Your Data Is Safe

Security and privacy.

Complete transparency about how we protect your site, credentials, and business data. Security runs through everything we build.

Ask us anything See certifications
TLS 1.2+
All connections in transit
AES-256
Credentials encrypted at rest
SOC 2
Type II certified, annually
GDPR
Full DPA on request
01
Encrypted

In Transit

  • TLS 1.2+ for all connections
  • HTTPS enforced on all endpoints
  • No HTTP fallback
  • Certificate pinning on extension and mobile APIs
02
Encrypted

At Rest

  • AES-256 encryption for CMS credentials
  • Database encryption (AWS KMS)
  • Separate encryption key per customer
  • Regular key rotation
Authentication

Access controls.

Multiple layers of authentication and authorization protect against unauthorized access. Every request is verified, every token short-lived.

01 / 03

Clerk Authentication

Email, Google OAuth, and magic link authentication via Clerk. Two-factor authentication available.

JWT15-minute lifetime
Refresh7-day rotation
StorageNever plain-text
02 / 03

CMS Credentials

Connects via WordPress REST API using Application Passwords. No admin passwords required — ever.

StorageAES-256 encrypted
DisconnectToken revoked
ScopeApp Passwords only
03 / 03

API Authorization

Every API endpoint verifies the authenticated user owns the requested site. Cross-user access returns 403.

Rate limit100 req/min
ScopePer-site verified
Forbidden403 cross-user
Change Safety

Snapshot and rollback.

Before any modification to your site, a complete snapshot of the current state is created and stored. This includes all field values, not just the changed field.

24-Hour Undo Window

Click “Undo” within 24 hours of any change to restore previous values instantly. After 24 hours, snapshots are retained for 30 days for audit purposes.

snapshots / 2026-05-07T14:22Z
Restorable
What gets snapshotted
Page title before/after
Meta description before/after
Page content before/after
Schema markup changes
Image alt text changes
Internal link additions/removals
Blog post creation/publication
Redirect additions
RETENTION · 30 days auditLatest snapshot 4m ago
Data Privacy

Cross-site insights and anonymization.

We track outcomes across all customers to improve recommendations over time. This data is entirely anonymized and aggregated. No individual site data is ever exposed.

What Gets Analyzed
Aggregate
  • Which recommendation type worked best
  • For which industry and business size
  • Starting SEO score range
  • Time to ranking improvement
  • Content performance metrics
  • Backlink quality outcomes
What Is Not Used
Excluded
  • Page content or text
  • Customer names or emails
  • Site URLs or domain names
  • Financial data or credentials
Opt-out available

You can opt out of the cross-client learning system in settings. This disables outcome sharing but does not affect your recommendations or site-specific tracking.

Legal & Compliance

Standards and certifications.

Audited by third parties on the schedules that matter. Documents and DPAs available on request.

GDPR
European Union

Full GDPR compliance. Data processing agreements in place. Right to erasure implemented. DPIA available upon request.

RegionEU / EEA / UK
DPAAvailable on request
ErasureImplemented
CCPA
California, US

California Consumer Privacy Act compliant. Privacy notice available. Data access and deletion requests processed within 30 days.

RegionCalifornia, US
NoticePublic
Requests≤ 30 days
SOC 2
Type II Certified

SOC 2 Type II certification. Annual third-party audit. Access controls, change management, and data security verified.

AuditAnnual third-party
ScopeSecurity · Confidentiality
ReportAvailable under NDA
More Information
For full details on data handling, processing, and your rights.
Privacy Policy Terms of Service Request DPA
Questions?

We’re transparent about security.

Security details aren’t hidden. Ask us anything about our practices, infrastructure, or certifications — we’ll answer plainly and on the record.

Get in Touch See pricing
support@magieseo.com · Replies within one business day
Our Promise
NEVER SOLD

Your data is your business.

We never sell it, share it, or use it for anything beyond improving your SEO.

Scan your site free — no card required
Start for $5 — cancel anytime
Export everything on the way out
Scan Your Site Free Start for $5