SEOitis

Legal · Trust

Trust & Security

Last reviewed: 2026-05-16 · Email kalashvasaniya@gmail.com

Encryption

  • All traffic between your browser, our API, and our backend uses TLS 1.2+.
  • Customer secrets (API keys, OAuth refresh tokens, signed-webhook secrets) are encrypted at rest with AES-256-GCM.
  • Public webhook deliveries are HMAC-SHA256 signed with the customer's secret. Verify via X-Pulse-Signature: sha256=....

Authentication

  • Password (Argon2id), Google OAuth, and Microsoft OAuth are available on every plan.
  • Role-based access control (owner, admin, editor, viewer) scopes every workspace action.

Methodology + transparency

Pulse's tracker math (Visibility Score weights, sentiment classifier prompt, K-resample logic, Wilson CIs) is published in our methodology page. Raw engine responses are stored for 90 days so customers can audit any individual citation.

Subprocessors

Full list: /legal/subprocessors. We'll notify customers in writing 30 days before adding a new subprocessor, per our DPA.

SOC 2 + DPA

  • SOC 2 Type II readiness is tracked as a milestone; the report will be shared when the audit is complete.
  • Standard DPA available at /legal/dpa; sign via DocuSign. No negotiation required for the standard form.
  • Sub-processors comply with EU Standard Contractual Clauses where applicable.

Disclosures

  • We do not scrape ChatGPT or Gemini consumer UIs. Google AI Overviews data is sourced via DataForSEO (contractually licensed).
  • LLM responses are non-deterministic; we surface K-resample counts + Wilson 95% CIs so customers see the uncertainty honestly.
  • We don't fuzzy-match brand names: fewer false positives, customers can extend via aliases.
Back to SEOitis home