Content.

Where Your Data Is Located

Where Your Data is Located

Hootsuite is a global organization headquartered in Canada. We provide services, such as sales and customer support, to you from our headquarters but also from our other global offices.

By its nature, social data can be shared with people around the globe. The social networks and third-party apps that you choose to integrate with our services, will collect, store and process your data from various locations around the world.

At Hootsuite, we host your content on Amazon Web Services’ (AWS) highly secure and reliable data centres in the United States. Information about Amazon’s compliance and security controls can be found on Amazon's website.  

We also use other third-party service providers (such as card processors, and CRM systems) to help us operate our services. These third party providers may process, or store, personal information on servers around the world.

For more information regarding Hootsuite and international transfers, please review our Privacy Policy.

Who Can Access Your Data

Hootsuite employees

At Hootsuite, only designated employees are granted access to your data.  For example, our Customer Support team may need access to your data when working with you to resolve a service ticket.  Our development and maintenance teams may access your data to resolve performance and other related issues. Access to the systems that store your data is tracked using system logs, and is protected using various technology, such as multi-factor authentication.

Our service providers

We also use third party providers to help us provide the services to you. If those providers receive access to your data, they will undergo a security and privacy review to ensure they meet adequate data handling practices. We also ensure they are bound by a data protection agreement that requires them to adopt adequate security safeguards, including having the appropriate access controls in place to protect your data.

The social networks and third-party apps

Our services enables you to access an ecosystem where you can choose to connect your Hootsuite account with various social networks, and third-party apps. Remember that once you choose to connect your account to these providers, you also agree to share your data with them. At that point, Hootsuite is no longer responsible for that data and the third party’s terms of service and privacy policy will apply. For example, if you export content from Hootsuite to Google Drive, Google Drive’s terms of service and privacy policy will apply to that content. We encourage you to carefully review the terms and privacy policies of these third parties before connecting them to your account.

How We Protect Your Data

How We Protect Your Data

Hootsuite has dedicated Security, GRC and Privacy teams that are responsible for developing and overseeing the privacy and security policies and practices of our organization. Hootsuite continuously seeks to enhance its privacy culture and all employees undergo privacy and security training so they are aware of the importance of protecting your data.

Our security controls are independently tested and audited by an international accounting firm on an annual basis, under a SOC 2 Type II audit. We also use a layered approach to protect your data. This includes implementing industry standard encryption protocols, strong firewalls, and logging and monitoring of unauthorized intrusions of its systems. Please visit our Best Practices for more information.

How Long We Keep Your Data

How Long We Keep Your Data

Hootsuite retains your data for as long as it is necessary to provide the services and to comply with our legal obligations, resolve disputes or enforce our agreement with you. For more information please review our Privacy Policy.

Privacy Legislation

Hootsuite has a dedicated privacy team who has the responsibility of ensuring that Hootsuite is managing and processing personal information in compliance with applicable law. They monitor the privacy landscape to adjust company practices to comply with privacy best practices, but also with legislation such as Canadian PIPEDA and the EU GDPR.

Please see the following link for more information. You can also review our Privacy Policy  for more details on how we use, collect and share your personal information.

Hootsuite and the GDPR

As a Canadian company, Hootsuite is already subject to data protection legislation that provides for similar standards as existing European laws. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal information, as confirmed by the European Commission in Commission Decision 2002/2/EC.

As a company with millions of users in Europe, Hootsuite is well aware of the need to provide its users with services and solutions that will help them meet the EU’s new data protection requirements. We appreciate that the GDPR requires our users, as data controllers, to engage data processors that deploy appropriate safeguards. We fully appreciate and recognize the importance of GDPR to our users in the delivery of our services to them.

The GDPR distinguishes between organisations that are “data controllers” and those that are “data processors”. As explained in our Privacy Policy, Hootsuite is a data processor of content generated, requested or published via its supported social networks. As such, Hootsuite only processes content in accordance with the instructions our users give us through our services. Because our users control how their content is collected and used by them, our users are, in legal terms, the data controllers of the content that they process through our platform. Hootsuite is its users’ data processor of that content.

Below is a list of materials to help you understand how the GDPR applies to Hootsuite and your use of our services.

Privacy Policy

https://hootsuite.com/legal/privacy

GDPR

https://hootsuite.com/legal/general-data-protection-regulation

Subprocessors of Content

https://hootsuite.com/legal/subprocessor-list