Content for more than 9,000 brands is managed in Gain. We don't take that responsibility lightly.

Illustration of a lock in locked position

You rely on us to protect your data and the reputations of your brands and their customers. Read on to learn more about how we protect your data.


Gain's main infrastructure is completely hosted and managed within Amazon's secure data centers using Amazon Web Services (AWS) technology. Amazon data centers are ISO 27001 and FISMA certified, with multiple layers of physical protection.

Our managed network firewalls provide automatic DDoS mitigation, spoofing/sniffing protection, and automatic blocks to port scanning attempts. Gain runs within its own isolated environment in the cloud application platform.

Data Security

All of Gain's data is stored and processed in the United States. Data is encrypted in transit using SSL everywhere, and our databases are encrypted at rest. Passwords are stored using the PBKDF2 algorithm with a SHA256 hash, individual, random salting and multiple hashing iterations.


Gain retains your data by default upon cancellation, in case you decide to reactivate your account, but you can request your data to be completely deleted from our systems at any time.

Gain does not hand over data to law enforcement unless (i) there is applicable law, court order, or regulation that compels us, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person. To date, Gain has never received an order for customer data from a law enforcement organization. See our Privacy Policy to learn more.


Gain uses Stripe for all billing and payment functions. Stripe is audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry.

Best Practices

Gain follows web security best practices and is constantly being tested against the latest vulnerabilities and attacks outlined in the OWASP Top Ten and others. All components of the application stack are constantly kept up to date with the latest security updates.

We maintain a bug bounty program, through which we hire security researchers to perform penetration tests and report any vulnerabilities they find.

API Integrations

Connections to social networks like Facebook, X (Twitter), Instagram and LinkedIn are done using each of their official authentication APIs and best practices. We have never used social APIs in ways that violate the networks' terms of service and never will.

Gain never sees or stores your passwords for your social media accounts and we'll never ask you for it directly.


All user passwords are stored using the PBKDF2 algorithm with a SHA256 hash, individual, random salting and multiple hashing iterations. All users can enable two-step verification (also known as 2-factor authentication) to provide an extra layer of protection to their accounts.


Our product architecture keeps content for different brands completely separate. You'll never have to worry about your client seeing another client's content, no matter how many brands you manage under one same account.

We provide permission-based access to all the users in your collaboration circle. You can customize what each person will have access to and what actions they're able to take for each of your brands.


We have strict procedures in place for responding to security incidents. Upon the discovery of a security breach, our customers will be alerted immediately and we'll provide constant public updates regarding the impact and mitigation measures. To date, Gain has never had any major security incidents.

We have a passionate customer support team that is always available to provide live help and expedite solutions.


We've battle-tested Gain over the last 6 years of real-life experience.

To make sure Gain performs under pressure, we constantly monitor for performance under heavy loads. This means you can expect a responsive, enjoyable experience every time you use Gain, no matter how many people are on it.

Gain has published more than 3 million posts to social media networks and currently handles over 100,000 posts per month.

We currently serve customers with thousands of users under a single account, and some of these larger accounts handle over 6,000 posts per month. Every post is automatically pre-checked for compliance with each social network's specs to minimize any chance of error before it's even published.

On average, our platform has an uptime of 99.95%.

Maintenance downtime is communicated to our customers weeks in advance. We also provide SLAs (service-level agreements) to our Enterprise customers, where we guarantee the level of reliability and support they expect from us. Contact our Customer Support team to learn more.

Facebook Native Publishing

For Facebook posts, you can use either Gain's internal scheduling engine or Facebook's native scheduling engine. When you choose to use Facebook's engine, posts are always sent to be scheduled on Facebook's side, rather than on Gain's side. This adds an extra layer of certainty that content will be published at the right time. And even if you need to edit a post that's already been scheduled on Facebook, you can do so on Gain and those changes will be reflected on Facebook's native scheduling platform.

Relying on Facebook to schedule the posts also allows you to create multimedia campaigns or prepare promoted posts before the content is published.

Want to know more?

Download our more detailed Security and Reliability Overview for all the nitty-gritty.

Contact us any time with security-related questions. We actually like talking about this!

You won't know how great it is until you try it.