Transparency is key to developing trust with our customers in our brand and products. Our Trust Center provides comprehensive information regarding Sprout Social’s security and privacy posture as well as practices related to accessibility and compliance.
As a cloud service provider, Sprout Social understands the importance of keeping data secure and incorporates world-class, enterprise-grade security standards to do so. Sprout Social’s Security page offers details on our company-wide technical and organizational security measures.
Sprout Social is committed to protecting the privacy rights of individuals who use our products and services. Sprout Social’s Privacy page includes everything that you need to know about our compliance with privacy and data protection standards.
Diversity, Equity and Inclusion is a core tenet of Sprout Social’s workforce, and accessibility is key to maintaining equity for people of all abilities. Sprout Social’s Accessibility page outlines the steps that we take to make our products and services accessible to all.
Sprout Social maintains the following certifications, attestations, and reports to verify its compliance with industry frameworks and applicable laws and regulations. Customers can view additional compliance documentation in Sprout Social’s Customer Trust Portal.
SOC 2 Type 2
Sprout Social regularly completes a SOC 2 Type 2 audit by a qualified, third-party auditor to examine our information systems relevant to security in accordance with the AICPA’s Statement on Standard for Attestation Engagements No. 18 (SSAE 18).
Sprout Social maintains an Information Security Management System (ISMS) that is independently audited and certified to the ISO/IEC 27001:2013 standard. Certification to this internationally recognized security standard demonstrates Sprout Social's commitment to managing our customers' data securely and safely.
Sprout Social maintains a Privacy Information Management System (PIMS) that is independently audited and certified to the ISO/IEC 27701:2019 standard. By certifying our operations to this internationally recognized privacy standard, Sprout Social reinforces our commitment to protecting the personally identifiable information that we process.
GDPR and CCPA/CPRA
Sprout Social aligns its privacy program with the General Data Protection Regulation (GDPR) of the European Union and United Kingdom, and the California Consumer Privacy Act (CCPA), as further amended by the California Privacy Rights Act (CPRA).
Sprout Social aligns its security program, in part, with the Cloud Controls Matrix framework offered by the Cloud Security Alliance (CSA). Sprout Social has completed a Level 1 assessment through the CSA’s Security Trust Assurance and Risk (STAR) registry.
Payment Card Industry (PCI)
Sprout Social is PCI DSS compliant through a PCI SAQ A self-assessment. Sprout Social entirely outsources its processing of cardholder data to third-party payment processors who are approved by PCI and compliant to PCI DSS Level 1.