// Trust & Security Report
Missinglettr Ltd. (1357356 B.C. LTD.)
Social Media Marketing Automation
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on missinglettr.com“Missinglettr Ltd. is committed to protecting personal data and complying with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) where it applies.”
Verify on missinglettr.com“We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, in accordance with applicable Canadian privacy laws, including PIPEDA and British Columbia's PIPA.”
> Show 4 unconfirmed / not-held certifications
source: missinglettr.comWe do not store credit card information; payment data is securely handled by Stripe (PCI DSS Level 1 certified).
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Canada primary; also United States and other jurisdictions where Google Cloud Platform operates
No explicit policy on AI model training found. The privacy policy states aggregated and de-identified data 'may be shared, licensed, or sold to third parties' for analytics, research, and product development. The platform uses AI to generate social media posts from blog content, but neither the privacy policy nor security page addresses whether user content is used to train underlying AI models. No dedicated AI data-use policy exists.
// Security controls
Cloud Infrastructure
Google Cloud Platform (GCP); data stored in secure Google Cloud data centres
missinglettr.comPassword Storage
Passwords are securely hashed and salted; never stored in plain text
missinglettr.comAccess Controls
Principle of least privilege; production access limited primarily to engineering team; industry-standard authentication; access regularly reviewed
missinglettr.comPayment Security
No credit card data stored; payments handled by Stripe (PCI DSS Level 1 certified)
missinglettr.comBug Bounty Program
None identified. Security reports directed to security@missinglettr.com with acknowledgment typically within 1 business day
missinglettr.comSecurity Incident Disclosure
Will notify affected users and/or regulators of data breaches where required by applicable law
missinglettr.comData Retention
General 2-year retention period; longer where contractually required or for litigation/disaster recovery; deletion supervised by Records Management Officer
missinglettr.comGDPR International Transfer Mechanism
Standard Contractual Clauses (SCCs) for EEA data transfers
missinglettr.com// Products & data scope
data: 1 workspace, 1 extra user, 3 social profiles; blog content ingested to generate AI social posts; individual creator use case
Individual tier; same privacy policy and security posture as all plans
data: 3 workspaces, 10 social profiles, team collaboration; blog and content data processed by AI for post generation
Most popular plan; team collaboration enabled
data: 25 social profiles, 10,000 scheduled posts, whitelabeled interface, custom domain; manages multiple clients' content and social accounts
Whitelabeled interface adds complexity around data scope if clients are end-users; DPA available on request
data: Custom capacity, deeper integrations, dedicated account manager; data scope not publicly specified
Custom pricing; no enterprise-specific security features (e.g., SSO, audit logs) are advertised publicly
// What to watch
- No SOC 2, ISO 27001, HIPAA, or FedRAMP certifications held or in progress based on all available public documentation
- No formal bug bounty or public vulnerability disclosure program; responsible disclosure via email only
- No penetration testing disclosure in any public documentation
- Privacy policy permits selling or licensing aggregated/de-identified data to third parties, which may be a concern for some buyers
- AI training data use policy is absent: no explicit statement about whether user blog content or social media data is used to train AI models
- Trust center subdomains (trust.missinglettr.com, security.missinglettr.com, compliance.missinglettr.com) require authenticated login and are not publicly accessible
- Canadian company subject to PIPEDA/PIPA; data may also reside in the US, subject to US jurisdiction
- No customer-selectable data residency; EEA users rely on SCCs for data transfer legality
// At a glance
Pricing model
Subscription (monthly or annual). Solo $12/month, Pro $32/month, Agency $117/month (annual pricing). Enterprise custom.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Missinglettr Ltd. (1357356 B.C. LTD.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
missinglettr.com