Social Pinpoint Security FAQ
Amy Truran avatar
Written by Amy Truran
Updated over a week ago

ℹ️ Our mission is to improve the way people learn about and contribute to the decisions that affect their daily lives..

We know that your mission is as important to you as our mission is to us, and information is at the heart of all our businesses and lives.

We know our customers trust us and why security is our top priority. We're transparent with our security program so you can feel informed and safe using our products and services.

⚠️If you have a specific privacy or security requirement, contact us. We are continually improving our security and can typically accommodate requests.

You can find many of our common security questions asked on this page. Please email data@socialpinpoint.com if there is a particular question that is not answered

How does Social Pinpoint keep our client/community's data & information secure?

We understand your concerns for security as it is a critical element to online engagement. We protect your information by implementing secure hosting which also includes regional hosting for professional and enterprise subscriptions where required. (Such as the US, Canada and Australia).

As such where requested in writing and needed, data is stored in the country required

Privacy

We appreciate our customers’ concerns about privacy – and we understand that these concerns are probably the same concerns we ourselves have when using SaaS-based applications. So, fundamentally, we try to treat your personally identifiable and other sensitive data the same way we would want our service providers to treat our data.

Our approach to privacy is laid out in detail in our Privacy Policy.

Do we comply with Australian/U.S./N.Z./Other privacy policy

We strive to comply where able to our clients country policies. More details are available in our Privacy Policy.

Data Ownership

Social Pinpoint takes data security seriously. At all times any data collected belongs to you (the client). We will never remove any data without giving you a chance to export it.

Data usage & Privacy

We will never mine or access your collected data for advertising purposes. It remains secure at all times.

We only use customer data to provide services; we don’t sell or rent your data to anyone EVER! Only authorized Social Pinpoint personnel have access to your information.

General Social Pinpoint user security

  • Social Pinpoint protects against brute force attacks by locking your account after 5 unsuccessful logins attempts. You would be sent an email with instruction for unlocking the account.

  • User sessions time out after 60 days

Can all relevant data be extracted from Social Pinpoint

Yes, all collected data can be downloaded as a CSV file, other graphical reports can also be easily exported.

How is data transferred to and from Social Pinpoint

All data transferred into Social Pinpoint is via Secure Socket Layers TLS 1.2. Likewise, any access to the website is via the same SSL security so downloading or viewing our site is secure.

As such data transfer in and out of Social Pinpoint is encrypted.

You can view a recent version of our SSL Report Here

How is data encrypted?

  • As above, using SSL data transfer in and out of Social Pinpoint is encrypted. User side data stored in Cookies is encrypted on the users browsers.

  • Data is encrypted both in transit and at rest

Business Continuity and Disaster Recovery

We strive to maintain strong Business Continuity (BC) and Disaster Recovery (DR) capabilities to ensure that the effect on our customers is minimised in the event of any disruptions to our operations.

We take a disciplined governance, risk and compliance approach to managing our DR program.We conduct period testing and strive for continual improvement as part of our DR lifecycle to ensure your data and the use of your data is highly available and performant.

Our systems operate in multiple AWS availability Zones with daily and weekly backups. We have 24x7 monitoring of all our systems and nodes using Site24x7.

In addition to assurance of resiliency through governance, oversight, and testing, We emphasise on continual improvement throughout the DR Program

We publish our service availability status in real-time to ensure you can access your data when you need.

Do you have a Disaster Recovery SLA?

No. We don't commit to specific SLA's. We may from time to time individually negotiate some support SLAs with our enterprise customers but this is on a case by case basis.

We publish our service availability status in real-time to ensure you can access your data when you want.

How is data handled at the end of a subscription or contract?

Access to your data is prevented in the absence of an active subscription or contract. We reserve the right to remove accounts from our systems 60 days after subscription ends and this includes the data. However, in practise we don't do this and accounts are generally available again once a subscription is restated. Removing subscriptions does not remove account data from backups or archived storage areas.

We are able to remove User data on request from our Clients. If you are an end User please direct your request to the Site that you entered your data on. We can help find that for you and help process that request by using our contact details below. Please note, deletion will take place over a period of time equal to our backup retention policies (7-30 days)

Does Social Pinpoint allow clients to audit facilities and security processes?

We provide a transparent approach to our security and welcome feedback and/or improvements in our approach laid out here. We don't provide an audit of our facilities or processes directly but are contactable on our data@socialpinpoint.com email for more details.

What type of logs are maintained and are they available?

Yes, we log all traffic including logins. This information is not passed on to you (client) by default however can be made available at request.

Are there any sub-contracted systems or third parties involved in Social Pinpoint's product

We don't subcontract to 3rd parties to deliver our service. We do use third party software products. Major ones are listed below. We reserve the right to utilise services and we do so in order to provide the best possible experience to our clients.

  • Amazon Web Services (Used to store and manage your data securely)

  • Intercom (Used for support)

  • Hubspot (Used for product updates)

Does the supplier have an incident response procedure?

Yes, we have an internal response procedure that involves our ticketing and alerting systems to handle BC and DR processes. As we continually review and improve these procedures we don't publish them publicly.

If a breach in data occurs will I be notified?

Yes, in the unlikely event of a data breach will will notify you as soon as possible.

What type of secure development process or frameworks are used?

In general, we don't publicly comment on our internal development processes and frameworks. In practise though we follow an Agile methodology with continuous deployment and testing.

Does the vendor have certification, inline with ISO27001 or similar?

Social Pinpoint is an ISO27001/9001 compliant product. A copy of our certification is available upon request by emailing support@socialpinpoint.com.

View our most recent Security Scorecard

We currently hold an A rating and 97 security score as reported by SecurityScorecard.com. You can view our most recent report here.

Did this answer your question?