Enterprise-Ready Security and Compliance

SearchPilot is a mission-critical platform, and demands a high level of security. We approach security both at a user level and at a systems level. In particular:

SearchPilot data protection

Data protection

Our system never stores your network traffic to a disk, and does not log any Personally Identifiable Information (PII) of your website’s users (even their IP addresses!).

Identity management at SearchPilot

Identity management

We enable you to manage access with any single sign-on (SSO) identity provider that supports SAML (e.g. Azure AD, Okta, OneLogin).

SearchPilot is certified secure

Certified security

With ISO27001, PCI DSS, and HIPAA compliance, you can be sure of SearchPilot’s security.

SearchPilot Security Certifications

We work with independent third parties to certify our security and compliance procedures:

SearchPilot is ISO 27001 certified

ISO 27001

Information Security Management System

SearchPilot is PCI DSS (Level 1) certified

PCI DSS (Level 1)

Payment Card Industry Data Security Standard

SearchPilot is HIPAA compliant


Health Insurance Portability and Accountability Act

Frequently Asked Questions (FAQ)

Q: How are user accounts secured?

A: User accounts are protected with mandatory 2-factor authentication.

Q: How do permissions work?

A: User permissions can grant different powers to different team members - such as restricting the ability to publish changes to the preview or live environments for certain users. Engineering users have specific permissions that allow them to update your origin server details and control failover.

Q: Where are you hosted?

A: Our systems are hosted on AWS and employ strict security policies and best practices taking advantage of AWS security features.

Q: Do you support HTTPS?

A: If your site’s connection to us is secure (HTTPS), then all connections between servers and to the origin will be secured end-to-end using TLS.

Q: Do you have penetration testing done?

A: We complete a penetration test via a third-party penetration testing company at least every year; and can provide the most recent report on request.

Q: Are you GDPR compliant?

A: Yes. We sign Data Protection Agreements (DPAs) with our customers with us serving as the Data Processor for customer data covered under the GDPR.

Q: Do you store Personally Identifiable Information (PII) of your customers' website visitors?

A: We do not store PII (Personally identifiable information) of your website visitors - simply passing information through to your servers.

Q: Can SearchPilot provide a ISO 27001 certificate?

A: Yes, we can provide this on request.

Q: Can SearchPilot provide a PCI DSS Report on Compliance (ROC)?

A: Yes, we can provide this on request.

Q: Can SearchPilot provide a HIPAA report?

A: Yes, we can provide this on request.

Q: Do you have SOC2 certification?

A: SearchPilot is ISO 27001 certified. ISO 27001 is an information security certification that is very similar to SOC2, with many of the same controls.

Q: Can we control where data is stored and processed?

A: We have worked with our customers to manage a range of requirements in relation to data residency.

Contact us to discuss your details if this is a requirement for you or if you have any other questions.

Image credits


Get a Demo

If you're interested in a short demo, please fill in this form and one of the SearchPilot team will ping you an email.

Alternatively, if you have any other questions, feel free to drop us a line at contact@searchpilot.com.


© 2015-2023 SearchPilot. All rights reserved. Privacy policy.