Security & Trust

Key Takeaways

• All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
• GDPR compliant — European company with data export and deletion rights
• Optional email-based 2FA with rate limiting and audit logging
• Payments handled by Stripe (PCI DSS Level 1) — Sigly never stores card data
• Scanner analyses public data only with SSRF protection

Data Protection

Encryption at Rest & in Transit

All data is encrypted using TLS 1.2+ in transit and AES-256 at rest. Database connections use SSL-only access with credential rotation.

Secure Infrastructure

Hosted on managed cloud infrastructure with automatic security patches, DDoS protection, and isolated application environments.

Authentication Security

Optional email-based two-factor authentication (2FA), bcrypt password hashing, account lockout after failed attempts, and IP-based rate limiting.

Audit Logging

Security-sensitive actions are logged with timestamps, including login events, setting changes, and administrative actions for full accountability.

GDPR Compliance

Lawful Basis for Processing

We process personal data only under legitimate interest (service delivery) and explicit consent (marketing). You can withdraw consent at any time.

Data Minimisation

We collect only the data necessary to provide AI visibility monitoring. Scan results are stored per-domain, not per-user.

Right of Access & Portability

You can request a copy of all personal data we hold about you. Contact [email protected] and we will respond within 30 days.

Right to Erasure

You can request deletion of your account and associated data at any time. We process erasure requests within 30 days.

Cookie Consent

We use a GDPR-compliant cookie consent banner with granular controls for analytics and functional cookies. Essential cookies require no consent.

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA) covering sub-processors, data retention, and breach notification procedures.

How We Scan

Transparency about our scanning methodology:

Public Data Only

Sigly analyses only publicly accessible web pages. We never access private areas, admin panels, or authenticated content. Our scanner respects robots.txt directives.

SSRF Protection

All URLs are validated against SSRF attacks with DNS lookup checks. Internal network addresses, localhost, and private IP ranges are blocked at the network level.

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Sigly never stores, processes, or has access to your full credit card numbers. Payment data flows directly from your browser to Stripe's secure servers.

Frequently Asked Questions

How does Sigly protect my data?

Sigly encrypts all data in transit using TLS 1.2+ and at rest using AES-256. Database connections use SSL-only access with credential rotation. The platform is hosted on managed cloud infrastructure with automatic security patches and DDoS protection.

Is Sigly GDPR compliant?

Yes. Sigly is operated by Shadowstep, Lda., a European company. The platform is fully GDPR compliant with data export, deletion rights, cookie consent management, and privacy-first design. You can request erasure of your data at any time.

Does Sigly store my payment card details?

No. All payment processing is handled by Stripe, a PCI DSS Level 1 certified processor. Sigly never stores, processes, or has access to your full credit card numbers. Payment data flows directly from your browser to Stripe's secure servers.

What data does Sigly's scanner access?

Sigly analyses only publicly accessible web pages. The scanner never accesses private areas, admin panels, or authenticated content. It respects robots.txt directives, and all URLs are validated against SSRF attacks with DNS lookup checks.

Questions About Security?

If you have security concerns or want to report a vulnerability, please contact us.

Contact Security Team | Privacy Policy

Shadowstep, Lda. | European Union | [email protected]