Security is a high priority at seoClarity. It is critical to our enterprise clients worldwide that we ensure their security and confidentiality is secured at all levels.
seoClarity is a SaaS-based solution that requires nothing other than a web browser to access all our great capabilities. Since we deal with huge clients and large data-sets, we have enterprise security for an enterprise solution.
We have extreme trust and transparency with our clients and partners, and we want to extend that trust to you to show how rigorous our approach to security is.
Every security assessment we are asked to complete for our clients includes several key components:
- PII and Confidential information
- User Authentication and Access Management
- Business Continuity, Security and Disaster Recovery
- Privacy, GDPR and Related Programs
We Do Not Deal with Any Client PII or PCI Data.
This statement alone almost always drops our solution into the “Low Risk” solutions category with every enterprise IT team. Here’s why…
Personally Identifiable Information, or PII, is any data that can be used to identify a specific individual. Think social security numbers or phone numbers, or even IP addresses and emails. Payment Card Information, or PCI, is similarly concerned with financial information security. Both PII and PCI are extremely confidential, and dealing with such data mandates that you are stringent and secure at all levels of data interaction.
seoClarity does not collect any PII from our clients, and we have no need for PCI data either. Let me explain the three types of data we do collect for our clients to put this in context:
1. Publicly Available Ranking Data
We crawl the web every day and collect SEO ranking data in every country and every search engine available. Think of searching for something in Google — we collect those results as ranking data. All of that information is publicly available, and none of it contains any PII data.
2. Client Analytics
Many of our clients choose to integrate their website analytics into seoClarity for reporting, analysis and insights. For example, this may be Google Analytics and Google Search Console information. Many also choose to integrate their paid search analytics into seoClarity for the same reasons.
This client-provided data is extremely confidential and we treat it with the utmost security. But none of this data contains any personal information — no PII. All of the information is aggregated/anonymized, so there is no PII to even consider.
3. Server Log / Bot Log Information
We have built a great feature called Bot Clarity into the seoClarity platform. It provides you the capability to analyze server log files to understand bot activity and correlate the activity with your rankings and analytics data.
Clients provide their log files to us directly to ingest and process within Bot Clarity. The raw log files could contain PII, so we work with our clients in advance and provide specific directions for the data we need. Clients then filter that information before sending us their files. Many IT teams are familiar with this exercise so there is no PII in the resulting files they provide us.
Once security teams understand what seoClarity does and the types of data we use, they realize that we don’t have any PII or PCI data about their clients and drop us to “Low Risk.”
One caveat: in the true sense of PII we do know the username, email and IP address for the users of our platform. While this information is PII data and we treat it extremely securely, security teams are generally concerned with their client data in the context of PII.
User Authentication and Access Management
seoClarity platform users are only granted access to seoClarity when the client administrator adds them to the platform. User access levels can be set in a variety of ways to help manage large sets of users and/or those that only need to use specific capabilities or see specific sets of data.
We provide three ways for clients to authenticate into the seoClarity platform. The first is the standard username and password. This is, of course, fully encrypted and secure.
The second approach is with Single-Sign-On (SSO). SSO allows organizations to require that their users log in to their Google or Microsoft account in order to get access to seoClarity. This level of authentication is great since IT teams can centrally control access to their enterprise applications. SSO also reduces the potential of data breaches, and it leverages existing security features like two-factor authentication setup within your organization.
The third approach is similar to SSO, which is SAML authentication services. Some organizations have implemented an SAML solution to provide an authentication service that is independent of any systems they use. seoClarity can integrate with any SAML, such as Okta.
Any of these approaches to user authentication still requires that the seoClarity administrator add the user to the seoClarity platform in the first place. From there, the desired authentication method can be used to gain access.
Business Continuity, Security and Disaster Recovery
As a cloud-based SaaS solution, security teams sometimes want to understand our policies and practices as to how we manage our infrastructure. Their concerns are rooted in understanding everything related to how their data is handled in our environment.
There are many topics that can be asked in these key areas:
- Do you have a business continuity, or contingency plans, in place?
- Where does our data live?
- How is the application secure?
- Do you have a disaster recovery plan?
- What is your incident response plan?
- Do you perform penetration testing and audits?
- How do you encrypt our data — in motion, or at rest?
… and so on. These are incredibly important questions — all of which we take very seriously. For these and other related questions, we have a complete set of documentation available for our clients and their security teams. Even though the nature of our data often puts us in the low-risk category, we do take these risks seriously and we plan accordingly.
Privacy, GDPR and Related Programs
One of the most important topics discussed with security and personally identifiable information is the whole concept of individual privacy. We see data breaches from major vendors more often than any of us would like, so having a proactive policy in place is essential.
The General Data Protection Regulation, or GDPR, was put in place in 2018 across the European Union and the European Economic Area to provide regulations on data protection and privacy. There are a lot of components to these regulations, including the disclosure and transparency of data collection and the right to be forgotten. California also put in place the California Consumer Privacy Act, or CCPA, in June of 2018 that covers many of the same principles and goals.
Even though we do not collect any data that contains PII, we still support and adhere to these important sets of regulations. We provide transparency and protection, and of course we support our clients and their rights to ask for and have their data removed.
Every brand we work with is incredibly focused on security and privacy throughout their entire organization. Even though we do not handle our client’s PII data, as an enterprise platform, we place the utmost importance on our security.