// Trust & Security Report

    Kalemi Code LLC (product: Publer) logo

    Kalemi Code LLC (product: Publer)

    All-in-one social media management platform: scheduling/bulk-posting across Facebook, Instagram, LinkedIn, Google Business, X, TikTok, YouTube; calendar planner, analytics, agency/team collaboration and approvals, browser extension, Link-in-Bio, and an optional AI Assist feature (content/caption/image generation). Sibling products under the same parent company (Kalemi Code) include Linkie (link shortener) and Kibo.

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO/IEC 27001:2022
    HELD

    Privacy Policy: 'ISO/IEC 27001 Certification: Kalemi Code is ISO/IEC 27001 certified, demonstrating our commitment to information security management best practices. You may verify our certification here.' Independent registry confirms: Certificate No. 01 153 2520565, Certificate Holder 'Kalemi Code LLC', Certificate Type 'ISO/IEC 27001', Scope 'Development, maintenance, and support of the company's products, including the Publer SaaS platform...', issued via TUV Rheinland, status 'Valid Certificate'.

    Verify on publer.com
    GDPR (posture)
    HELD

    Trust Center: 'Publer complies with GDPR and CCPA/CPRA, ensuring personal data is protected under leading global privacy laws.' Privacy Policy Section 12 details GDPR legal bases, data subject rights, an EU Representative (EU Presence d.o.o., Zagreb, Croatia) appointed under Article 27, and a Data Processing Agreement available on request.

    Verify on publer.com
    CCPA/CPRA
    HELD

    Privacy Policy Section 13 provides full CCPA/CPRA disclosures: categories of personal information collected, right to know/delete/correct/opt-out, and confirms 'Kalemi Code does not "sell" personal information in exchange for monetary compensation,' with an opt-out route for cross-context sharing with affiliated products.

    Verify on publer.com
    Google CASA (Cloud Application Security Assessment)
    HELD

    Trust Center: 'Publer meets the Google CASA framework, a cloud application security assessment that validates apps against rigorous controls.' Note: CASA is a tiered self-assessment/validation program for apps using Google user data (OAuth scopes), not a general enterprise security certification like SOC 2/ISO 27001; tier level not disclosed on the vendor page.

    Verify on publer.com
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No mention of SOC 2 anywhere on the Trust Center, Privacy Policy, or Terms of Service. No public evidence of a SOC 2 attestation.

    source: publer.com
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA, BAA, or healthcare-specific compliance anywhere on Publer's Trust Center, Privacy Policy, or Terms of Service.

    source: publer.com
    PCI DSS
    NOT CONFIRMED

    'We do not store your full credit card number or payment details on our servers. Payment information is collected and processed directly by these providers [Paddle, PayPro Global] in accordance with their respective privacy policies and PCI-DSS compliance standards.' This is the payment processors' PCI DSS compliance, not Publer/Kalemi Code's own; Publer itself never handles card data so is out of PCI DSS scope rather than certified.

    source: publer.com
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence of these cloud-security, cloud-privacy, or privacy-information-management ISO certifications on Publer's Trust Center or the Certipedia registry entry (which lists only ISO/IEC 27001).

    source: publer.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No mention of ISO/IEC 42001 or any AI-management-system certification on the Trust Center despite Publer offering an AI Assist feature.

    source: publer.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR registry listing or attestation found for Publer or Kalemi Code.

    source: publer.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization; not applicable, Publer does not market to US federal government customers.

    source: publer.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Privacy Policy Section 8: 'Publer is operated from servers located in Frankfurt, Germany. If you access the Service from outside Germany, your information will be transferred to, processed, and stored in Germany.' Standard Contractual Clauses used for EEA/UK/Swiss transfers where applicable.

    Publer's AI Assist feature (marketed separately at publer.com/features/ai-assist) is described in third-party sources as powered by GPT-4/DALL-E-class models, with users either using their own OpenAI account or Publer's shared OpenAI account on Business plans. Neither the Privacy Policy nor Terms of Service contains an explicit statement about whether Publer/Kalemi Code itself trains machine-learning models on customer content, nor an explicit opt-out mechanism for AI training. No contradiction found between marketing and legal pages, but the omission itself is a gap: could not confirm training posture from vendor-domain sources alone.

