// Trust & Security Report

    Sendible Limited logo

    Sendible Limited

    Social Media Management

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    UK GDPR Compliance
    HELD

    Your rights under UK GDPR and EU GDPR ... According to the UK General Data Protection Regulation, we are the processor of your personal information that you transmit to us.

    Verify on sendible.com
    EU Standard Contractual Clauses (SCCs)
    HELD

    Connections from the browser are encrypted in transit using TLS SHA-256 ... compliant with Standard Security Clauses located in Appendix 2 of the Standard Contractual Clauses

    Verify on sendible.com
    > Show 3 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED
    ISO 27001
    NOT CONFIRMED
    HIPAA
    NOT CONFIRMED

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States (AWS infrastructure). Privacy policy states: 'stored on our secure servers located in the US.' Cross-border transfers from EU covered by Standard Contractual Clauses.

    Explicit prohibition in Terms of Service section 10.3: 'Your Customer Property won't be used to train publicly available AI models. Our contracts with Third Party Service Providers of large language models and generative AI services do not give them permission to train their models on your Customer Property. We have also entered into OpenAI's Data Processing Addendum.' DPA available on request by emailing dpa@sendible.com.

    // Security controls

    Encryption in transit

    TLS SHA-256 (HTTPS) for all browser connections

    sendible.com

    Password storage

    Salted password hashes

    sendible.com

    Cloud infrastructure

    Amazon Web Services (AWS); access restricted to authorized personnel via encrypted channels only

    sendible.com

    Data isolation

    Per-user logical data isolation enforced at the application layer

    sendible.com

    Payment security

    Payment processing via Stripe; card data is not stored on Sendible servers after transaction

    sendible.com

    SSO

    Single Sign-On (SSO) available as a feature

    sendible.com

    Bug bounty / vulnerability reporting

    Coordinated disclosure via security@sendible.com. No bug bounty compensation: 'As a policy, Sendible does not offer compensation for reported issues.' No HackerOne or Bugcrowd platform used.

    sendible.com

    Penetration testing

    Not publicly disclosed

    Audit rights

    Data exporters and supervisory authorities retain right to audit Sendible's data-processing facilities per Standard Contractual Clauses

    sendible.com

    // Products & data scope

    Sendible (Core Platform)Social Media Management

    data: Processes social media account credentials, post content, audience engagement data (comments, DMs), analytics, and team/client profile data. Handles OAuth tokens for connected social networks. Social data (private messages, photos) collected via API connections.

    Serves agencies, brands, freelancers, and enterprise customers. 30,000+ active users. Key integrations: Instagram, Facebook, Twitter/X, TikTok, LinkedIn, YouTube, Google Business, Threads, Bluesky.

    Sendible AIAI Content Generation (add-on feature)

    data: Processes user-supplied content ('Input') via third-party large language models (OpenAI confirmed). Output owned by customer. Customer Property explicitly excluded from AI model training per signed DPA with OpenAI.

    Not required for use of core Sendible platform. Labelled 'Sendible AI' in product. Terms of Service section 10.3 prohibits training on customer data. Users prohibited from using AI Output to develop competing foundation models.

    // What to watch

    • No SOC 2 or ISO 27001 certification found or claimed on vendor's own site as of 2026-06-27. Absence confirmed by reviewing privacy policy, terms, SCCs page, and vulnerability reporting page.
    • No dedicated trust center page. Security documentation is spread across privacy policy, SCCs annex, and vulnerability reporting pages.
    • Data hosted exclusively in the US (AWS); no EU/UK data residency option documented. EU transfers rely on SCCs.
    • No bug bounty compensation policy. Vulnerability reporting is email-only (security@sendible.com) with no third-party platform (HackerOne/Bugcrowd).
    • Penetration testing cadence not publicly disclosed.
    • OpenAI is confirmed subprocessor for Sendible AI features; Sendible states it has signed OpenAI's Data Processing Addendum and customer data is excluded from model training.

    // At a glance

    Pricing model

    Subscription (monthly or annual). Plans by user count and feature tier. 14-day free trial, no card required. Pricing available at sendible.com/pricing.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Sendible Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    sendible.com

    > Browse all vendor trust reports