Compliance & Security

We maintain rigorous security standards and transparent data practices to ensure your website's infrastructure remains protected, auditable, and fully compliant with global regulations.

SOC 2 Type II Certified ISO 27001 Aligned GDPR Ready 99.99% Uptime SLA

🛡️ Certifications & Standards

Independent audits and continuous monitoring verify that our systems meet industry-leading security and operational benchmarks.

SOC 2 Type II Verified

Validated controls for security, availability, processing integrity, confidentiality, and privacy through annual third-party audits.

ISO/IEC 27001 Aligned

Information Security Management System (ISMS) framework implemented across all development, deployment, and data handling pipelines.

GDPR & CCPA Compliant

Full compliance with EU General Data Protection Regulation and California Consumer Privacy Act, including data subject rights workflows.

WAF & DDoS Protection Active

Enterprise-grade Web Application Firewall and automated traffic scrubbing to mitigate Layer 3/4/7 attacks in real-time.

🔒 Security & Data Governance

Detailed breakdown of how we protect your data, manage access, and maintain regulatory compliance across our infrastructure.

All data in transit is encrypted using TLS 1.3 with HSTS enforcement. At rest, data is encrypted using AES-256 via cloud provider managed keys and customer-managed KMS options.

  • Zero-knowledge architecture for sitemap content indexing
  • Automated rotation of encryption keys and API credentials
  • Strict data minimization: we only store URLs, metadata, and indexing signals
  • No PII collection unless explicitly provided for team access management

Role-based access control (RBAC) and mandatory multi-factor authentication (MFA) for all administrative and API access levels.

  • SSO integration via SAML 2.0 and OIDC for enterprise accounts
  • Granular permission scopes (read-only, editor, admin, service accounts)
  • Automated session termination after 15 minutes of inactivity
  • Real-time audit logging for all privilege escalations and config changes

We guarantee 99.99% availability measured monthly across all API endpoints and dashboard services. Infrastructure spans multiple regions with automated failover.

  • Geo-redundant databases with continuous replication
  • Automated backups every 4 hours with 30-day retention
  • Incident response playbooks tested quarterly via tabletop exercises
  • Financial credits issued per SLA terms if uptime thresholds are breached

We maintain a transparent, updated list of all third-party service providers. You retain control over data residency preferences where applicable.

  • Cloud hosting: AWS & Google Cloud (US, EU, APAC regions)
  • Analytics & monitoring: Datadog, Sentry, LogRocket
  • Authentication: Auth0 (SOC 2/ISO 27001 certified)
  • Right to request subprocessor removal or data region locking on Enterprise plans

📄 Legal & Compliance Documents

Download our latest policies, data processing agreements, and security documentation for internal review or procurement compliance.

📑

Data Processing Agreement (DPA)

Outlines responsibilities for data controllers and processors under GDPR and CCPA. Includes standard contractual clauses.

Download PDF →
🏥

Business Associate Agreement (BAA)

Available for healthcare-adjacent implementations requiring HIPAA-aligned data handling commitments.

Download PDF →
🛡️

Security Whitepaper

Comprehensive overview of our infrastructure, encryption standards, access controls, and incident response protocols.

Download PDF →
🌍

Privacy Policy

Detailed explanation of data collection, usage, retention, sharing practices, and user rights management.

View Online →

Questions About Compliance?

Our trust and compliance team is available to assist with security reviews, procurement questionnaires, data residency requirements, or custom SLA configurations.

📧 compliance@sitemap.xml