Privacy policy at Seonity

At Seoinity.ai, we are deeply committed to the privacy and security of your information. This document provides an overview of our key practices and policies related to data handling and security. While this is not a comprehensive list, it highlights our main procedures and commitments.

Security reports

Should you discover a potential security vulnerability in Seoinity.ai, we encourage you to inform us promptly. Please reach out to security@seoinity.ai with your findings.

Abuse Reports

If you believe that resources from Seoinity.ai are being used for unlawful activities or in violation of our Terms of Service, please to security@seoinity.ai. We take such reports seriously and investigate them promptly to maintain the integrity and security of our platform.

Hosting

Seoinity.ai is hosted on the Amazon Web Services (AWS) platform in the us-east-1 region. Our platform's infrastructure, including the physical hardware and data storage, is located in data centers managed and secured by AWS. For detailed information on AWS's security practices and compliance certifications, please visit this link.

In addition to AWS's robust security measures, Seoinity.ai implements additional safeguards for accessing AWS resources. These include, but are not limited to, the use of multi-factor authentication for AWS access, operating services within a private network that is not accessible via the public internet, among other security controls.

Intrusions

To ensure the security of our infrastructure, Seoinity.ai utilizes Cloudflare WAF, along with custom alerts to monitor and defend against potential cyber threats, including DDoS attacks.
Our team is equipped to respond swiftly to any security incidents, guided by our comprehensive incident response policy.

OAuth keys, API Keys

When you integrate a third-party application with Seoinity.ai, you might be prompted to authorize a Seoinity.ai OAuth application for access to your account, or to provide an API key or other credentials. This section outlines how we handle such grants and keys.

For applications supporting OAuth integration, Seoinity.ai prefers this method. OAuth allows Seoinity.ai to request access to specific resources in your third-party account without needing your long-term credentials. We use short-term access tokens that must be refreshed regularly, and most applications offer a way to revoke Seoinity.ai's access at any time.
In cases where a third-party application doesn't offer OAuth, you may need to provide an API key or another form of authorization. We advise limiting the API key's access to only the necessary resources within Seoinity.ai, if your application allows such restrictions.

Seoinity.ai securely encrypts all OAuth grants, key-based credentials, and environment variables at rest in our production database. This database is housed in a private network, and its backups are also encrypted. The encryption key, managed by AWS KMS, uses 256-bit AES in GCM mode. Only select team members have access to administer these keys, which are rotated annually.

You have the option to delete your OAuth grants or key-based credentials at any time via https://app.seoinity.ai. However, removing OAuth grants within Seoinity.ai does not revoke our access to your third-party account. To do this, you must revoke access through the third-party application's own OAuth management system.

Encryption of Data in Transit and TLS (SSL) Certificates

When accessing Seoinity.ai's web application, all traffic between your device and Seoinity.ai services is encrypted in transit. This ensures that your data remains secure as it moves across the internet.

Regarding the management of certificates, Seoinity.ai leverages the Cloudflare SSL manager for all our certificates, including those used for custom domains. This approach removes the need for our team to handle the private keys of certificates directly, as Cloudflare securely manages them. Additionally, the renewal of these certificates is automated and managed by Cloudflare, ensuring continuous protection without manual intervention.

Data at Rest Encryption

At Seoinity.ai, we ensure the security of our customer's data at rest within our databases and data stores. To manage and secure our encryption keys, we utilize AWS KMS, with all keys being under the control of Seoinity.ai.

Access to administer these keys is strictly limited to a select group of our team members, ensuring high-level security management.

Development process

At Seoinity.ai, we use GitLab for storing and versioning all our production code. This ensures that we have a robust system for tracking changes and maintaining code integrity. To protect our GitLab organization, employee access is secured with multi-factor authentication and a Virtual Private Network.

We have stringent policies in place regarding who can deploy code to production. Only authorized Seoinity.ai employees are permitted to do so. All deployments undergo thorough testing and are closely monitored both before and after release, ensuring the highest standards of quality and security.

Vulnerabilities

Seoinity.ai actively monitors our code, infrastructure, and core applications for any known vulnerabilities. Our team is committed to addressing and resolving critical vulnerabilities promptly and efficiently. This proactive approach to vulnerability management is a key part of our commitment to maintaining a secure and reliable platform for our users.

Payment Processing

Seoinity.ai has partnered with Stripe as our primary payment processor. When you subscribe to any of our paid plans, your payment method details are transmitted to and securely stored by Stripe, by their stringent security policies. It's important to note that Seoinity.ai does not retain any information about your payment method. This ensures maximum security for your financial data, leveraging Stripe's robust and industry-standard security measures.

Youtube

Engaging with any YouTube services accessible through Seoinity scenarios entails interaction with YouTube’s API Services, please refer to https://developers.google.com/youtube/terms/developer-policies#definition-youtube-api-services.

For comprehensive information on Google’s Privacy Policy, please refer to http://www.google.com/policies/privacy.
Upon granting authorization for Seoinity to access your YouTube account, Seoinity will retain basic account information, such as the associated email address. When Seoinity initiates API requests to YouTube, data such as logs or API responses may be retained (please consult Section 1 in the Table of Contents for details). You retain the right to manage this data within your Seoinity account by deleting relevant authorizations or scenarios, thereby removing all corresponding retrieved data.

Furthermore, you have the option to revoke Seoinity's access to your account via https://security.google.com/settings/security/permissions.

Google Limited Use Requirements

Seoinity's utilization and transmission of data acquired from Google APIs to any other application will strictly comply with the Google API Services User Data Policy, which includes adherence to the Limited Use stipulations, please refer to https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes

It is important to note that Google Workspace APIs are not employed for the development, enhancement, or training of generalized or non-personalized artificial intelligence and/or machine learning models.
© 2024 Seonity - AI commmunity as your SEO growth hack

NOCODE LTD
Registration number: HE 449108
community