Security Measures at seogenie
Security measures
Security Measures at seogenie
Welcome to seogenie, where we take your data security seriously. We have implemented a comprehensive set of security measures across various aspects of our operations to ensure the utmost protection for your data.
Data Centers
Physical Security
Our data centers are physically secure, employing strict access control measures for personnel and third-party access. Regular access reviews, 24/7 monitoring of activities, CCTV surveillance of access points, and intrusion detection systems are standard practice.
Disaster Recovery
Our data centers maintain optimal climate and temperature to prevent overheating and are equipped with automatic fire detection, suppression systems, and water leak detection. We ensure redundancy and maintainability 24/7, and when user data is copied electronically, it's subject to rigorous physical security and encryption.
Uptime Guarantee
We strive for a minimum of 99.9% uptime, with N+1 redundancy in power, network, and HVAC services.
Failover Protection
Our backup and replication strategies are designed to provide redundancy and failover protection. User data is securely backed up and replicated across multiple availability zones.
Redundancy
Our production databases are designed to replicate data between primary and secondary databases, with industry-standard backup methods in place.
HR Security
Confidentiality Agreement
All employees and contractors are required to sign non-disclosure agreements.
Security Awareness
We provide regular security awareness training for employees and maintain informative materials throughout our offices.
Developer Training
Our product developers receive training in secure programming according to OWASP best practices. We also host a Capture the Flag (CTF) challenge annually.
Operational Security
Data in Transit
We use TLS 1.2 or higher encryption (HTTPS) throughout our website, following industry-standard algorithms and certificates.
Access to Personal Data
Personal data is protected with role-based access, encryption in transit, and VPN access for employees. We use tools like Google IAP to enhance access control.
Logging and Monitoring
All infrastructure and application activities are logged, with critical logs forwarded to a SIEM tool for monitoring. Access to logs is restricted to authorized personnel based on roles and responsibilities.
Patch Management
We monitor for security vulnerabilities and implement patches and configuration changes regularly. Periodic vulnerability scanning is performed by authorized QSA services.
Data at Rest
Stored information is encrypted using AES-256 encryption in data centers, while employee workstations are controlled using MDM systems.
Access Control
We employ network access control mechanisms to prevent unauthorized protocols from reaching our service infrastructure. Critical data processing applications use SSO and 2FA for user authentication.
Password Policy
A uniform password policy is implemented for internal services and tools, with encrypted storage and the use of password managers encouraged.
Change Management
We follow a change management approach, ensuring peer-reviewed, tested, and logged changes before deployment into the production environment.
Privacy
Interaction with Contractors
We maintain contractual relationships with third-party suppliers to protect processed data.
Privacy Laws
We adhere to applicable privacy laws, with policies such as the General Data Protection Policy, Privacy Policy, and Subject Access Request Policy in place.
Supplier Security Verification
We continually monitor third-party suppliers using our cybersecurity assessment platform.
Personal Data Retention
We delete personal data when no longer necessary, while retaining copies as required by law or for archival purposes.
GDPR Compliance
We adhere to GDPR requirements, ensuring the collection of minimum necessary information, lawful data processing, and other compliance measures.
Application Security
Separate Environments
Staging, testing, and development environments are logically separated, with no use of personal or service data in testing or development.
SDLC (Secure Software Development Lifecycle)
We integrate security into our software development process, with activities like design review, architecture analysis, code review, and penetration testing integral to our development lifecycle.
Release Management
We use DevOps culture for product delivery, ensuring high-velocity application and service delivery.
External Threats Protection
Quality assurance staff continuously test our products, including basic security testing.
Code Review
Our Security team selectively reviews code for best practices and software flaws.
Penetration Tests
We conduct penetration tests every six months and perform penetration tests of new features weekly.
Bug Bounty Program
We invite independent security researchers to discover and disclose security flaws through our Bug Bounty program.
Authentication Options
We offer Single Sign-On (SSO) integration with SAML and support Two-Factor Authentication (2FA) for enhanced account security.
Incident Management
System Logging
Our infrastructure is designed for comprehensive system logging. Internal systems aggregate log data and alert personnel to handle security incidents.
Notification in Case of Incident
We notify affected users in case of unlawful data access, providing updates on steps taken to resolve the incident.
Incident Response
We maintain records of security incidents, investigate them thoroughly, and take appropriate steps to minimize damage and prevent future incidents.
Security Management and Compliance
Security Policies and Procedures
We have developed policies communicated to all staff, covering various aspects of information security.
PCI DSS Compliance
We fully implement processes related to PCI DSS compliance, with annual independent audits confirming our Level 1 certification.
Risk Management
Our risk management program identifies, analyzes, evaluates, treats, and reviews information security risks.
Cybersecurity Rating
We maintain transparency in our security process with a shared profile on Upguard, providing clients with information about security at seogenie. Our Cyber Security Team constantly monitors our security
Please note that these security measures may be updated or modified from time to time to enhance security without compromising the overall protection of your data.