The business of influencer marketing, when executed at scale with considerable investment by brands and agencies, often includes several parties and types of personal and private data. Global enterprise brands may have hundreds of users working on creator programs that activate thousands of creators, and often also include partner agencies. The risk associated with executing these programs is not small.
We've all seen it before. Platforms that we all rely on are impacted by data breaches, downtime, privacy issues, or loss of data access. When that happens, brands can lose revenue, data, and trust in their providers.
That’s why organizations need influencer marketing software that’s rock solid and set up to safeguard and support them with enterprise-grade security, safety protocols, and compliance standards.
At CreatorIQ, we consider safety and security from all angles, and take a 360 degree approach to every aspect of risk mitigation. We’re certified for compliance with ISO/IEC 27001:2022, an internationally recognized standard and code of practice. This certification demonstrates our commitment to information security at every level of our organization, and that we’ve built our security program in accordance with industry-leading best practices.
Data and privacy infrastructure isn’t often the most flashy topic to write about. But we know that it’s a top priority to our customers, and their customers, and it’s foundational to our platform and business. While you may not know the intricacies behind being ISO certified (you don’t have to!), it’s important to understand the core safety and security principles to look for when evaluating any technology provider.
Below are five non-negotiables we believe influencer marketing SaaS platforms must provide in order to meet your standards and business needs.
Data Privacy & Protection
CreatorIQ’s software processes both public and private data relevant to the business of creator marketing.
This includes creator data, both public and private with user authorization, from our social network partners via API integration, augmented and additional creator information provided by either the creator or the brand, user and employee information, private brand first-party data including imported information and performance or cost information related to the execution of programs.
Data is the backbone of your business, and ours, so it's our job to protect it! All data, whether it's being sent or stored through our platform, is encrypted. Imagine your data like a secret message: even if someone intercepts it, they can't read it without the key. We make sure public and private data are clearly separated and handle Personally Identifiable Information (PII) with kid gloves. Only authorized people can access it, and we store it securely.
When we say we take a “360-degree approach”, it means a few things: First, the distinction between public and private data must be well understood and categorized. Second, when handling and dealing with private or PII data, the proper permissions, authentication, retrieval and compliant storage of this data must be followed and built into the product and system infrastructure.
As a software provider with thousands of customers, CreatorIQ considers every customer’s active use of our platform to be proprietary information that is owned by the customer, protected, and never shared.
Finally, CreatorIQ’s website, email marketing, and platform are compliant with data privacy regulations, including GDPR and California’s CCPA policy.
Take a look at our privacy policy for in depth documentation of our data privacy and policy practices. CreatorIQ’s Privacy Policy includes:
- Information regarding personal data collected when accessing CreatorIQ applications and its public website
- Instructions to submit DSAR requests (Data Subject Access Request) to adhere to GDPR and CCPA compliance rules
- Legal Basis for Data Processing of various data categories
- How your personal information is used
System Security and Vulnerability Management
Cyber threats from bad actors are a daily reality, especially for businesses that process high volumes of data and information—the currency of hackers. It’s crucial to be proactive by continually scanning for potential threats at the earliest stages and entry points.
To help protect your brand and your data, we take extensive measures to protect our platform and users against cyber threats and vulnerabilities at a regular cadence. We conduct daily scans for security updates and basic web endpoint penetration testing, as well as weekly AWS Cloud Infrastructure audits.
Infrastructure and network security are protected using multiple layers of defense mechanisms, including firewalls, WAF, malware protection, and comprehensive traffic logging.
In addition, we have policies and practices in place for data center security, data encryption, and physical security.
System Availability and Uptime
We know downtime is a killer. That’s why we guarantee 99.9% uptime. We subscribe to a number of logging, monitoring and alerting tools that scan the health of our systems so we catch and fix any potential issues with minimal interruption.
If something goes wrong, like a major disaster or outage, you can be rest assured that we have a plan to get everything back up and running within 24 hours. We also back up your data daily and keep these backups for 35 days, all encrypted for safety.
Risk Mitigation When Working with Creators
Brands often partner with hundreds of creators, sometimes thousands, meaning that they are collecting and requesting creator information and sharing sensitive information about their business agreement, campaign details, and personal details back and forth. Safeguards to ensure brand and creator partnerships are secure, successful, and private include the following capabilities and considerations:
Creator information collection: Collecting and storing PII and PCI (payment data) is a common practice and need for influencer marketers working with creators. As part of our data privacy & security policies, CreatorIQ securely collects and stores PII and also partners with payment processors who are PCI compliant to facilitate the collection and storage of payment information to protect against data breaches and credit card fraud. Stringent adherence to these compliance practices reduces risk to brands (and their software providers) who may be liable when collecting and storing PII and PCI information in non-compliant ways.
Creator facing resources & communications: Efficiently and effectively working with creators means providing campaign details and specifics in outreach, email, or dedicated landing pages for them to view and manage briefs and requirements, payments and incentives, and submit content for review. In effect, these activities are shared objects with a vast number of external users to the CreatorIQ platform. Creator account creation and login requirements protect shared pages or links from accidentally falling into the wrong hands (or inbox, phone, or desktop) and keep both brand and creator data secure.
Creator suitability: Data security isn’t the only consideration to keep in mind when working with creators. Choosing to partner with a content creator, essentially a contract vendor or employee working for your brand, invites risk to your program’s performance as well as your brand’s presence and reputation. Ensuring brand safety goes well beyond NSFW flags and should include a comprehensive approach to vetting and evaluation to ensure brand alignment and safety, supported by the right product capabilities. CreatorIQ’s platform empowers influencer marketers to vet creator data and content via active audience scoring, LDA compliance estimations, custom brand safety and compliance configurations, follower fraud reports, and FTC disclosure and brand safety monitoring during in-flight campaigns.
User Management and Access Control
Your data is private and confidential. A universal risk to any safe and secure system comes with access control. To keep your data safe, we regularly conduct user access reviews to ensure appropriate permissions are in place, for both CreatorIQ employees, users of the platform, and external user visibility.
CreatorIQ’s Access Control Management Policy covers user access management procedures based on user roles, information access based on business needs, and authentication requirements to access systems, applications and databases within the CreatorIQ ecosystem.
SAML single-sign on is available (and highly encouraged!) to all customers. You can configure structured user permissions & access controls to safeguard against sharing or viewing sensitive information like payment information, other business units or divisions’ work, or administrative network settings.
Brands who use our platform have the option to share reports, creator lists, or campaign performance reports to external users for approvals, collaboration, or feedback. This capability comes with full traceability within the platform.
Finally, all CreatorIQ employees use SSO coupled with 2FA (two-factor authentication) to access CreatorIQ tools and applications, must adhere to Strong Password standards, and are required to update passwords every 90 days. We also require all employees to complete security training to maintain our ISO security compliance certificate.
We’re focused on providing our customers with the strongest platform infrastructure and security so you feel confident executing large scale, global creator marketing programs with the least amount of risk to their business.
To learn more about our commitment to privacy, safety, and security, you can visit the following pages on our website: Privacy, Security, Terms of Use
Or, reach out to us to discuss more with your Customer Success Manager or a CreatorIQ sales representative.