Product Use cases Pricing Compare Blog
Log in Free scan

Security

Last update : 2026-05-05

SEOlovely processes sensitive information on behalf of its clients. We take this responsibility seriously. This page describes our commitments and approach, without exploitable technical details.

Our Principles

  • European hosting, under the jurisdiction of the European Union.
  • GDPR compliance: processing register, documented legal basis, access and deletion rights fulfilled promptly.
  • Least privilege: every access — human or software — is limited to the strict minimum.
  • Transparency: our practices evolve, and so does this page. Our support team answers specific questions on request.

Encryption

All communications with SEOlovely are end-to-end encrypted. Sensitive information you entrust to us (passwords, integration tokens, server credentials) is encrypted at rest using industry-recognised standards. The master key is stored separately and subject to dedicated procedures.

Authentication

User passwords are never stored in plain text. Every user can enable two-factor authentication (2FA) via a standard authenticator app — it is mandatory for administrator accounts. Any password change invalidates all active sessions.

Your Integrations

When you connect Google Search Console, Google Analytics, Bing Webmaster Tools or a server log provider, we use those platforms' official protocols and request only the permissions strictly necessary for the requested analysis. You can revoke access at any time from your account or directly with the provider.

Data Isolation

Each account sees only its own data. This separation is enforced at multiple levels and verified systematically. No client has access to another client's information.

Continuity and Backups

Your credentials and account configuration are backed up regularly with encryption, stored separately from the production server. The restoration procedure is documented and exercised regularly — we consider an untested backup to be no backup at all.

Software Lifecycle

Every code change goes through review before deployment. We continuously monitor security advisories for our dependencies. Sensitive application paths (authentication, access rights, isolation) are covered by automated tests. Our development environments never use real client data.

Your Rights, Your Controls

  • Export your data from your account.
  • Full deletion within 30 days upon simple request to privacy@seolovely.com.
  • Immediate revocation of any integration from the interface.
  • Data portability request in accordance with the GDPR.

Reporting a Vulnerability

Think you have found a security flaw? Write to us at security@seolovely.com. We acknowledge receipt within 72 hours and work with you in a spirit of responsible disclosure. We commit not to pursue researchers who act in good faith, do not degrade the service and respect data confidentiality.

Going Further

Need specific information for an audit, a tender or a security committee? Contact security@seolovely.com — we provide on request a detailed security questionnaire, a Data Processing Agreement (DPA) and the up-to-date list of our sub-processors.