top of page

Security Measures at seogenie

Security measures

Security Measures at seogenie

Welcome to seogenie, where we take your data security seriously. We have implemented a comprehensive set of security measures across various aspects of our operations to ensure the utmost protection for your data.

Data Centers

Physical Security

Our data centers are physically secure, employing strict access control measures for personnel and third-party access. Regular access reviews, 24/7 monitoring of activities, CCTV surveillance of access points, and intrusion detection systems are standard practice.

Disaster Recovery

Our data centers maintain optimal climate and temperature to prevent overheating and are equipped with automatic fire detection, suppression systems, and water leak detection. We ensure redundancy and maintainability 24/7, and when user data is copied electronically, it's subject to rigorous physical security and encryption.

Uptime Guarantee

We strive for a minimum of 99.9% uptime, with N+1 redundancy in power, network, and HVAC services.

Failover Protection

Our backup and replication strategies are designed to provide redundancy and failover protection. User data is securely backed up and replicated across multiple availability zones.

Redundancy

Our production databases are designed to replicate data between primary and secondary databases, with industry-standard backup methods in place.

HR Security

Confidentiality Agreement

All employees and contractors are required to sign non-disclosure agreements.

Security Awareness

We provide regular security awareness training for employees and maintain informative materials throughout our offices.

Developer Training

Our product developers receive training in secure programming according to OWASP best practices. We also host a Capture the Flag (CTF) challenge annually.

Operational Security

Data in Transit

We use TLS 1.2 or higher encryption (HTTPS) throughout our website, following industry-standard algorithms and certificates.

Access to Personal Data

Personal data is protected with role-based access, encryption in transit, and VPN access for employees. We use tools like Google IAP to enhance access control.

Logging and Monitoring

All infrastructure and application activities are logged, with critical logs forwarded to a SIEM tool for monitoring. Access to logs is restricted to authorized personnel based on roles and responsibilities.

Patch Management

We monitor for security vulnerabilities and implement patches and configuration changes regularly. Periodic vulnerability scanning is performed by authorized QSA services.

Data at Rest

Stored information is encrypted using AES-256 encryption in data centers, while employee workstations are controlled using MDM systems.

Access Control

We employ network access control mechanisms to prevent unauthorized protocols from reaching our service infrastructure. Critical data processing applications use SSO and 2FA for user authentication.

Password Policy

A uniform password policy is implemented for internal services and tools, with encrypted storage and the use of password managers encouraged.

Change Management

We follow a change management approach, ensuring peer-reviewed, tested, and logged changes before deployment into the production environment.

Privacy

Interaction with Contractors

We maintain contractual relationships with third-party suppliers to protect processed data.

Privacy Laws

We adhere to applicable privacy laws, with policies such as the General Data Protection Policy, Privacy Policy, and Subject Access Request Policy in place.

Supplier Security Verification

We continually monitor third-party suppliers using our cybersecurity assessment platform.

Personal Data Retention

We delete personal data when no longer necessary, while retaining copies as required by law or for archival purposes.

GDPR Compliance

We adhere to GDPR requirements, ensuring the collection of minimum necessary information, lawful data processing, and other compliance measures.

Application Security

Separate Environments

Staging, testing, and development environments are logically separated, with no use of personal or service data in testing or development.

SDLC (Secure Software Development Lifecycle)

We integrate security into our software development process, with activities like design review, architecture analysis, code review, and penetration testing integral to our development lifecycle.

Release Management

We use DevOps culture for product delivery, ensuring high-velocity application and service delivery.

 

External Threats Protection

Quality assurance staff continuously test our products, including basic security testing.

 

Code Review

Our Security team selectively reviews code for best practices and software flaws.

 

Penetration Tests

We conduct penetration tests every six months and perform penetration tests of new features weekly.

 

Bug Bounty Program

We invite independent security researchers to discover and disclose security flaws through our Bug Bounty program.

 

Authentication Options

We offer Single Sign-On (SSO) integration with SAML and support Two-Factor Authentication (2FA) for enhanced account security.

Incident Management

System Logging

Our infrastructure is designed for comprehensive system logging. Internal systems aggregate log data and alert personnel to handle security incidents.

Notification in Case of Incident

We notify affected users in case of unlawful data access, providing updates on steps taken to resolve the incident.

Incident Response

We maintain records of security incidents, investigate them thoroughly, and take appropriate steps to minimize damage and prevent future incidents.

Security Management and Compliance

Security Policies and Procedures

We have developed policies communicated to all staff, covering various aspects of information security.

PCI DSS Compliance

We fully implement processes related to PCI DSS compliance, with annual independent audits confirming our Level 1 certification.

Risk Management

Our risk management program identifies, analyzes, evaluates, treats, and reviews information security risks.

 

Cybersecurity Rating

We maintain transparency in our security process with a shared profile on Upguard, providing clients with information about security at seogenie. Our Cyber Security Team constantly monitors our security

Please note that these security measures may be updated or modified from time to time to enhance security without compromising the overall protection of your data.

bottom of page