    // Security controls

    Encryption of stored PII

    Yes - Privacy Policy states full name, email address, and IP address are stored encrypted; 'We implement administrative, technical, and physical safeguards... These measures include encryption, access controls, and secure data storage.'

    publer.com

    Data hosting region

    Frankfurt, Germany (single-region hosting stated); EU/UK/Swiss transfers use Standard Contractual Clauses.

    publer.com

    Penetration testing

    Yes - 'Publer conducts regular third-party penetration tests to identify vulnerabilities across our infrastructure and applications. Findings are remediated on a risk-based priority.'

    publer.com

    GDPR Article 27 EU Representative

    Yes - EU Presence d.o.o., Ulica Brune Busica 42, 10000 Zagreb, Croatia; a 'GDPR Representation Certificate' is referenced as verifiable via a linked page.

    publer.com

    Account deletion / data retention

    Deleted accounts retain data for 7 days for recovery, then permanently deleted; immediate deletion available on request to support@publer.com.

    publer.com

    Payment data handling

    Publer never stores full card numbers; payments processed by Paddle and PayPro Global (both act as Merchant of Record) under their own PCI-DSS programs.

    publer.com

    // Products & data scope

    Publer core (scheduling/publishing)Social Media Management

    data: Connected social account OAuth tokens, post content/media, scheduling metadata.

    Primary product; Frankfurt-hosted; ISO 27001 scope explicitly covers 'the Publer SaaS platform'.

    AI AssistAI Content Generation

    data: User-entered prompts/text and brand-voice inputs; per third-party sources, processed via OpenAI (user's own key or Publer's shared OpenAI account on Business plan).

    No vendor-domain statement on whether Publer trains its own models on this data; treat as a gap, not a confirmed no.

    Kalemi Code family products (Linkie, Kibo)Adjacent products (link shortening, other tools)

    data: Same account/name/email may be shared across the Kalemi Code product family for marketing and unified customer experience, per Privacy Policy Section 5.2.

    Users can opt out of this cross-product sharing/marketing use via privacy request or unsubscribe.

    // What to watch

    • ISO 27001 certificate is held by the parent/operating entity 'Kalemi Code LLC', not a separately named 'Publer' legal entity. This is not a host-vs-vendor conflation (Kalemi Code is Publer's actual data controller and operator per its own Privacy Policy, and the Certipedia scope text explicitly names 'the Publer SaaS platform'), but AIFOXX listings should attribute the cert to Kalemi Code LLC (Publer's operating company), not imply Publer is an independently certified entity.
    • Trust Center wording is inconsistent on ISO 27001: the Trust Center page itself says Publer only 'aligns with' ISO/IEC 27001:2022 (softer language, no certificate number shown), while the Privacy Policy explicitly says 'Kalemi Code is ISO/IEC 27001 certified' and links to a verifiable third-party registry entry. The registry entry independently confirms an active certificate, resolving the ambiguity in favor of held=true, but the vendor's own marketing copy is not fully consistent in how it states this.
    • AI training posture on customer data is undocumented on Publer's own domain (no explicit training/opt-out statement for AI Assist), despite AI Assist being a marketed feature. Recorded as null/unknown rather than assumed false.
    • Google CASA is a tiered self-assessment program for Google OAuth scope access, not a general enterprise security certification; do not conflate it with SOC 2/ISO-level assurance in listings.
    • No SOC 2 or HIPAA support; growth-stage company should not be penalized for this, but regulated-industry buyers (healthcare, and enterprises requiring SOC 2) should be flagged this gap explicitly.

    // At a glance

    Pricing model

    Freemium with paid tiers (per Trust Center/site: Free, and paid plans up to Business/Agency); AI Assist usage differs by plan (bring-your-own-OpenAI-key vs. shared account on Business).

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Kalemi Code LLC (product: Publer)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    publer.com

    > Browse all vendor trust reports