Back to Security Center

Influencer Marketing Security

The Influencer Marketing by Sprout Social AI-powered intuitive platform allows marketers to create strategy, discover and connect with the best influencers, plan and execute campaigns, maximize workflow efficiency, and accurately measure campaign performance so they can grow their brand’s presence more authentically, engage with new audiences, and generate more revenue. More information can be found on our website here.

The security controls and measures documented below are specific to the Influencer Marketing application. In addition, all measures listed on the Security page apply.

Access Control

Authentication

By default, users log in to the Influencer Marketing application using a designated username and password. Account passwords are salted and hashed using the latest strong algorithms and approaches, which are routinely audited. No human, our staff included, can ever view them. If you lose your password, it can't be recovered and must be reset.

Single Sign-on (SSO) is available using the OpenID Connect protocol for customers to connect Influencer Marketing with their corporate identity provider. Instructions for configuring SSO can be found here.

Additionally, customers may configure two-factor, or multifactor authentication using the Time-based One-time Password Algorithm (TOTP) through either SMS/text messages or an authenticator application, such as Google Authenticator. Instructions for configuring two-factor authentication can be found here.

Authorization

Influencer Marketing offers a flexible, comprehensive permissions model where the Organization Admin can assign organizational roles and rights based on each customer’s individual needs. Users can be assigned manager, editor, or viewer access to Campaigns, while also determining whether the user is permitted to access Reports, the Payment Dashboard, Campaigns, and more.

Application Security

Brand Safety

Brand Safety in Influencer Marketing helps customers protect their brand’s reputation by identifying creators whose content may not align with their values, industry requirements, or campaign standards through customizable rules, real-time content flagging, and transparency.

Password settings

In addition to the standard requirement that all passwords contain at least 12 characters of letters, numbers, and special characters, the Organization Admin can also enable/disable a setting to force password changes regularly.

Message templates

Customers can create custom message templates for all mass messaging sent from Influencer Marketing, ensuring that every communication matches the customer’s brand and formatting.

Email configuration

Customers can configure and verify their domains for outgoing email from the Influencer Marketing application so that communications are sent from email addresses associated with their company rather than generic Influencer Marketing email addresses.

Cloud Hosting

Data centers

The Influencer Marketing application and associated infrastructure are hosted by OVHcloud (OVH). OVH services are built from the ground up to address its customers’ most rigorous security and privacy demands, which include compliance with ISO/IEC 27001, 27017, 27018, 27701, PCI DSS Level 1, and SOC 1, 2, and 3. For more information on OVH’s certifications and compliance programs, please visit https://us.ovhcloud.com/compliance/.

Some components of the Influencer Marketing infrastructure are hosted by Hetzner Online GmbH (Hetzner). Hetzner provides state-of-the-art and environmentally friendly infrastructure to support critical Internet exchanges and maintains an information security management system that is certified to the ISO/IEC 27001 standard. For more information on Hetzner’s certifications and compliance programs, please visit https://www.hetzner.com/unternehmen/rechenzentrum/.

Data locality

Understanding the importance of data residency, Sprout Social strives to provide accurate and comprehensive information regarding where customer data is processed and stored. Currently, all Influencer Marketing customer data is processed and stored in the United States in the following regions:

  • Primary - OVHcloud Washington DC (Vint Hill, Virginia)
  • Disaster Recovery/Backup - OVHcloud Seattle (Hillsboro, Oregon)
The components of the Influencer Marketing infrastructure hosted through Hetzner, which do not contain customer data, are located in the Falkenstein and Nuremberg Data Center Parks in Germany.

Infrastructure Security

Cryptography

All communications over public networks with the Influencer Marketing application and API utilize HTTPS with TLS 1.2 or higher enforced. All data, including backups, is stored encrypted at rest with AES-256 or greater.

All application keys are managed natively through a secrets management system. Keys are rotated regularly according to policy and industry standards.

Cloud security

All servers, services, and applications are configured following vendor recommendations to ensure optimal security and configuration hardening. Security auditing tools run regularly to allow the team to review the environment's current security posture in comparison to industry best practices and remediate any identified risk areas.

While operating a multi-tenant cloud environment, Sprout Social ensures that each customer’s data is logically separated so that each customer can access only their own data. Various front-end and back-end verification measures operate continuously to enforce this separation.

Network security

The Influencer Marketing infrastructure is hosted on dedicated servers leased by Sprout Social. These servers contain a highly available next-generation firewall that feeds traffic into internal load balancers, diverting traffic to one of several segmented security zones.

Servers are logically segmented based on network access control lists, security groups, and firewall rules. Each server is dedicated and designed for a single function. Unneeded ports and services are disabled.

Cloudflare operates in front of the application as a Web Application Firewall (WAF) and Content Delivery Network (CDN).

Maintenance

The infrastructure is constructed and maintained following the zero-trust architecture approach. Personnel are granted access to systems strictly based on the access required for their role, following the principle of least privilege. Individuals who perform system maintenance must connect to the infrastructure using a VPN, and multiple layers of verification and authentication are enforced.

Maintenance activities are performed without impact or downtime to customers.