Smart SEO Audit was built with security as a first-class concern from day one — not bolted on after the first audit. Here's exactly how we protect your account, your audits and your client data.
Every architectural decision starts here. If something can't be done safely, we don't ship it.
Hardened, Swiss-hosted infrastructure with redundant backups and 24/7 monitoring. No single point of failure, no surprise data-residency.
Your audit data is encrypted, isolated and never sold. Defense in depth means breaking one layer doesn't compromise the rest.
Strict, audited access — for both customers managing their accounts and our internal team supporting them.
When something goes wrong, you'll know — fast and honestly. We rehearse this stuff so it works when it matters.
If you're a security engineer doing a vendor review, this is the one-pager you're looking for.
HSTS enforced site-wide. TLS 1.0/1.1 disabled. A+ rating on SSL Labs.
Customer data and backups encrypted with envelope encryption and per-tenant keys.
Modern memory-hard hashing with per-user salts. Plaintext passwords are never stored or logged.
Tier-3 Swiss data centers. Outside EU and US jurisdictions for primary data storage.
Encrypted, off-site, tested with quarterly restore drills.
Measured monthly, excluding scheduled maintenance. Public status page available.
TOTP-based two-factor on every plan. SAML SSO on Agency and Enterprise.
Automated SCA on every dependency change, plus periodic external pen tests.
GDPR-compliant breach notification process with on-call escalation.
Procurement teams ask for these. Here's where we stand — including what's live today and what's on the roadmap.
Full EU General Data Protection Regulation compliance. DPA available on request. Sub-processor list maintained and updated.
Compliant with the revised Swiss Federal Act on Data Protection (in force since September 2023). Switzerland is a recognized adequate jurisdiction.
Pre-signed Data Processing Agreement with EU Standard Contractual Clauses available — email [email protected].
Audit underway. Type I report targeted for late 2026, Type II to follow. We'll share progress publicly as we hit milestones.
If you've discovered a security vulnerability in Smart SEO Audit, please report it directly to our security team. We acknowledge every legitimate report, work with you to validate and fix the issue, and credit researchers (with consent) on a public hall of fame.
PGP key available at /.well-known/security.txt. Please include reproduction steps and your assessed severity.
A short, honest list — to save your time and ours.
Three short policies that explain how we treat your information end-to-end.
Primary storage and processing happens in Swiss data centers. Limited sub-processor data (payments, transactional email, AI insights) may transit other regions under SCC-equivalent safeguards. Full sub-processor list available on request.
Your audit data is never sold, rented, or used to train AI models for anyone else. We use it only to provide the Service to you. Written into our Terms and Privacy Policy.
Cancel your account and your audit history is permanently removed within 30 days. Backups roll off within 35 days after that. GDPR data-export and deletion requests answered within 30 days.
The four questions every procurement team and security engineer asks first.