Sitebulb Security

Sitebulb works hard to ensure industry leading data security and privacy standards are implemented, to ensure we safeguard our users' data. 

Security measures

This page describes the technical and organisational security measures implemented by Sitebulb. Sitebulb may update or modify these security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Sitebulb's services.

Security of data centers

Data centers

Sitebulb stores its service data at physically secure data centers at Prostack, in the United Kingdom.

Sitebulb Cloud data is stored in physically secure data centers managed by Prostack, both in the UK and in the US.

Data center compliance

Prostack's UK data center has the relevant best practice compliance certificates, which include ISO 27001:2013, ISO 14001:2015, and ISO 9001:2015.

Prostack's US data center is located in Atlanta, and the facility is compliant with SOC II, HIPPA and PCI.

Physical security of data centers

Physical security of data centers is ensured through a number of measures, as detailed in Prostack's Information Security Policy. This includes carrying out regular monitoring of security threats and the testing/auditing of the effectiveness of control measures; and the maintenance of a risk treatment plan that is focused on eliminating or reducing security threats.

Disaster recovery

Data centers manage climate and temperature to prevent overheating. They are equipped with automatic fire detection and suppression systems, as well as water leak detection systems. In addition, electrical and mechanical equipment are monitored. All data centers are redundant and maintainable 24/7. When user data is copied electronically by Sitebulb outside the data center, appropriate physical security is maintained, and the data is encrypted at all times.

Network & infrastructure

Prostack's network infrastructure is designed with redundancy at every point. This covers the hardware and network path from the server's network card to the internet port on their border routers. Aside from scheduled maintenance, their network will be available 100% of the time.

Prostack's hardware infrastructure (power and cooling) is designed with similar redundancies. They operate diverse power feeds (A + B) backed by battery UPS (Uninterruptible Power Supply) units, as well as N+1 generators onsite. They guarantee power availability 100% of the time.

Failover protection

Back-up and replication strategies are designed to ensure redundancy and failover protections during a significant processing failure. Sitebulb uses commercially reasonable efforts to create frequent, encrypted back-up copies of the user data, and these are stored in geographically separate locations.

HR security

Confidentiality agreement

Our employees and contractors are required to sign a non-disclosure agreement before starting work.

Security awareness

We provide security awareness training for all new employees.

Developer training

Our product developers undergo continuous development and training in accordance with OWASP best practices for secure programming.

Operational security

Data in transit

Sitebulb uses TLS 1.2 or higher encryption (also referred to as HTTPS communication protocol) everywhere on the website. Sitebulb HTTPS implementation uses industry-standard algorithms and certificates.

Access to personal data

Personal data is protected by an appropriate level of security designed to prevent unauthorized data access. Personal data is limited to rolebased access by personnel on a need-to-know basis. Personal data is encrypted in transit. 

Logging and monitoring

All infrastructure and application activities are logged, and the most critical are forwarded to a SIEM tool for monitoring. Access to audit trails and logs is restricted to authorized personnel based on roles and responsibilities.

Patch management

Sitebulb has established a process of monitoring for security vulnerabilities, acquiring, testing, and regularly implementing patches (software updates) or configuration changes into the related application/systems across company infrastructure.

Data at rest

Stored information is protected by encryption. Data centers use AES-256 encryption for secure data storage, while employees' workstations are controlled using the MDM system. We use strong encryption methods in an effort to store information on our endpoints securely.

Access control

Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the Sitebulb service infrastructure. All applications that process critical data use SSO and 2FA to authenticate users.

Password policy

Sitebulb has implemented a uniform password policy for its internal services and correspondent tools and features. All passwords must fulfill defined minimum requirements and are stored in encrypted form. 

Change management

Sitebulb has established a change management approach, which reduces the likelihood of unauthorized or destructive changes in applications and systems. All changes are peer-reviewed, tested and logged for audit purposes prior to deployment into the production environment.

Privacy

Interaction with contractors

Sitebulb relies on contractual agreements, privacy policies, and supplier compliance procedures in order to protect any data processed or stored by third-party suppliers. All third-party suppliers are GDPR compliant, and we have signed a Data Processing Addendum (DPA) which complies with GDPR.

