Security Policy

At SEOgent, operated by DGrigg Development Inc, security is foundational to our Service. This policy outlines the measures we take to protect your data and our infrastructure.

1. Infrastructure Security

• Our application is hosted on secure, monitored infrastructure with regular security updates.
• All data in transit is encrypted using TLS 1.2 or higher (HTTPS).
• All data at rest is encrypted using AES-256 encryption.
• Database access is restricted to application services only — no direct external access is permitted.

2. Application Security

• Passwords are hashed using encryption algorithms and never stored in plain text.
• Authentication is managed with CSRF protection on all forms.
• API access is secured with token-based authentication.
• All user inputs are validated and sanitized to prevent injection attacks.
• Rate limiting is enforced on authentication endpoints and API routes.

3. Payment Security

• All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor.
• We never store, process, or have access to your full credit card numbers.
• Payment method tokens are securely managed through Stripe's API.

4. Data Isolation

• Scan data is isolated per account — users cannot access another user's scan results or reports.
• All database queries are scoped to the authenticated user's account.
• API tokens are unique per user and can be revoked at any time.

5. Crawl Security

• SEOgent only crawls publicly accessible web pages that you explicitly request.
• Our crawler identifies itself with a clear User-Agent string.
• We respect robots.txt directives and crawl rate limits.
• Crawl requests are processed in isolated, sandboxed environments.

6. Access Controls

• Access to production systems is limited to authorized personnel on a need-to-know basis.
• All administrative access is logged and auditable.
• We follow the principle of least privilege for all system access.

7. Security Audits

• We perform regular security reviews of our codebase and infrastructure.
• Dependencies are monitored for known vulnerabilities and updated promptly.
• We use automated tools to scan for common security issues (OWASP Top 10).

8. Compliance

SEOgent is designed to comply with:

• PIPEDA (Personal Information Protection and Electronic Documents Act) — Canada's federal privacy law.
• GDPR (General Data Protection Regulation) — for users in the European Economic Area.

For details on data collection and your rights, see our Privacy Policy.

9. Third-Party Data Processors

We use the following third-party services that may process your data:

• Stripe — Payment processing
• Google Analytics — Anonymized usage analytics

Each processor is evaluated for their security practices and compliance with applicable data protection laws.

10. Vulnerability Disclosure

If you discover a security vulnerability in SEOgent, we encourage responsible disclosure. Please report it to [email protected] with:

• A description of the vulnerability and its potential impact.
• Steps to reproduce the issue.
• Your contact information for follow-up.

We will acknowledge your report within 48 hours and work to resolve confirmed vulnerabilities promptly. We ask that you do not publicly disclose the vulnerability until we have had an opportunity to address it.

11. Contact Us

For security-related inquiries, contact us at:

DGrigg Development Inc
Email: [email protected]