Features How It Works Pricing FAQ
Run Free Audit

Security

Last updated: April 2026

Your data security is our priority

We implement industry-standard security measures to protect your information at every step of the audit process.

1. Data Encryption

We use encryption to protect your data both in transit and at rest:

  • In transit: All connections to CheckLocalSEO are encrypted using TLS 1.3, the latest version of Transport Layer Security. This ensures that data exchanged between your browser and our servers cannot be intercepted or tampered with.
  • At rest: Data stored on our servers is encrypted using AES-256 encryption within our cloud infrastructure, protecting it from unauthorised access even in the event of a physical security breach.

2. Payment Security

We never see or store your card details

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment provider — the highest level of certification in the payment card industry. Your credit card information is transmitted directly to Stripe and never passes through or is stored on our servers.

Stripe employs advanced fraud detection, tokenisation, and encryption to protect every transaction. For more information, visit Stripe's security documentation.

3. Access Controls

We restrict access to user data and internal systems using the following measures:

  • Role-based access control (RBAC): Team members are only granted access to the systems and data they need to perform their specific role.
  • Principle of least privilege: All access permissions default to the minimum necessary and are reviewed regularly.
  • Authentication: Internal systems require strong authentication credentials and multi-factor authentication where supported.

4. Infrastructure

Our infrastructure is designed with security as a foundational requirement:

  • Cloud-hosted: The Service runs on reputable cloud infrastructure with data centre certifications including SOC 2 and ISO 27001.
  • Regular patching: We apply security patches and updates promptly to address known vulnerabilities.
  • Firewall protection: Network-level firewalls restrict traffic to only the ports and protocols required for the Service to operate.
  • Monitoring: We use automated monitoring to detect anomalies, unauthorised access attempts, and potential security threats.

5. Third-Party Security

We carefully evaluate the security practices of all third-party services integrated with CheckLocalSEO:

Stripe PCI-DSS Level 1 certified
Google APIs SOC 2, ISO 27001 certified
DataForSEO Secure API with encrypted connections
OpenAI SOC 2 Type 2 certified

We only share the minimum data required with each vendor to perform their function within the Service.

6. Data Minimisation

We follow the principle of data minimisation — we only collect and process the information that is strictly necessary to deliver the Service:

  • We collect your business name and location to run the audit — nothing more.
  • Your email address is collected only when you purchase a report, for delivery purposes.
  • We do not request or store unnecessary personal information such as phone numbers, home addresses, or government identifiers.
  • Free audit data is automatically purged after 90 days.

7. Incident Response

In the event of a security incident, we follow a structured response process:

  1. Detection: Automated monitoring and alerting systems identify potential security events in real time.
  2. Containment: Affected systems are isolated immediately to prevent further impact. Access is restricted and forensic data is preserved.
  3. Assessment: We investigate the scope, cause, and impact of the incident to determine what data, if any, was affected.
  4. Notification: If personal data is compromised, we notify affected users and relevant authorities (including the OAIC) within the timeframes required by the Notifiable Data Breaches (NDB) scheme.
  5. Remediation: We implement fixes to address the root cause and update our security measures to prevent recurrence.

8. Reporting Security Issues

We value the security research community and encourage responsible disclosure of any vulnerabilities you may discover.

Responsible disclosure

If you discover a security vulnerability in CheckLocalSEO, please report it to us at:

[email protected]

When reporting, please include:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce the issue.
  • Any relevant screenshots or proof-of-concept code.

We ask that you give us reasonable time to investigate and address the issue before publicly disclosing it. We will acknowledge receipt of your report within 48 hours and aim to provide an initial assessment within 5 business days.

Questions?

For general security enquiries, please contact us:

CheckLocalSEO

Operated by Hayz Pty Ltd (ABN to be confirmed)

Melbourne, Victoria, Australia

Email: [email protected]

Security issues: [email protected]