// Trust & Security Report

    FLICK.TECH LTD logo

    FLICK.TECH LTD

    All-in-one social media marketing platform (Iris AI Assistant, hashtag tools, post scheduler, analytics) for Instagram, Facebook, TikTok, and LinkedIn with AI-powered content creation and strategy features.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 6 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    No mention found in privacy policy, terms of service, help center, or public documentation

    source: flick.social
    ISO 27001
    NOT CONFIRMED

    No mention found in privacy policy, terms of service, help center, or public documentation

    source: flick.social
    ISO 27701 (Privacy)
    NOT CONFIRMED

    No mention found in privacy policy, terms of service, help center, or public documentation

    source: flick.social
    GDPR Compliance
    NOT CONFIRMED

    No public evidence of an affirmative GDPR compliance commitment or certification. The privacy policy references the GDPR only inside a definitions clause ('Data Protection Laws: any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws...'), not as a standalone compliance statement. As a UK-registered company Flick is subject to UK GDPR by operation of law, but no explicit vendor commitment or third-party audit is published.

    source: flick.social
    HIPAA
    NOT CONFIRMED

    No mention found in privacy policy, terms of service, or public documentation. Not applicable to social media marketing platform use cases.

    source: flick.social
    PCI DSS
    NOT CONFIRMED

    No mention found. Company explicitly states all payments handled by third-party processor Stripe.

    source: flick.social

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Unknown - privacy policy references 'secure servers' but does not specify geographic location or data residency. Company registered in England (UK) but no confirmation of UK/EU data processing.

    No disclosure found regarding whether Iris AI assistant uses customer data, user-generated content, or customer social media posts for model training. Privacy policy does not address AI training practices. This is a material gap given the product prominently features AI capabilities.

    // Security controls

    Data Storage

    Stored on secure servers

    flick.social

    Access Control

    Controlled via Facebook Social Login

    flick.social

    Payment Processing

    Third-party processor (Stripe) - Flick does not collect payment information

    flick.social

    Incident Response

    Technical and organizational measures for suspected data breach detection; users must report to support immediately

    flick.social

    Encryption in Transit/At Rest

    Not specified - no disclosure of encryption protocols or standards

    flick.social

    Third-Party Processors

    Data shared with Facebook, Google, FullStory, Amplitude, Viral Loops; each processor governed by own privacy policy

    flick.social

    API Security

    Uses official Instagram/Meta API for publishing and analytics; official Meta partner; does not request Instagram password

    flick.social

    Operational Monitoring

    Status page at https://status.flick.social/ shows real-time service status; as of 2026-07-06 some services marked as 'not monitored'

    status.flick.social

    // Products & data scope

    Iris AI Social Media AssistantAI Content Creation & Strategy

    data: User social media accounts, content calendars, brand voice; extent of model training on user data unknown

    Automates strategy, content ideation, copy writing, and visual generation. Requires user approval before posting. No disclosure of training data sources or model update frequency.

    Hashtag ToolsResearch & Analytics

    data: Hashtag performance data, user search behavior

    Supports 20+ languages. Provides banned hashtag checker, hashtag tracking, and performance analytics.

    Post SchedulerContent Management

    data: User content calendar, scheduled posts, platform credentials

    Visual drag-and-drop calendar. Supports Instagram, Facebook, TikTok, LinkedIn.

    Analytics & ReportingAnalytics

    data: Social media metrics, account performance data from Meta/platform APIs

    Provides Instagram analytics reports, feed planning, and performance tracking.

    // What to watch

    • AI training transparency gap: No disclosure about whether Iris uses customer data, user-generated content, or customer social media posts for training or model updates. This is critical for an AI-primary product.
    • No enterprise security certifications: Lacks SOC 2, ISO 27001, ISO 27701, or equivalent third-party security audits despite handling user social media credentials.
    • No affirmative GDPR compliance statement: Privacy policy references the GDPR only in a definitions clause; no explicit compliance commitment, no published DPA, and no Standard Contractual Clauses found for customers requiring GDPR compliance.
    • Data residency undisclosed: Privacy policy does not specify geographic location of data storage or processing regions. Registered in UK but no confirmation of UK/EU data location.
    • Encryption details absent: Security policy does not specify encryption standards, protocols (TLS version, cipher suites), or key management practices.
    • Third-party data sharing: Data shared with Facebook, Google, FullStory, Amplitude, and Viral Loops without detailed processor agreements published.
    • Limited incident response disclosure: No published incident response plan, breach notification SLA, or security incident history available.
    • No trust center: Company does not maintain a dedicated trust center, security documentation, or compliance resource page.

    // At a glance

    Pricing model

    Freemium (7-day free trial) + paid tiers; monthly or annual billing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on FLICK.TECH LTD's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    flick.social

    > Browse all vendor trust reports