// Trust & Security Report

    Positive Group (Iconosquare) logo

    Positive Group (Iconosquare)

    Analytics-first social media management platform with scheduling, analytics, reporting, team collaboration, social listening, and AI-powered caption generation across Instagram, TikTok, Facebook, LinkedIn, X/Twitter, Pinterest, YouTube, and Threads.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    100% EU GDPR compliant; GDPR Gold certification; Implemented user data export/deletion, automatic removal 180 days after subscription ends; Appointed Data Protection Officer; Full compliance achieved May 25, 2018.

    Verify on iconosquare.com
    > Show 5 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    No public evidence found on vendor domain or independent registries

    source: iconosquare.com
    ISO 27001
    NOT CONFIRMED

    No public evidence found on Iconosquare domain. Parent company Positive Group holds ISO 27001 for Positive Signitic product, but not confirmed for Iconosquare service.

    source: iconosquare.com
    HIPAA
    NOT CONFIRMED

    No public evidence found; product is not healthcare-specific and no HIPAA mention in documentation

    source: iconosquare.com
    PCI DSS
    NOT CONFIRMED

    No public evidence found; not a payment processor or fintech platform

    source: iconosquare.com
    ISO 27017/27018/27701
    NOT CONFIRMED

    No public evidence found on vendor domain

    source: iconosquare.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    AWS infrastructure across multiple countries; vendor claims 100% EU GDPR compliance but does not specify exclusive EU data residency.

    Product includes AI-powered caption generation and content idea tools, but no explicit policy statement found regarding training data on customer social media content. No opt-out mechanism documented.

    // Security controls

    Data Retention

    Personal data deleted/anonymized 180 days after subscription ends; Financial data retained 5 years per French law; Blog subscriber data 180 days after last interaction

    iconosquare.com

    Data Protection Officer

    Appointed; Contact: dpo@wedia-group.com (Note: outdated email references former parent Wedia Group; likely needs update post-Positive acquisition May 2026)

    iconosquare.com

    Encryption in Transit

    Implied by GDPR compliance claims and use of AWS infrastructure; specific protocols not publicly detailed

    iconosquare.com

    User Rights Portal

    Data subject access/deletion available via https://agencergpd.fragmos.app/org/tripnity/public/right-requests or dpo@wedia-group.com; 30-day response guarantee

    iconosquare.com

    Subprocessors

    Generic mention of 'subsidiaries and controlled companies' and unspecified subcontractors; no detailed subprocessor list provided

    iconosquare.com

    // Products & data scope

    Iconosquare Core PlatformSocial Media Management & Analytics

    data: Customer social media profiles (Instagram, TikTok, Facebook, LinkedIn, X/Twitter, Pinterest, YouTube, Threads); content calendars; audience analytics; engagement data; team collaboration data

    Serves 3,000+ customers across 60 countries. Key features: scheduling, analytics, reporting, team workflows, unified inbox, social listening, AI caption generation. Recently acquired by Positive Group (May 2026); ~34 employees.

    // What to watch

    • Company ownership changed May 2026 (Wedia Group -> Positive Group); DPO email still references old parent, indicating documentation has not been updated
    • No dedicated security/trust center page for Iconosquare; parent company Positive Group has trust center but does not detail Iconosquare-specific certifications
    • Absence of SOC 2 and ISO 27001 certifications for a SaaS platform handling social media data for 3,000+ customers is notable for enterprise/growth-stage vendor
    • GDPR Gold certification from APAVE (French organization) requires verification that this is internationally recognized certification (not a self-declared label)
    • AI training data policy undefined: Product includes AI caption generation and content idea tools but no explicit opt-out or data usage policy found
    • Subprocessor transparency limited: Generic references to 'subsidiaries and subcontractors' without detailed list or DPA terms
    • Data residency claim vague: Vendor states AWS multi-region with GDPR compliance but does not guarantee exclusive EU storage, creating ambiguity for EU-data-required contracts

    // At a glance

    Pricing model

    Subscription (monthly/annual); free tier with 2-week trial; multiple plans (Starter, Business, Excel)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Positive Group (Iconosquare)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    iconosquare.com

    > Browse all vendor trust reports