Is Geol.ai safe and secure?

Geol.ai is built with security as a foundational principle, protecting both your data and your website.

Security Measures:

Data Protection:
- All data transmitted via HTTPS/TLS encryption
- Sensitive data encrypted at rest
- Database connections secured with SSL
- Regular security audits and updates

Authentication & Access:
- OAuth-based authentication (no password storage)
- Session-based access control
- API keys with scoped permissions
- Single session enforcement for admin access

Website Safety:
- Read-only scanning—analysis never modifies your website
- CMS integrations (WordPress, API) only deploy when you explicitly enable auto-sync
- All deployments are user-initiated or user-configured—no unauthorized changes
- No website credentials required or stored
- Crawling respects robots.txt directives
- Rate-limited scanning to prevent server impact

Infrastructure Security:
- Hosted on enterprise-grade cloud infrastructure
- Cloudflare protection against DDoS and attacks
- Cloudflare Turnstile anti-bot verification
- Regular penetration testing

Payment Security:
- All payments processed through Stripe
- PCI DSS compliant payment handling
- No credit card data stored on Geol.ai servers
- Secure webhook verification

Data Privacy:
- Scan data retained according to your plan tier
- Export your data anytime
- Delete your account and data on request
- GDPR-compliant data handling

Admin Security:
- IP allowlisting for admin access
- Rate limiting on sensitive endpoints
- Comprehensive audit logging
- Password change enforcement

What We Don't Do:
- Never share your data with third parties for marketing
- Never access your website admin panels without your explicit CMS integration
- Never store or transmit your credentials
- Never make unauthorized changes—all deployments require your configuration