Login Schedule demo Login Schedule demo Our security program is independently audited and meets the requirements of the regulatory frameworks our customers rely on.
The EveryoneSocial Platform is audited annually against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Our most recent report covers the period May 1, 2024 through April 30, 2025. The full report is available to customers and prospects under NDA through our Trust Center.
We process personal data in accordance with the GDPR. A Data Processing Agreement and EU Standard Contractual Clauses are available to support compliant data transfers.
We meet the requirements of the CCPA for handling personal information of California residents.
Independent penetration tests of the EveryoneSocial Platform are performed at least annually. A summary letter is available to customers under NDA through our Trust Center.
Encryption, access controls, and a SOC 2–audited hosting provider work together to keep customer data secure at every layer.
Customer data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256.
Access to production systems and customer data is restricted to authorized personnel based on role and business need. Access is enforced through SSO, multi-factor authentication, and least-privilege principles, and is logged and reviewed.
The EveryoneSocial Platform is hosted on Amazon Web Services. AWS is a SOC 2–audited subservice organization.
The EveryoneSocial Platform gives administrators the controls they need to align with their identity, access, and compliance programs.
SAML 2.0 — centralized authentication through your identity provider.
Automated user provisioning and de-provisioning from your identity provider.
RBAC aligns permissions with user roles to enforce least privilege.
Blocklist terms, mandatory disclosures, post moderation and approval, social media policy consent, external compliance system logging, and FINRA-compliant record storage and retention. Contact Sales for the full set of compliance and governance features.
The EveryoneSocial Platform is monitored continuously for security and availability events.
We maintain a documented incident response plan with defined roles, escalation paths, and customer notification procedures, tested at least annually.
All employees complete security and privacy training on hire and annually thereafter.
Background checks are performed where permitted by law.
Security policies are reviewed at least annually and acknowledged by personnel.
EveryoneSocial integrates privacy and data protection into the design of our platform and processes. We publish a Privacy Policy, offer a Data Processing Agreement aligned to GDPR, and support Standard Contractual Clauses for international data transfers. A current list of sub-processors is available in our Trust Center.
To report a suspected vulnerability or security issue, please contact security@everyonesocial.com.
Visit the EveryoneSocial Trust Center for our SOC 2 report, sub-processor list, Data Processing Agreement, Standard Contractual Clauses, and penetration test summary.