Security is a high priority at seoClarity. It is critical to our enterprise clients worldwide that we ensure their security and confidentiality is secured at all levels.
seoClarity is a SaaS-based solution that requires nothing other than a web browser to access all our great capabilities. Since we deal with huge clients and large data-sets, we have enterprise security for an enterprise solution.
We have extreme trust and transparency with our clients and partners, and we want to extend that trust to you to show how rigorous our approach to security is.
Every security assessment we are asked to complete for our clients includes several key components:
- PII and Confidential information
- User Authentication, Access Management: SSO and SAML 2.0
- Business Continuity, Security and Disaster Recovery
- Privacy, GDPR and Related Programs
We Do Not Deal with Any Client PII or PCI Data.
This statement alone almost always drops our solution into the “Low Risk” solutions category with every enterprise IT team. Here’s why…
Personally Identifiable Information, or PII, is any data that can be used to identify a specific individual. Think social security numbers or phone numbers, or even IP addresses and emails. Payment Card Information, or PCI, is similarly concerned with financial information security. Both PII and PCI are extremely confidential, and dealing with such data mandates that you are stringent and secure at all levels of data interaction.
seoClarity does not collect any PII from our clients, and we have no need for PCI data either.
Non-Personally Identifiable Information We Do Collect
Let me explain the five types of data we do collect for our clients to put this in context. Some of this data is publicly available, and other is kept confidential and is only included within your client profile.
1. Publicly Available Data (Public)
We aggregate publicly available data such as search engine result pages and backlinks found on web pages and aggregate the same for the purpose of reports and analysis.
2. Client Tracking Input (Confidential)
In order for us to gather the data and create the reports and analysis for you in performance of our service, you may choose to provide us with inputs such as keywords and pages to track and analyze.
3. Client-specific Aggregated Data (Confidential)
You may choose to provide us access to your aggregated, non-personally identifiable performance data, such as the total number of visits to a page on a particular date, in order to aid the reporting and analysis.
4. Client-specific Server Logs (Confidential)
Similar to analytics data, you may choose to provide us access to your server log data. We require all server log data to contain data specific only to search engines. During the review process, if any data is found from non-search engine user agents, no data will be stored or processed.
5. Client's User-specific Information (Confidential)
For the purpose of providing our service, we require you to provide us a list of email addresses and names of users that you authorize to access your profile(s) within seoClarity. For the purpose of securing our service, we track and log every login attempt into the platform by each user and the IP address from which the attempt originated. And for the purpose of improving our service, we track and log specific actions undertaken by users in the platform.
User Authentication, Access Management: SSO and SAML 2.0
seoClarity platform users are only granted access to seoClarity when the client administrator adds them to the platform. User access levels can be set in a variety of ways to help manage large sets of users and/or those that only need to use specific capabilities or see specific sets of data.
We provide three ways for clients to authenticate into the seoClarity platform. The first is the standard username and password. This is, of course, fully encrypted and secure.
The second approach is with Single-Sign-On (SSO). SSO allows organizations to require that their users log in to their Google or Microsoft account in order to get access to seoClarity. This level of authentication is great since IT teams can centrally control access to their enterprise applications. SSO also reduces the potential of data breaches, and it leverages existing security features like two-factor authentication setup within your organization.
The third approach is similar to SSO, which is SAML 2.0 authentication services. (SAML is short for Security Assertion Markup Language.) Some organizations have implemented a SAML solution to provide an authentication service that is independent of any systems they use. seoClarity operates on SAML 2.0 and can integrate with any SAML, such as Okta.
Any of these approaches to user authentication still requires that the seoClarity administrator add the user to the seoClarity platform in the first place. From there, the desired authentication method can be used to gain access.
Business Continuity, Security and Disaster Recovery
As a cloud-based SaaS solution, security teams sometimes want to understand our policies and practices as to how we manage our infrastructure. Their concerns are rooted in understanding everything related to how their data is handled in our environment.
There are many topics that can be asked in these key areas:
- Do you have a business continuity, or contingency plans, in place?
- Where does our data live?
- How is the application secure?
- Do you have a disaster recovery plan?
- What is your incident response plan?
- Do you perform penetration testing and audits?
- How do you encrypt our data — in motion, or at rest?
… and so on. These are incredibly important questions — all of which we take very seriously. For these and other related questions, we have a complete set of documentation available for our clients and their security teams. Even though the nature of our data often puts us in the low-risk category, we do take these risks seriously and we plan accordingly.
Privacy, GDPR and Related Programs
One of the most important topics discussed with security and personally identifiable information is the whole concept of individual privacy. We see data breaches from major vendors more often than any of us would like, so having a proactive policy in place is essential.
The General Data Protection Regulation, or GDPR, was put in place in 2018 across the European Union and the European Economic Area to provide regulations on data protection and privacy. There are a lot of components to these regulations, including the disclosure and transparency of data collection and the right to be forgotten. California also put in place the California Consumer Privacy Act, or CCPA, in June of 2018 that covers many of the same principles and goals.
Even though we do not collect any data that contains PII, we still support and adhere to these important sets of regulations. We provide transparency and protection, and of course we support our clients and their rights to ask for and have their data removed.
Every brand we work with is incredibly focused on security and privacy throughout their entire organization. Even though we do not handle our client’s PII data, as an enterprise platform, we place the utmost importance on our security.