Security is a high priority at seoClarity. It is critical to our enterprise clients worldwide that we ensure their security and confidentiality is secured at all levels.
seoClarity is a SaaS-based solution that requires nothing other than a web browser to access all our great capabilities.
Since we deal with huge clients and large data sets, we have enterprise security for an enterprise solution.
We have extreme trust and transparency with our clients and partners, and we want to extend that trust to you to show how rigorous our approach to security is.
Every security assessment we are asked to complete for our clients includes several key components:
This statement alone almost always drops our solution into the “Low Risk” solutions category with every enterprise IT team. Here’s why…
Personally Identifiable Information, or PII, is any data that can be used to identify a specific individual.
Think social security numbers or phone numbers, or even IP addresses and emails.
Payment Card Information, or PCI, is similarly concerned with financial information security.
Both PII and PCI are extremely confidential, and dealing with such data mandates that you are stringent and secure at all levels of data interaction.
seoClarity does not collect any PII from our clients, and we have no need for PCI data either.
Let me explain the five types of data we do collect for our clients to put this in context. Some of this data is publicly available, and other is kept confidential and is only included within your client profile.
We aggregate publicly available data such as search engine result pages and backlinks found on web pages and aggregate the same for the purpose of reports and analysis.
In order for us to gather the data and create the reports and analysis for you in performance of our service, you may choose to provide us with inputs such as keywords and pages to track and analyze.
You may choose to provide us access to your aggregated, non-personally identifiable performance data, such as the total number of visits to a page on a particular date, in order to aid the reporting and analysis.
Similar to analytics data, you may choose to provide us access to your server log data. We require all server log data to contain data specific only to search engines.
During the review process, if any data is found from non-search engine user agents, no data will be stored or processed.
For the purpose of providing our service, we require you to provide us a list of email addresses and names of users that you authorize to access your profile(s) within seoClarity.
For the purpose of securing our service, we track and log every login attempt into the platform by each user and the IP address from which the attempt originated.
And for the purpose of improving our service, we track and log specific actions undertaken by users in the platform.
Proving our commitment to safeguarding the security and confidentiality of your data, we have successfully completed a SOC 2 audit.
seoClarity platform users are only granted access to seoClarity when the client administrator adds them to the platform. User access levels can be set in a variety of ways to help manage large sets of users and/or those that only need to use specific capabilities or see specific sets of data.
We provide three ways for clients to authenticate into the seoClarity platform. The first is the standard username and password. This is, of course, fully encrypted and secure.
The second approach is with Single-Sign-On (SSO). SSO allows organizations to require that their users log in to their Google or Microsoft account in order to get access to seoClarity.
This level of authentication is great since IT teams can centrally control access to their enterprise applications.
SSO also reduces the potential of data breaches, and it leverages existing security features like two-factor authentication setup within your organization.
The third approach is similar to SSO, which is SAML 2.0 authentication services. (SAML is short for Security Assertion Markup Language.)
Some organizations have implemented a SAML solution to provide an authentication service that is independent of any systems they use. seoClarity operates on SAML 2.0 and can integrate with any SAML, such as Okta.
Any of these approaches to user authentication still requires that the seoClarity administrator add the user to the seoClarity platform in the first place. From there, the desired authentication method can be used to gain access.
Many companies have valid concerns about using generative AI regarding the security of sensitive data. That's why we believe every technology and platform provider needs an AI policy.
At seoClarity, the framework that guides our AI-driven developments is known as the seoClarity AI Manifesto. Just like everything we create, this living document was shaped by our clients and will be continuously updated.
Here is a condensed version:
We believe the transparency that our manifesto provides is essential for building trust and helping us accelerate secure and responsible innovations.
As a cloud-based SaaS solution, security teams sometimes want to understand our policies and practices as to how we manage our infrastructure.
Their concerns are rooted in understanding everything related to how their data is handled in our environment.
There are many topics that can be asked in these key areas:
… and so on. These are incredibly important questions — all of which we take very seriously. For these and other related questions, we have a complete set of documentation available for our clients and their security teams.
Even though the nature of our data often puts us in the low-risk category, we do take these risks seriously and we plan accordingly.
One of the most important topics discussed with security and personally identifiable information is the whole concept of individual privacy. We see data breaches from major vendors more often than any of us would like, so having a proactive policy in place is essential.
The General Data Protection Regulation, or GDPR, was put in place in 2018 across the European Union and the European Economic Area to provide regulations on data protection and privacy.
There are a lot of components to these regulations, including the disclosure and transparency of data collection and the right to be forgotten. California also put in place the California Consumer Privacy Act, or CCPA, in June of 2018 that covers many of the same principles and goals.
Even though we do not collect any data that contains PII, we still support and adhere to these important sets of regulations. We provide transparency and protection, and of course we support our clients and their rights to ask for and have their data removed.
Nearly every company has a formal privacy policy in place much like our seoClarity Privacy Policy.
Every brand we work with is incredibly focused on security and privacy throughout their entire organization. Even though we do not handle our client’s PII data, as an enterprise platform, we place the utmost importance on our security.
Our clients put their trust in seoClarity to solve a myriad of marketing challenges, and they expect that we will do so with an absolute concern for security and privacy.
After all, trust is important in every relationship. For more information on the agreement between clients and seoClarity, review our Terms of Use.
>>>Editor's Note: This post was originally published in April 2020 and has been updated.<<<