Security is a high priority at seoClarity. It is critical to our enterprise clients worldwide that we ensure their security and confidentiality is secured at all levels.
seoClarity is a SaaS-based solution that requires nothing other than a web browser to access all our great capabilities.
Since we deal with huge clients and large data sets, we have enterprise security for an enterprise solution.
We have extreme trust and transparency with our clients and partners, and we want to extend that trust to you to show how rigorous our approach to security is.
Every security assessment we are asked to complete for our clients includes several key components:
- PII and Confidential information
- User Authentication, Access Management: SSO and SAML 2.0
- The Secure Use of Generative AI in Enterprise SEO
- Business Continuity, Security and Disaster Recovery
- Privacy, GDPR and Related Programs
We Do Not Deal with Any Client PII or PCI Data.
This statement alone almost always drops our solution into the “Low Risk” solutions category with every enterprise IT team. Here’s why…
Personally Identifiable Information, or PII, is any data that can be used to identify a specific individual.
Think social security numbers or phone numbers, or even IP addresses and emails.
Payment Card Information, or PCI, is similarly concerned with financial information security.
Both PII and PCI are extremely confidential, and dealing with such data mandates that you are stringent and secure at all levels of data interaction.
seoClarity does not collect any PII from our clients, and we have no need for PCI data either.
Non-Personally Identifiable Information We Do Collect
Let me explain the five types of data we do collect for our clients to put this in context. Some of this data is publicly available, and other is kept confidential and is only included within your client profile.
1. Publicly Available Data (Public)
We aggregate publicly available data such as search engine result pages and backlinks found on web pages and aggregate the same for the purpose of reports and analysis.
2. Client Tracking Input (Confidential)
In order for us to gather the data and create the reports and analysis for you in performance of our service, you may choose to provide us with inputs such as keywords and pages to track and analyze.
3. Client-specific Aggregated Data (Confidential)
You may choose to provide us access to your aggregated, non-personally identifiable performance data, such as the total number of visits to a page on a particular date, in order to aid the reporting and analysis.
4. Client-specific Server Logs (Confidential)
Similar to analytics data, you may choose to provide us access to your server log data. We require all server log data to contain data specific only to search engines.
During the review process, if any data is found from non-search engine user agents, no data will be stored or processed.
5. Client's User-specific Information (Confidential)
For the purpose of providing our service, we require you to provide us a list of email addresses and names of users that you authorize to access your profile(s) within seoClarity.
For the purpose of securing our service, we track and log every login attempt into the platform by each user and the IP address from which the attempt originated.
And for the purpose of improving our service, we track and log specific actions undertaken by users in the platform.
User Authentication, Access Management: SSO and SAML 2.0
seoClarity platform users are only granted access to seoClarity when the client administrator adds them to the platform. User access levels can be set in a variety of ways to help manage large sets of users and/or those that only need to use specific capabilities or see specific sets of data.
We provide three ways for clients to authenticate into the seoClarity platform. The first is the standard username and password. This is, of course, fully encrypted and secure.
The second approach is with Single-Sign-On (SSO). SSO allows organizations to require that their users log in to their Google or Microsoft account in order to get access to seoClarity.
This level of authentication is great since IT teams can centrally control access to their enterprise applications.
SSO also reduces the potential of data breaches, and it leverages existing security features like two-factor authentication setup within your organization.
The third approach is similar to SSO, which is SAML 2.0 authentication services. (SAML is short for Security Assertion Markup Language.)
Some organizations have implemented a SAML solution to provide an authentication service that is independent of any systems they use. seoClarity operates on SAML 2.0 and can integrate with any SAML, such as Okta.
Any of these approaches to user authentication still requires that the seoClarity administrator add the user to the seoClarity platform in the first place. From there, the desired authentication method can be used to gain access.
The Secure Use of Generative AI in Enterprise SEO
Many companies have valid concerns about using generative AI regarding the security of sensitive data. That's why we believe every technology and platform provider needs an AI policy.
At seoClarity, the framework that guides our AI-driven developments is known as the seoClarity AI Manifesto. Just like everything we create, this living document was shaped by our clients and will be continuously updated.
Here is a condensed version:
- Core Purpose: The intention of the technology we build is to augment human capabilities, not replace them.
- Ethical, Responsible Use of AI: Our SaaS product will not be utilized to deceive users or engage in anti-competitive practices.
- Data Privacy and Security: The security and privacy of our client's data is of paramount importance to us. We adhere to industry best practices and comply with relevant regulations to protect user data.
- Respect for Intellectual Property: Our AI SaaS product will not be designed or intended to facilitate the unauthorized reproduction, distribution, or misuse of copyrighted materials.
- Continuous Improvement: We recognize that the field of AI is rapidly evolving, and we commit to staying at the forefront of advancements to keep our clients on the cutting edge.
- Customization & Control: We believe the only real moat is access to exclusive data. We will invest in both customizability of LLMs for each client’s purpose and control over how it is applied.
We believe the transparency that our manifesto provides is essential for building trust and helping us accelerate secure and responsible innovations.
Business Continuity, Security and Disaster Recovery
As a cloud-based SaaS solution, security teams sometimes want to understand our policies and practices as to how we manage our infrastructure.
Their concerns are rooted in understanding everything related to how their data is handled in our environment.
There are many topics that can be asked in these key areas:
- Do you have a business continuity, or contingency plans, in place?
- Where does our data live?
- How is the application secure?
- Do you have a disaster recovery plan?
- What is your incident response plan?
- Do you perform penetration testing and audits?
- How do you encrypt our data — in motion, or at rest?
… and so on. These are incredibly important questions — all of which we take very seriously. For these and other related questions, we have a complete set of documentation available for our clients and their security teams.
Even though the nature of our data often puts us in the low-risk category, we do take these risks seriously and we plan accordingly.
Privacy, GDPR and Related Programs
One of the most important topics discussed with security and personally identifiable information is the whole concept of individual privacy. We see data breaches from major vendors more often than any of us would like, so having a proactive policy in place is essential.
The General Data Protection Regulation, or GDPR, was put in place in 2018 across the European Union and the European Economic Area to provide regulations on data protection and privacy.
There are a lot of components to these regulations, including the disclosure and transparency of data collection and the right to be forgotten. California also put in place the California Consumer Privacy Act, or CCPA, in June of 2018 that covers many of the same principles and goals.
Even though we do not collect any data that contains PII, we still support and adhere to these important sets of regulations. We provide transparency and protection, and of course we support our clients and their rights to ask for and have their data removed.
Every brand we work with is incredibly focused on security and privacy throughout their entire organization. Even though we do not handle our client’s PII data, as an enterprise platform, we place the utmost importance on our security.
Our clients put their trust in seoClarity to solve a myriad of marketing challenges, and they expect that we will do so with an absolute concern for security and privacy.
>>>Editor's Note: This post was originally published in April 2020 and has been updated.<<<