Privacy Policy

Welcome to the SiteSeer website (the “Website”) operated by SiteSeer Technologies, LLC, (“we”, SiteSeer”) a professional software and services company offering solutions to help businesses make better site selection and market planning decisions.

We’ve created this webpage to explain how SiteSeer handles your data and your personal information. This Privacy Policy applies to information (“user data”) collected through the SiteSeer Professional platform, SiteSeer website(s), our professional services business (collectively, our “services”) and our parent companies’ services (x-span results, inc., ROIC analytics, LLC). Please see https://www.scorepinion.com/privacy-policy/ for privacy information related to the ScorePinion website or product. This Privacy Policy does not apply to partners, clients or other third parties that choose to display SiteSeer branding on their websites or products. If you have questions about this Privacy Policy, please e-mail us at privacy@siteseer.com.

Key Tenets of this Privacy Policy

    • We do not sell user data. Your data is not and will never be sold. Ever.
    • We take data privacy seriously. Data collected is never shared with a third party without your expressed written consent. In rare and limited circumstances we could be asked to release your data, for example if we were subpoenaed by the courts.
    • Our services are built with security in mind. We understand that our efforts toward privacy are only as useful as the measures we take to keep your data secure. Please see the section below on data security.
    • We aim for compliance with all U.S. laws and accepted business practices. In developing our products and services we have made all reasonable attempts to be compliant in each and every industry and jurisdiction where our services are applicable. If anyone believes we are not compliant, please contact us at privacy@siteseertech.com.

For those that use our website(s) and social media
We use website analytics. Our websites use Google analytics and/or other similar products to collect statistics on our visitors, such as the user’s IP address and browser type, location information such as city and state, and which pages are visited. Google analytics helps us ensure that our website and our services are designed for the best experience of our visitors. We do not use analytics or other website tools to track behavior unrelated to our services or outside of our websites.
We use cookies. Like most web applications, SiteSeer uses “cookies” to collect data about visitors. Cookies are identifiers stored on your computer’s hard drive and allow your web browser. Cookies are used to identify you when you visit a site or page and thus cookies are tied to personally identifiable information such as your email address. Cookies are used by our SiteSeer for security purposes and to allow certain features to work. If you choose to block cookies, you may render the software or its features inoperable.
Your contact information is not used for ongoing communication unless you opt in and this data is never shared or sold. We ask our website visitors to fill out a contact form to communicate with us in the hopes of better serving them. This information is used solely for this purpose and is never shared or sold to a third party. If you wish to opt out and not receive further communication, we will honor your wishes.
Our websites may include social media features. These features such as Facebook Post or Twitter Post buttons, may collect information such as page statistics, your IP address, and may use cookies to allow the feature to function correctly. For information about the privacy policies of these third party features, please see the appropriate page (Facebook.com, Twitter.com, etc.)
Blogs and support forums. If you choose to participate in discussions on any blog or forum on our site(s), please be aware that any information you share can be read and utilized by other visitors. We are not responsible for the personal information you post or any actions that result from said actions.
Links to Other Websites. Our websites may contain links to other sites not owned or controlled by SiteSeer Technologies or its parent companies. We are not responsible for the content or privacy policies of these sites.

For those that use SiteSeer Professional and/or engage us for professional services
Data provided by users is never used for other client engagements. Information you provide is never shared with other clients and is never used for other client or non-client projects. Only information that can be readily attained elsewhere without access to this data or through published or licensed sources is ever used on other client engagements.
Non-disclosure (confidentiality) agreements. Although we believe this Privacy Policy protects the confidentiality of our clients and users, we are more than happy to sign a mutual non-disclosure agreement (NDA) to provide legal protection for your information. All of our team members, contractors, and partners are under strict confidentiality agreements at all times and information is only shared internally on a need-to-know basis.

For those that use our SiteSeer Professional to collect data
Data collected is the responsibility of the user. Siteseer products may be used to collect data on customers, competitors and markets. This data is covered by the same privacy and security policies as data provided directly by the User.
Data access. We will only access stored user data as needed, such as to provide technical support, professional services you have contracted for, or to audit accounts to ensure compliance with the Terms of Service.
Data retention and deletion. Data will be retained and deleted per our Terms of Service. We retain the right to purge data we feel is in violation of the Terms of Services.

User Data Protection
This policy applies to user data with particular concern for protection of user’s sensitive information:
1. Security. Protect client sensitive information from loss, damage, inappropriate access, and unauthorized disclosure or use;
2. Integrity. Provide reasonable assurance that data, once received, will not be subject to unauthorized modification, and that data will remain unaltered during transmission, storage, migration, and use;
3. Accountability. Monitor and record security-related events and link them to the originator; and
4. Technical Guidelines. Provide technical guidelines and collaborative solutions to respond to these requirements.
The SiteSeer computer and communications systems’ privileges of all users, systems, and programs shall be restricted based on the following principle of “least privileges”:
1. Users shall be granted the “least privileges” required to accomplish their tasks;
2. Applications shall be granted the “least privileges” to perform their functions; and
3. General support systems shall be granted the “least privileges” to fulfill their role in a larger network.

Data Integrity
Each file or collection of data in a computer system must have an identifiable origin and use. Accessibility, maintenance, movement, and disposition of the data are governed on the basis of its sensitivity.

Information Flow Control
To ensure that proper information flow control is established, the use of data labeling shall be applied to sensitive data. All computer-resident information, which the information is classified as either sensitive or non-sensitive, shall have an operating system with discretionary access controls and auditing functionality to ensure the confidentiality, integrity, and availability of the system.

