Transparency is key to developing trust with our customers in our brand and products. Our Trust Center provides comprehensive information regarding Sprout Social’s security and privacy posture as well as practices related to accessibility and compliance.
As a cloud service provider, Sprout Social understands the importance of keeping data secure and incorporates world-class, enterprise-grade security standards to do so. Sprout Social’s Security page offers details on our company-wide technical and organizational security measures.
Sprout Social is committed to protecting the privacy rights of individuals who use our products and services. Sprout Social’s Privacy page includes everything that you need to know about our compliance with privacy and data protection standards.
Diversity, Equity and Inclusion is a core tenet of Sprout Social’s workforce, and accessibility is key to maintaining equity for people of all abilities. Sprout Social’s Accessibility page outlines the steps that we take to make our products and services accessible to all.
Sprout Social maintains the following certifications, attestations, and reports to verify its compliance with industry frameworks and applicable laws and regulations. Customers can view additional compliance documentation inSprout Social’s Customer Trust Portal.
SOC 2 Type 2
Sprout Social regularly completes a SOC 2 Type 2 audit by a qualified, third-party auditor to examine our information systems relevant to security in accordance with theAICPA’s Statement on Standard for Attestation Engagements No. 18 (SSAE 18).
Sprout Social aligns its security program, in part, with the Cloud Controls Matrix framework offered by the Cloud Security Alliance (CSA). Sprout Social has completed a Level 1 assessment through the CSA’s Security Trust Assurance and Risk (STAR) registry.
Payment Card Industry (PCI)
Sprout Social is PCI DSS compliant through a PCI SAQ A self-assessment. Sprout Social entirely outsources its processing of cardholder data to third-party payment processors who are approved by PCI and compliant to PCI DSS Level 1.
Sprout Social holds a whole company Cyber Essentials certification. Backed by the United Kingdom government and industry-supported, the Cyber Essentials scheme assesses an organization’s security controls against common cyber threats. As a certified organization, Sprout Social is eligible to bid on UK Government contracts involving the handling of certain sensitive and personal information.
GDPR and CCPA/CPRA
Sprout Social aligns its privacy program with the General Data Protection Regulation (GDPR) of the European Union and United Kingdom, and the California Consumer Privacy Act (CCPA), , as further amended by the California Privacy Rights Act (CPRA).