// Trust & Security Report

    Missinglettr Ltd. (1357356 B.C. LTD.) logo

    Missinglettr Ltd. (1357356 B.C. LTD.)

    Social Media Marketing Automation

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance (self-attested)
    HELD

    Missinglettr Ltd. is committed to protecting personal data and complying with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) where it applies.

    Verify on missinglettr.com
    PIPEDA / BC PIPA (Canadian privacy law)
    HELD

    We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, in accordance with applicable Canadian privacy laws, including PIPEDA and British Columbia's PIPA.

    Verify on missinglettr.com
    > Show 4 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED
    source: missinglettr.com
    ISO 27001
    NOT CONFIRMED
    source: missinglettr.com
    HIPAA
    NOT CONFIRMED
    source: missinglettr.com
    PCI DSS
    NOT CONFIRMED

    We do not store credit card information; payment data is securely handled by Stripe (PCI DSS Level 1 certified).

    source: missinglettr.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Canada primary; also United States and other jurisdictions where Google Cloud Platform operates

    No explicit policy on AI model training found. The privacy policy states aggregated and de-identified data 'may be shared, licensed, or sold to third parties' for analytics, research, and product development. The platform uses AI to generate social media posts from blog content, but neither the privacy policy nor security page addresses whether user content is used to train underlying AI models. No dedicated AI data-use policy exists.

    // Security controls

    Cloud Infrastructure

    Google Cloud Platform (GCP); data stored in secure Google Cloud data centres

    missinglettr.com

    Encryption in Transit

    TLS across all services; HTTPS-only access enforced

    missinglettr.com

    Encryption at Rest

    Not explicitly stated; GCP default encryption applies

    missinglettr.com

    Password Storage

    Passwords are securely hashed and salted; never stored in plain text

    missinglettr.com

    Access Controls

    Principle of least privilege; production access limited primarily to engineering team; industry-standard authentication; access regularly reviewed

    missinglettr.com

    Data Backups

    Regular backups implemented; no specific RTO/RPO disclosed

    missinglettr.com

    Payment Security

    No credit card data stored; payments handled by Stripe (PCI DSS Level 1 certified)

    missinglettr.com

    Bug Bounty Program

    None identified. Security reports directed to security@missinglettr.com with acknowledgment typically within 1 business day

    missinglettr.com

    Penetration Testing

    Not mentioned in any public documentation

    missinglettr.com

    Security Incident Disclosure

    Will notify affected users and/or regulators of data breaches where required by applicable law

    missinglettr.com

    Data Retention

    General 2-year retention period; longer where contractually required or for litigation/disaster recovery; deletion supervised by Records Management Officer

    missinglettr.com

    GDPR International Transfer Mechanism

    Standard Contractual Clauses (SCCs) for EEA data transfers

    missinglettr.com

    // Products & data scope

    SoloSocial Media Automation

    data: 1 workspace, 1 extra user, 3 social profiles; blog content ingested to generate AI social posts; individual creator use case

    Individual tier; same privacy policy and security posture as all plans

    ProSocial Media Automation

    data: 3 workspaces, 10 social profiles, team collaboration; blog and content data processed by AI for post generation

    Most popular plan; team collaboration enabled

    AgencySocial Media Automation (Agency)

    data: 25 social profiles, 10,000 scheduled posts, whitelabeled interface, custom domain; manages multiple clients' content and social accounts

    Whitelabeled interface adds complexity around data scope if clients are end-users; DPA available on request

    EnterpriseSocial Media Automation (Enterprise)

    data: Custom capacity, deeper integrations, dedicated account manager; data scope not publicly specified

    Custom pricing; no enterprise-specific security features (e.g., SSO, audit logs) are advertised publicly

    // What to watch

    • No SOC 2, ISO 27001, HIPAA, or FedRAMP certifications held or in progress based on all available public documentation
    • No formal bug bounty or public vulnerability disclosure program; responsible disclosure via email only
    • No penetration testing disclosure in any public documentation
    • Privacy policy permits selling or licensing aggregated/de-identified data to third parties, which may be a concern for some buyers
    • AI training data use policy is absent: no explicit statement about whether user blog content or social media data is used to train AI models
    • Trust center subdomains (trust.missinglettr.com, security.missinglettr.com, compliance.missinglettr.com) require authenticated login and are not publicly accessible
    • Canadian company subject to PIPEDA/PIPA; data may also reside in the US, subject to US jurisdiction
    • No customer-selectable data residency; EEA users rely on SCCs for data transfer legality

    // At a glance

    Pricing model

    Subscription (monthly or annual). Solo $12/month, Pro $32/month, Agency $117/month (annual pricing). Enterprise custom.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Missinglettr Ltd. (1357356 B.C. LTD.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    missinglettr.com

    > Browse all vendor trust reports