Privacy laws

While we process personal data, we use reasonable and appropriate technical and organisational measures to adhere to applicable privacy law, as described in our privacy policy. We have enacted the following internal and external policies: General Data Protection Policy, Privacy Policy, Subject Access Request Policy, employee procedures for handling subject access requests, data breach procedures, and other documents as may be required by applicable legislation.

Personal data retention

A user's personal data is deleted once no longer necessary for the stated purposes. However, we may retain copies of such data and information to the extent permitted or required by law, for archival purposes, or as created by automatic computer back-up and archived as part of normal computerised archiving systems, maintaining necessary technical and organisational measures.

GDPR

Sitebulb's products adhere to GDPR requirements effective May 25, 2018. We have adopted the following measures to be compliant with GDPR requirements:

  • Collect the minimum information necessary for the provision of our services.
  • Process data in a lawful manner.
  • Maintain and make available to customers a list of sub-processors, as well as the purpose of their use.
  • Market our services to customers and prospects in a manner that respects their rights under GDPR.
  • Maintain a privacy policy to describe our data collection practices.

Application security

Separate environments

Staging, testing, and development environments are logically separated from each other. No personal or service data is used in testing or development environments.

SDLC

SDLC (Secure Software Development Lifecycle) is a process model used by organisations to build secure applications. The SDLC process defines how to integrate security into the software development process. A secure SDLC process ensures that security assurance activities such as design review, architecture analysis, code review, and penetration testing are an integral part of the development lifecycle.

Release management

Sitebulb uses DevOps culture to deliver its product. DevOps is the combination of cultural philosophies, practices, and tools that increases an organisation’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organisations using traditional software development and infrastructure management processes.

External threats protection

Our quality assurance staff are responsible for continuous product quality testing. They also conduct basic security testing.

Code review

The Security team selectively reviews parts of code stored in Sitebulb source code repositories, checking for coding best practices and identifiable software flaws.

Sitebulb authentication options

When setting up a Sitebulb account, users are required to set their own password. All passwords must fulfill defined minimum requirements and are stored in encrypted form.

Incident management

System logging

Sitebulb has designed its infrastructure to log information about system behavior, traffic received, system authentication, and other application requests. Internal systems aggregate log data and alert appropriate employees of malicious, unintended, or anomalous activities. Sitebulb personnel, including security, are responsive to handle security incidents.

Notification in case of incident

If Sitebulb becomes aware of unlawful access to data stored within its services, we notify the affected users of the incident, provide a description of the steps that are being taken to resolve the incident and provide status updates to the user, as necessary.

Incident response

Sitebulb maintains a record of known security incidents that includes descriptions, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, and support personnel. Appropriate resolution steps are identified and documented. For any confirmed incidents, Sitebulb takes appropriate steps to minimize user damage and unauthorized disclosure and to prevent future incidents.

Security management and compliance

Security policies and procedures

We have developed policies that are communicated to all staff. We also have specific policies that are communicated to the personnel they affect. Policies cover the main areas of information security.

PCI compliance

All transactions for Sitebulb subscription products are carried out by our reseller Paddle, who act as Sitebulb's merchant of record. Paddle is PCI compliant and SOC 2 compliant.

Risk management

Sitebulb has defined and implemented a risk management program that sets out the strategy to identify, analyze, evaluate, treat and review the information security risks.

Risk assessments are performed by certain teams at least annually or at any point when a major change takes place in the technological, organisational, business, or legal landscape.

The likelihood and impact of risk events are used for measuring the risk level and its significance as per the risk criterion described in Risk Assessment Methodology.

Sitebulb Desktop

Ideal for SEO professionals, consultants and digital marketing agencies.

Try our fully featured 14 day trial. No credit card required.

Try Sitebulb for Free

Sitebulb Cloud

Perfect for collaboration, remote teams and extreme scale.

Cloud crawling with no project limits and very generous crawl limits.

Explore Sitebulb Cloud