// Trust & Security Report
Positive Group (Iconosquare)
Analytics-first social media management platform with scheduling, analytics, reporting, team collaboration, social listening, and AI-powered caption generation across Instagram, TikTok, Facebook, LinkedIn, X/Twitter, Pinterest, YouTube, and Threads.
Certifications held
1
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on iconosquare.com“100% EU GDPR compliant; GDPR Gold certification; Implemented user data export/deletion, automatic removal 180 days after subscription ends; Appointed Data Protection Officer; Full compliance achieved May 25, 2018.”
> Show 5 unconfirmed / not-held certifications
source: iconosquare.comNo public evidence found on vendor domain or independent registries
source: iconosquare.comNo public evidence found on Iconosquare domain. Parent company Positive Group holds ISO 27001 for Positive Signitic product, but not confirmed for Iconosquare service.
source: iconosquare.comNo public evidence found; product is not healthcare-specific and no HIPAA mention in documentation
source: iconosquare.comNo public evidence found; not a payment processor or fintech platform
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
AWS infrastructure across multiple countries; vendor claims 100% EU GDPR compliance but does not specify exclusive EU data residency.
Product includes AI-powered caption generation and content idea tools, but no explicit policy statement found regarding training data on customer social media content. No opt-out mechanism documented.
// Security controls
Data Retention
Personal data deleted/anonymized 180 days after subscription ends; Financial data retained 5 years per French law; Blog subscriber data 180 days after last interaction
iconosquare.comData Protection Officer
Appointed; Contact: dpo@wedia-group.com (Note: outdated email references former parent Wedia Group; likely needs update post-Positive acquisition May 2026)
iconosquare.comEncryption in Transit
Implied by GDPR compliance claims and use of AWS infrastructure; specific protocols not publicly detailed
iconosquare.comUser Rights Portal
Data subject access/deletion available via https://agencergpd.fragmos.app/org/tripnity/public/right-requests or dpo@wedia-group.com; 30-day response guarantee
iconosquare.comSubprocessors
Generic mention of 'subsidiaries and controlled companies' and unspecified subcontractors; no detailed subprocessor list provided
iconosquare.com// Products & data scope
data: Customer social media profiles (Instagram, TikTok, Facebook, LinkedIn, X/Twitter, Pinterest, YouTube, Threads); content calendars; audience analytics; engagement data; team collaboration data
Serves 3,000+ customers across 60 countries. Key features: scheduling, analytics, reporting, team workflows, unified inbox, social listening, AI caption generation. Recently acquired by Positive Group (May 2026); ~34 employees.
// What to watch
- Company ownership changed May 2026 (Wedia Group -> Positive Group); DPO email still references old parent, indicating documentation has not been updated
- No dedicated security/trust center page for Iconosquare; parent company Positive Group has trust center but does not detail Iconosquare-specific certifications
- Absence of SOC 2 and ISO 27001 certifications for a SaaS platform handling social media data for 3,000+ customers is notable for enterprise/growth-stage vendor
- GDPR Gold certification from APAVE (French organization) requires verification that this is internationally recognized certification (not a self-declared label)
- AI training data policy undefined: Product includes AI caption generation and content idea tools but no explicit opt-out or data usage policy found
- Subprocessor transparency limited: Generic references to 'subsidiaries and subcontractors' without detailed list or DPA terms
- Data residency claim vague: Vendor states AWS multi-region with GDPR compliance but does not guarantee exclusive EU storage, creating ambiguity for EU-data-required contracts
// At a glance
Pricing model
Subscription (monthly/annual); free tier with 2-week trial; multiple plans (Starter, Business, Excel)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Positive Group (Iconosquare)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
iconosquare.com