Could Facebook’s investigation of this social analytics firm spell trouble for brands?

Facebook is investigating a social analytics company called Crimson Hexagon because of its potential dealings with a Russian organization and other concerns over how it handled private data.

Crimson Hexagon, based in the US, provides social data analysis for brands by monitoring platforms including Facebook and Twitter. The brands it has worked with include Adidas, Samsung, GM, Walmart and General Mills, according to its website. It also has worked with agencies like VML and R/GA.

[Tweet “Facebook is now investigating social analytics companies. Should brands be worried?”]

On July 20, The Wall Street Journal reported that it alerted Facebook to Crimson Hexagon’s business dealings with a Russian nonprofit organization – the Civil Society Development Foundation – with ties to the Kremlin.

MUST READ: Is a selfie worth dying for?

The Russia connection is a sensitive one for Facebook, which last year uncovered hundreds of fake accounts that it traced back to Moscow and which were used to influence the 2016 US elections.

Since March, Facebook has been auditing developers and third-party data providers because of the issues raised by Cambridge Analytica, another company with alleged ties to Russia that the social network says misused data on 87 million of its users to influence political campaigns. Facebook has imposed greater restrictions on what types of data these third parties can access and is looking into whether any of them retained data against its policies.

“Based on our investigation to date, Crimson Hexagon did not obtain any Facebook or Instagram information inappropriately,” a Facebook spokesman says in an e-mail statement. Facebook suspended the developer and its apps while it conducts the review.

READ: Why did only 1 in 10 brands grow in the last 3 years?

Crimson Hexagon’s founder and Chairman Gary King was not immediately available for comment.

The company had access to data on Facebook and Instagram through APIs – application programming interfaces – which developers use to create software and apps for platforms.

“We are investigating the claims about Crimson Hexagon to see if they violated any of our policies,” says Ime Archibong, Facebook’s vice-president of product partnerships, in an email statement. “People can share their information with developers on Facebook and Instagram – just as they can when they download an app on their phone. We also have APIs so that developers can use public or aggregated information to produce anonymized insights for business purposes. Facebook has a responsibility to help protect people’s information.”

The WSJ reported that Crimson Hexagon may have received data it should not have in at least one instance from 2016. While monitoring public posts on Instagram, a glitch may have revealed private posts that should not have been available, according to the report.

EXCLUSIVE: Yves-Michel Gabay on joining Gamned!

Crimson Hexagon also has worked with US federal agencies like FEMA, the State Department and Homeland Security, according to the same report. Those relationships raised concerns about giving the government access to personal information of intent users.

“We don’t allow developers to build surveillance tools using information from Facebook or Instagram,” the Facebook spokesman said in the e-mail statement. “We take these allegations seriously.”