Skip to main content
Compliance

How Does Social9 Meet
Regulatory Requirements?

Social9 is built for enterprises that operate in regulated industries and across international borders. We maintain compliance with major data protection regulations so your team can focus on growth, not paperwork.

Compliance Frameworks We Follow

Our compliance program covers the regulations and standards that matter most to enterprise organizations worldwide.

European Union

GDPR Compliance

Social9 fully complies with the EU General Data Protection Regulation (GDPR). We provide the tools, processes, and legal frameworks your organization needs to meet GDPR requirements when using our platform.

  • Lawful basis for processing (consent-based and legitimate interest)
  • Data Processing Agreement (DPA) available for all enterprise accounts
  • Right to access, rectify, and delete personal data
  • Data portability — export your data in standard formats
  • Privacy by design embedded in product development
  • Data Protection Impact Assessments (DPIA) conducted regularly
  • EU-based data residency option for European customers
  • Appointed Data Protection Officer (DPO)
California, United States

CCPA Compliance

Social9 complies with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). California residents have full control over their personal information collected by our platform.

  • Right to know what personal information is collected
  • Right to delete personal information on request
  • Right to opt-out of data selling (we never sell data)
  • Right to non-discrimination for exercising privacy rights
  • Transparent data collection and usage disclosures
  • Annual privacy practice reviews and updates
Global

SOC 2 Type II

Social9 has achieved SOC 2 Type II certification, demonstrating that our security controls have been independently audited and verified to meet the Trust Services Criteria over an extended period.

  • Independent third-party audit of security controls
  • Continuous monitoring of control effectiveness
  • Trust Services Criteria: Security, Availability, Confidentiality
  • Annual re-certification with gap assessments
  • Audit reports available to enterprise customers under NDA
  • Remediation tracking for any identified findings
Global

Industry Standards

Beyond specific regulations, Social9 aligns with internationally recognized security and privacy frameworks to ensure best-in-class data protection across all operations.

  • ISO 27001 aligned information security management
  • OWASP Top 10 secure development practices
  • NIST Cybersecurity Framework alignment
  • Regular third-party penetration testing
  • Vendor risk management program for sub-processors
  • Employee security awareness training program

Your Data Rights

Regardless of where you are located, Social9 respects your rights over your personal data. Here are the rights you can exercise at any time.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete personal data.

Right to Erasure

Request permanent deletion of your personal data.

Right to Portability

Export your data in a machine-readable format.

Right to Restriction

Limit how we process your personal data.

Right to Objection

Object to processing based on legitimate interest.

Sub-Processor List

We maintain a transparent list of all third-party sub-processors that handle personal data on our behalf. Enterprise customers can request the full sub-processor list and receive notifications of any changes.

Request sub-processor list

Data Processing Agreement

Need a DPA for your organization? We offer a pre-signed Data Processing Agreement that meets GDPR Article 28 requirements. Available for all Pro and Premium plan customers.

Request a DPA

Have Compliance Questions?

Our compliance team is here to help. Reach out for audit reports, DPAs, or any questions about our data protection practices.

Contact Compliance Team