// Trust & Security Report
Sendible Limited
Social Media Management
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on sendible.com“Your rights under UK GDPR and EU GDPR ... According to the UK General Data Protection Regulation, we are the processor of your personal information that you transmit to us.”
Verify on sendible.com“Connections from the browser are encrypted in transit using TLS SHA-256 ... compliant with Standard Security Clauses located in Appendix 2 of the Standard Contractual Clauses”
> Show 3 unconfirmed / not-held certifications
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
United States (AWS infrastructure). Privacy policy states: 'stored on our secure servers located in the US.' Cross-border transfers from EU covered by Standard Contractual Clauses.
Explicit prohibition in Terms of Service section 10.3: 'Your Customer Property won't be used to train publicly available AI models. Our contracts with Third Party Service Providers of large language models and generative AI services do not give them permission to train their models on your Customer Property. We have also entered into OpenAI's Data Processing Addendum.' DPA available on request by emailing dpa@sendible.com.
// Security controls
Cloud infrastructure
Amazon Web Services (AWS); access restricted to authorized personnel via encrypted channels only
sendible.comPayment security
Payment processing via Stripe; card data is not stored on Sendible servers after transaction
sendible.comBug bounty / vulnerability reporting
Coordinated disclosure via security@sendible.com. No bug bounty compensation: 'As a policy, Sendible does not offer compensation for reported issues.' No HackerOne or Bugcrowd platform used.
sendible.comPenetration testing
Not publicly disclosed
Audit rights
Data exporters and supervisory authorities retain right to audit Sendible's data-processing facilities per Standard Contractual Clauses
sendible.com// Products & data scope
data: Processes social media account credentials, post content, audience engagement data (comments, DMs), analytics, and team/client profile data. Handles OAuth tokens for connected social networks. Social data (private messages, photos) collected via API connections.
Serves agencies, brands, freelancers, and enterprise customers. 30,000+ active users. Key integrations: Instagram, Facebook, Twitter/X, TikTok, LinkedIn, YouTube, Google Business, Threads, Bluesky.
data: Processes user-supplied content ('Input') via third-party large language models (OpenAI confirmed). Output owned by customer. Customer Property explicitly excluded from AI model training per signed DPA with OpenAI.
Not required for use of core Sendible platform. Labelled 'Sendible AI' in product. Terms of Service section 10.3 prohibits training on customer data. Users prohibited from using AI Output to develop competing foundation models.
// What to watch
- No SOC 2 or ISO 27001 certification found or claimed on vendor's own site as of 2026-06-27. Absence confirmed by reviewing privacy policy, terms, SCCs page, and vulnerability reporting page.
- No dedicated trust center page. Security documentation is spread across privacy policy, SCCs annex, and vulnerability reporting pages.
- Data hosted exclusively in the US (AWS); no EU/UK data residency option documented. EU transfers rely on SCCs.
- No bug bounty compensation policy. Vulnerability reporting is email-only (security@sendible.com) with no third-party platform (HackerOne/Bugcrowd).
- Penetration testing cadence not publicly disclosed.
- OpenAI is confirmed subprocessor for Sendible AI features; Sendible states it has signed OpenAI's Data Processing Addendum and customer data is excluded from model training.
// At a glance
Pricing model
Subscription (monthly or annual). Plans by user count and feature tier. 14-day free trial, no card required. Pricing available at sendible.com/pricing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Sendible Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
sendible.com