Data Access Authority to Production Files
Access by application programmers and analysts to production programs shall be limited through an approved change control request. This access shall be allowed for a specific timeframe to accomplish the approved change control request and then withdrawn. Programmers and analysts will not transform, alter, or modify the operating environment or standard operating procedures; programmers and analysts shall not make any modification that could have potential and/or significant impact on the stability and reliability of the infrastructure which impacts normal business operations.

Internal Audit/Operations Analysis
Internal auditors shall be authorized unrestricted read access for computer systems audits, provided management approves their request for audit privileges in advance. The request may be on the Internal Network Support-LAN Request Form or an approved substitute. The privileges authorized shall last for the duration of the audit. Requests for more than read or browse privileges during an audit must be documented and approved by management before privileges are granted.

Information Security Group
The security group shall be authorized unrestricted read access for computer systems, reviews or audits, provided the Information Security Officer approves their request for audit privileges in advance. The privileges authorized shall last for the duration of the review or audit.

System Software
Access authorizations shall be appropriately limited. Access to system software is restricted to a limited number of personnel, corresponding to job responsibilities. Application programmers and computer operators shall be specifically prohibited from accessing system software. The access capabilities of systems programmers shall be periodically reviewed to see that access permissions correspond with job duties. Justification and management approval for access to systems software shall be documented and retained.

Passwords Maintenance
Individuals assigned with maintaining User IDs shall only be given access to enter, change, delete, etc., user profiles and no other permissions or access to other files or system level programs.

Web Sites
There are many interdependencies among the security controls on the Web. SiteSeer’s web site shall provide the following minimum features and controls:
1. The site’s domain naming service entries for all URL-referenced systems must be resolvable;
2. The site must maintain logging. Access to logs must be limited to authorized personnel. Logs must be retained in a secure but retrievable format;
3. The site must use a standard encryption mechanism for sensitive data transmission commensurate with the level of protection required;
4. The site must meet logical security requirements, such as secure password policies, Webmaster contact, Hyper Text Transfer Protocol Daemon server configured for least privilege, and separate development/production systems;
5. Backups and restore capabilities must be in place;
6. The site shall not allow Web development on production Web servers. Proper change control policies and procedures must be complied with;
7. FTP transfer to/from x-span’s servers will be via protocol FTP over SSL implicit to ensure data is protected during transfer. User’s must authenticate prior to transfer and authentication credentials will be given to the client’s assigned system administrator responsible for providing client’s data required by the application.
Firewalls
As a matter of the SiteSeer’s policy, all firewall services are denied, except those explicitly permitted and approved. Therefore, the procurement of a firewall product, installation of the product, and turning on the services of the firewall product must be coordinated and approved by the Information Security Officer. An examination and evaluation shall be required every quarter or when one of the following occurs:
1. A change or modification is made to the system software; and
2. There is a change in system administrators or Information Security Representative personnel.

Remote Desktop Security
The system administrator shall put into place security mechanisms that ensure all users take steps to protect the confidentiality, integrity, and availability of the client’s information.
The system administrator shall deploy the necessary hardware and software to ensure that all such external access is identified, authenticated, tracked and logged. This means that the site is making a good-faith effort to ensure:
1. That the identity of all users is authenticated, and only properly validated users are granted access;
2. That a log is kept to permit, should the need arise, historical review of offsite access to the system, by time, date, access port identity and user identity;
3. That the system administrator shall ensure all remote connections be protected anytime when the user leaves the system unattended. The system administrator shall enforce this access control by using a locking “screen saver,” which locks user interaction after no more than five (5) minutes of inactivity.

Impact
All areas of SiteSeer shall comply with this User Data Protection policy; otherwise, an exception to the policy should be filed (and approved prior to implementation) if the policy requirement is not met. The following areas should comply with this policy:

Users
This policy shall impact all users that have access to the SiteSeer network or systems. This policy illustrates that all access is recorded and holds the individual user accountable and responsible for unauthorized access.

Data Owners
This policy shall assist the data owners in assuring that only authorized users have access to information data and that unauthorized access to information data will be determined and prevented when possible. This policy allows Data Owners to assign “least privileges” to sensitive information to ensure the confidentiality, integrity, and authorization of that information.

Managers
This policy shall allow management to take appropriate action to ensure that authentication is designed to combat fraud and make the SiteSeer network more secure. Management shall ensure that every program or system component will operate with the minimum set of privileges it needs to accomplish its task. Managers shall ensure that proper labeling of sensitive data is incorporated into identifying the SiteSeer system components.

Application Development/Database Administrators
This policy shall ensure that all administrators are responsible for implementing and monitoring approved access control solutions on computer systems. This policy shall ensure that all sensitive applications have the appropriate audit functions to abide by Federal laws, policies, and shall ensure that sensitive information flow is properly labeled and controlled within its own environment.

Help Desk
This policy shall ensure that continuity of access control solutions and data user protection solutions meet the needs of the Application Owners/Data Owners. The Help Desk will document any vulnerabilities identified in their ticket and report such findings to the system administrator for appropriate action.

Changes to this Privacy Policy
As we are continuously evolving and expanding our business, we retain the right to modify this Privacy Policy at any time. In the event we make changes, we will post the new policy on this site with an update date. Please review this page for the latest information.

Contact Info
If you have questions about this Privacy Policy, you can contact us at privacy@siteseer.com.
Last Updated: May 4, 2016