Site Analysis Automatic Implementation Keyword Intelligence Content Creation Backlink Strategy Algorithm Protection Q&A & Reports
How It WorksPricingCompareContactAboutFAQBlog
Run a Free SEO Scan
Your Data is Safe

Security and privacy

Complete transparency about how we protect your site, credentials, and business data. Security runs through everything we build.

Infrastructure

Data encryption

All data is encrypted in transit and at rest using industry-standard cryptography.

In Transit

  • TLS 1.2+ for all connections
  • HTTPS enforced on all endpoints
  • No HTTP fallback
  • Certificate pinning on extension and mobile APIs

At Rest

  • AES-256 encryption for CMS credentials
  • Database encryption (AWS KMS)
  • Separate encryption key per customer
  • Regular key rotation
Authentication

Access controls

Multiple layers of authentication and authorization protect against unauthorized access.

Clerk Authentication

Email, Google OAuth, and magic link authentication via Clerk. Two-factor authentication available. JWTs are short-lived (15 minutes) with refresh tokens (7 days). Session tokens never stored in plain text.

CMS Credentials

Connects via WordPress REST API using Application Passwords. Tokens are stored encrypted (AES-256) and revoked on disconnect. No admin passwords required—ever.

API Authorization

Every API endpoint verifies the authenticated user owns the requested site. Cross-user access returns 403 Forbidden. Rate limiting prevents abuse: 100 requests per minute per user on authenticated endpoints.

Change Safety

Snapshot and rollback

Before any modification to your site, a complete snapshot of the current state is created and stored. This includes all field values, not just the changed field.

24-hour undo window: Click “Undo” within 24 hours of any change to restore previous values instantly. After 24 hours, snapshots are retained for 30 days for audit purposes.

What gets snapshotted

  • Page title before/after
  • Meta description before/after
  • Page content before/after
  • Schema markup changes
  • Image alt text changes
  • Internal link additions/removals
  • Blog post creation/publication
  • Redirect additions

What gets analyzed

  • Which recommendation type worked best
  • For which industry and business size
  • Starting SEO score range
  • Time to ranking improvement
  • Content performance metrics
  • Backlink quality outcomes

What is NOT used

  • Page content or text
  • Customer names or emails
  • Site URLs or domain names
  • Financial data or credentials
Data Privacy

Cross-site insights and anonymization

We track outcomes across all customers to improve recommendations over time. This data is entirely anonymized and aggregated. No individual site data is ever exposed.

Opt-out available: You can opt out of the cross-client learning system in settings. This disables outcome sharing but does not affect your recommendations or site-specific tracking.

Legal & Compliance

Standards and certifications

GDPR

Full GDPR compliance. Data processing agreements in place. Right to erasure implemented. DPIA available upon request.

CCPA

California Consumer Privacy Act compliant. Privacy notice available. Data access and deletion requests processed within 30 days.

SOC 2

SOC 2 Type II certification. Annual third-party audit. Access controls, change management, and data security verified.

More Information

For full details on data handling, processing, and your rights:

Questions?

We're transparent about security

Security details aren't hidden. Ask us anything about our practices, infrastructure, or certifications.

Get in Touch

Your data is your business

We never sell it, share it, or use it for anything beyond improving your SEO.

Start Free TrialOr see your competitors free