Free SEO by IBS Group
Legal

Security

Last updated: May 15, 2026

Security is foundational to everything we ship at Interest Bud Solutions. Free SEO follows the same controls our parent company applies across enterprise engagements, including ISO 27001-aligned practices for information security.

Compliance & certifications

  • ISO/IEC 27001, Interest Bud Solutions operates an Information Security Management System aligned to ISO 27001 controls.
  • GDPR, EU/UK residents enjoy full data subject rights. See our GDPR statement.
  • PCI DSS, payments are handled by Paddle, a Level 1 PCI DSS service provider. We never see raw card data.
  • SOC 2, our infrastructure providers (Cloudflare, Supabase) are SOC 2 Type II certified.

Encryption

  • In transit: TLS 1.2+ across all endpoints. HSTS enforced on freeseo.in.
  • At rest: AES-256 encryption on databases, object storage and backups.
  • Secrets: API keys and credentials are stored in a managed secrets vault, never in source code.

Application security

  • Row-level security (RLS) on every user-data table, users can only access their own scans, sites and reports.
  • Server-side input validation with Zod, parameterised queries throughout.
  • Authentication via Supabase Auth with secure session tokens; optional Google OAuth.
  • WordPress auto-fix uses scoped Application Passwords stored encrypted at rest.
  • Strict Content Security Policy and modern security headers (HSTS, X-Frame-Options, Referrer-Policy).

Infrastructure

  • Edge-hosted on Cloudflare Workers with automatic DDoS mitigation and WAF.
  • Database backups taken automatically with point-in-time recovery up to 7 days.
  • Geographically redundant storage.

Operational security

  • Least-privilege access for engineering staff; production access requires SSO + MFA.
  • All access reviewed quarterly.
  • Centralised audit logging of administrative actions.
  • Background-checked employees and signed confidentiality agreements (NDAs available on request).

Incident response

We maintain a documented incident response plan. In the unlikely event of a security incident affecting your data we will notify you without undue delay and within 72 hours where required by law.

Responsible disclosure

If you believe you've found a security vulnerability, please email support@interestbudsolutions.com with the subject "Security report". Please do not publicly disclose the issue until we have resolved it. We acknowledge reports within 2 business days.

Sub-processors

A current list of sub-processors is included in our Privacy Policy. We will notify customers of material changes.