// Trust & Security Report
CoSchedule LLC
Marketing calendar and AI content platform (social scheduling, editorial calendar, AI writing assistant)
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 11 unconfirmed / not-held certifications
source: coschedule.comNo public evidence of SOC 2 certification found on any coschedule.com page. No trust center, dedicated security page, or compliance documentation references SOC 2.
source: coschedule.comNo public evidence of ISO 27001 certification found on any coschedule.com page.
source: coschedule.comNo public DPA, GDPR compliance statement, or EU data processing agreement found on coschedule.com. CoSchedule offers a 'GDPR Compliance Generator' as an AI writing tool for customers but makes no public GDPR compliance commitment of its own on any coschedule.com page reviewed.
source: coschedule.comNo mention of HIPAA compliance or BAA availability found on coschedule.com. Third-party healthcare compliance analysis (paubox.com) confirmed: 'We found no information about CoSchedule's willingness to execute a BAA. Therefore, CoSchedule is not HIPAA compliant.' CoSchedule also offers a 'HIPAA Compliance Assessment' as an AI writing tool for customers - this is a content generation product, not a CoSchedule compliance certification.
source: coschedule.comNo public evidence of PCI DSS certification found on any coschedule.com page. CoSchedule offers a 'PCI DSS Compliance Generator' as an AI writing tool for customers - this is a content generation product, not a CoSchedule compliance certification.
source: coschedule.comNo public evidence of ISO 27017 certification found on any coschedule.com page.
source: coschedule.comNo public evidence of ISO 27018 certification found on any coschedule.com page.
source: coschedule.comNo public evidence of ISO 27701 certification found on any coschedule.com page.
source: coschedule.comNo public evidence of ISO/IEC 42001 AI management certification found on any coschedule.com page.
source: coschedule.comNo public evidence of CSA STAR certification or registration found on any coschedule.com page.
source: coschedule.comNo public evidence of FedRAMP authorization found on any coschedule.com page.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
US only. CoSchedule LLC is headquartered at 318 E Broadway, Bismarck, ND 58501. Specific cloud infrastructure provider and region not publicly disclosed.
Hire Mia marketing pages assert 'your proprietary data stays private and secure within your account' and 'The data you share in documents and chats doesn't train ChatGPT's LLM for other users.' This implies CoSchedule routes content through third-party LLMs (e.g., OpenAI) and claims data is not used to train those models. However, this is a marketing claim, not a legally binding privacy policy commitment. The public Terms of Service was last modified 8/11/2016, which predates CoSchedule's AI products entirely - meaning AI data handling has no verifiable legal grounding in the publicly accessible ToS. Whether CoSchedule itself ingests or trains internal models on customer content is not addressed on any public page.
// Security controls
Single Sign-On (SSO)
SAML SSO available on Marketing Suite plan only ('Service Provider Initiated SAML (Security Assertion Markup Language)')
coschedule.comEncryption in transit
HTTPS enforced site-wide (observed in practice; not explicitly documented in vendor security pages)
coschedule.comSecurity and access logs
Security and Access Logs available in Marketing Suite to track all changes inside CoSchedule
coschedule.comRole-based access control
Custom Permissions available on Content Calendar and Marketing Suite plans
coschedule.comTwo-factor authentication (2FA/MFA)
Not publicly documented; SSO via SAML available on Marketing Suite only
coschedule.com// Products & data scope
data: Social media content, credentials for connected social accounts (Facebook, Instagram, X/Twitter, LinkedIn, Pinterest, TikTok, etc.)
Free tier: 1 user, up to 15 scheduled messages. Paid from $19/user/month (annual). Up to 3 seats on paid plan.
data: Multi-client social content and campaign data
$59/user/month (annual). Designed for agencies and freelancers managing multiple client accounts.
data: Marketing projects, tasks, campaigns, and content assets
Targets mid-sized marketing teams. Includes approval workflows, custom fields, and team dashboards. Pricing on request.
data: Full marketing stack: projects, campaigns, digital assets, team workflows
Enterprise tier. Includes SAML SSO, Security & Access Logs, custom permissions, intake request forms. Pricing on request.
data: User-provided brand voice data, documents, and chat inputs; routed through third-party LLMs
Free tier: 25 AI credits/month. Paid from $16/user/month (Creator) to $59/user/month (Business). Claims data isolation from LLM training but no legally binding privacy policy commitment found. Business plan adds dedicated account manager and advanced brand training modules.
data: Headlines and content metadata submitted for analysis
Available as standalone tool. AI-powered headline scoring with SEO feedback.
data: User enrollment and course progress data
On-demand marketing course library. Separate from calendar and AI tools.
// What to watch
- No public security certifications found: SOC 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001, HIPAA, PCI DSS, CSA STAR, FedRAMP - none are evidenced on coschedule.com
- Not HIPAA compliant: no BAA available per independent third-party healthcare compliance analysis (paubox.com); confirmed by absence of any BAA or HIPAA language on coschedule.com
- CRITICAL CONFUSION RISK: CoSchedule sells AI generators for GDPR, HIPAA, SOC, PCI DSS, and FINRA compliance documents as content tools for customers. These are AI writing products, NOT CoSchedule's own compliance certifications. Directory listings must clearly distinguish these.
- Terms of Service last modified 8/11/2016 - predates all CoSchedule AI products by approximately 7 years. AI data handling, GDPR, and modern privacy obligations have no legally verifiable footing in the public ToS.
- No public Data Processing Agreement (DPA) available. EU and EEA customers cannot confirm a GDPR-compliant processor relationship without requesting documentation directly.
- AI training posture for Hire Mia relies on marketing-page claims only ('your proprietary data stays private and secure within your account'). No binding legal commitment found in a current privacy policy.
- No dedicated trust center or public security documentation portal
- Privacy policy is embedded within the general terms page (coschedule.com/terms) without a standalone URL; full text content was not fully accessible during live verification
- Company is approximately 49 employees and $10M ARR (2024 data) - SMB-scale vendor with no publicly evidenced enterprise compliance program
- No information publicly available on penetration testing cadence, bug bounty program, or vulnerability disclosure policy
- No mention of 2FA/MFA for standard accounts; SSO limited to enterprise Marketing Suite tier
// At a glance
Pricing model
Freemium plus per-seat SaaS subscription. Free tier available for Social Calendar. Paid plans from $16/user/month (Hire Mia Creator) and $19/user/month (Social Calendar). Enterprise (Content Calendar, Marketing Suite) pricing on request.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on CoSchedule LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
coschedule.com