SearchPilot's Security Portal

How we protect your data

At SearchPilot, our commitment to security and privacy is integrated into every aspect of our operations. To protect your data, we have implemented a comprehensive set of controls and processes, including:

Continuous Security & Privacy Assessments:
We regularly review and enhance our security and privacy measures to ensure that any customer data processed by our systems is fully protected.
Robust Employee Training:
All team members receive thorough security and privacy training during onboarding, with ongoing education and regular refresher sessions to keep best practices top of mind.
Strict Vendor Management:
Our third-party vendor contracts mandate that all partners meet our rigorous data protection and privacy standards, ensuring that your data is handled securely throughout our supply chain.
Integrated Security Procedures:
Security and privacy controls are embedded in our standard operating procedures, ensuring consistent protection across every process within our organization.
Advanced Threat Monitoring:
We employ industry-leading security monitoring and automated risk management systems that continuously detect potential threats and promptly address vulnerabilities, keeping our environment secure.
Comprehensive Information Security Program:
Our risk-based approach to security includes:
- Up-to-date information security policies and procedures.
- Background checks for new hires (as permitted by law).
- Mandatory, regular security awareness training for all employees.
- Rigorous vendor risk management processes.
- Robust data classification, handling, and retention practices.
- Strict access controls based on the principle of least privilege, with regular reviews of user access.
- Comprehensive network and endpoint protection.
- Rigorous change and patch management procedures.
- A secure software development lifecycle that integrates security at every stage.
- Proactive business continuity and disaster recovery planning.
- Clearly defined incident response processes to address any security events swiftly.

How does SearchPilot ensure data privacy and compliance with regulations like GDPR?

ISO27001 Certification: We work with independent third parties to certify our security and compliance procedures. We’re ISO27001 certified (very similar to SOC2) and HIPAA compliant. For eCommerce websites, we are assessed as a Service Provider under PCI DSS v3.1.

Data Minimisation: The SearchPilot platform does not store any Personally Identifiable Information (PII) of our customers’ website users and the statistical analysis engine does not process any PII from analytics data.

Strong Policies: We maintain a comprehensive privacy policy detailing the types of data collected, how it's used, stored, secured, and shared (including any sub-processors).

Data Processing Agreements (DPAs): We offer DPAs to customers as required by GDPR, outlining the roles and responsibilities of the data controller (the customer) and the data processor (SearchPilot).

User Rights: We have appropriate processes to handle data subject requests (access, rectification, erasure, etc.) as mandated by GDPR.

Security Measures: We employ technical and organizational security measures to protect data from unauthorised access or breaches, monitored and managed by our ISO27001 information security management system and certification.

Training and Internal Processes: All SearchPilot team members undergo annual training in information security, cybersecurity, and secure working.

How is SearchPilot’s platform designed to handle high volumes of traffic?

SearchPilot operates in 8 AWS regions across the globe.

In each AWS region, traffic is load balanced across an auto-scaling group of servers. At times of high load, new servers are automatically provisioned to maintain a certain level of redundancy in platform capacity.

Each server can fall back to being a transparent proxy in the event of an application error.

In the unlikely case of a catastrophic failure or complete outage of AWS, the default is to route around SearchPilot, ensuring your site stays up and available.

You can read more on our For Engineers page.

How frequently are your security protocols and controls updated?

As an ISO 27001 certified company, our security protocols and controls are reviewed and updated through a continuous improvement process. This includes formal reviews at least annually as part of our Information Security Management System (ISMS) requirements, as well as more frequently in response to changes in the threat landscape, technology, business needs, or following security incidents and vulnerability assessments.

Do you offer a Service Level Agreement (SLA) that guarantees platform uptime and performance?

Yes. We offer a standard SLA committing to 99.95% uptime.

Do you offer out of hours emergency support?

Yes. We offer standard support during normal business hours, but 24/7 emergency support for service disruptions affecting our customers’ critical business functions

Where does SearchPilot process data?

SearchPilot operates in 8 AWS regions across the globe in order to be able to offer high performance processing near to your users, wherever they are accessing your website from. This also enables a high degree of redundancy and resiliency.

For customers with specific data residency requirements, we can “pin” your deployment to certain subsets of our regions – to process your data only within the EU, for example.

Who should I contact if I have additional questions about your security and compliance practices?

You can contact us via our "Contact Us" form.

Trusted by Leading SEO Teams Worldwide

ISO27001 Compliant

PCI Compliant

HIPAA Compliant