Secure & eCommerce Sites
SearchPilot is fully compatible and compliant with operating on eCommerce websites. In fact, they tend to be some of the best sites to most broadly benefit from SearchPilot’s capabilities.
PCI Compliance and Security
SearchPilot is fully PCI compliant, and we work with an independent information security consultancy to audit and advise on being best in class.
Assessed as a Service Provider under PCI DSS v3.1, we can provide service to eCommerce websites of any size. We can provide an Attestation of Compliance on request, and can share details of our information security policies.
As part of that compliance we run quarterly ASV (Approved Scanning Vendors) scans of our service, both externally and internally on our networks, using two separate providers. These are overseen by an independent consultant.
We also undergo penetration testing from a security consultancy.
Please see our security and compliance page for more details.
HTTPS Traffic and TLS/SSL Certificates
The SearchPilot platform can operate on an HTTPS website without compromising security. We provide deployment consultation for all customers and can help you assess your needs.
Our platform sits in front of your web servers (origin servers) and behind any existing CDN you may have. Connections to the CDN will use your existing certificate, and connections from SearchPilot to your web servers will use the certificate on them.
Between the CDN and SearchPilot traffic is encrypted with our TLS certificate, maintaining encryption for every step of transmission. This also means that if you have an existing CDN setup, you do not need to provide us with a certificate for your domain.
SearchPilot is designed to be highly available, resilient and robust. You can read more detail about our approach to resilience here.