SEOAI Trust

Security, uptime, and operational transparency · May 27, 2026

Infrastructure

• Hosting: Enterprise cloud infrastructure in the Asia-Pacific region, with isolated compute and managed storage.
• Database: Managed relational database — not exposed to the public internet.
• Object storage: Encrypted object storage with signed, time-limited access.
• GPU compute: On-demand GPU compute, provisioned per batch and torn down immediately after.
• TLS: Industry-standard TLS with auto-renewed certificates on all domains.

Status

• Public liveness probe: api.seoai.space/v1/health
• Public corpus stats: api.seoai.space/v1/stats
• Uptime target: 99.5% monthly (data API). 99.9% target post-SOC2.

Security posture

• Secrets: stored in .env on the production host with restricted file permissions; never committed to source control.
• API keys: SHA-256 hashed at rest; plaintext shown once at creation, never persisted.
• Administrative access: key-based authentication only; password login disabled.
• Firewall: Network firewall restricting inbound traffic to web traffic only.
• Database: not internet-exposed; reachable only by the application.
• Backups: daily logical dumps to the managed volume, weekly off-host snapshots.

Incident response

• Notify security@seoai.space for any suspected breach or vulnerability.
• Acknowledgement within 24 hours, status update within 72 hours.
• Customer notification within 72 hours if their data is affected.
• Post-incident write-up published on this page within 14 days.

Roadmap

• Q3 2026: SOC 2 Type I scoping + readiness assessment.
• Q4 2026: Dedicated security review window with a third-party penetration test.
• Q1 2027: SOC 2 Type II observation period begins.
• Ongoing: sub-processor changes published here before they go live.

Bug bounty

No formal program yet, but we acknowledge and credit responsible disclosures sent to security@seoai.space. Critical findings receive a thank-you fee at our discretion.