Welcome to the SiteSeer website (the “Website”) operated by SiteSeer Technologies, LLC, (“we”, SiteSeer”) a professional software and services company offering solutions to help businesses make better site selection and market planning decisions.
- We do not sell user data. Your data is not and will never be sold. Ever.
- We take data privacy seriously. Data collected is never shared with a third party without your expressed written consent. In rare and limited circumstances we could be asked to release your data, for example if we were subpoenaed by the courts.
- Our services are built with security in mind. We understand that our efforts toward privacy are only as useful as the measures we take to keep your data secure. Please see the section below on data security.
- We aim for compliance with all U.S. laws and accepted business practices. In developing our products and services we have made all reasonable attempts to be compliant in each and every industry and jurisdiction where our services are applicable. If anyone believes we are not compliant, please contact us at firstname.lastname@example.org.
For those that use our website(s) and social media
We use website analytics. Our websites use Google analytics and/or other similar products to collect statistics on our visitors, such as the user’s IP address and browser type, location information such as city and state, and which pages are visited. Google analytics helps us ensure that our website and our services are designed for the best experience of our visitors. We do not use analytics or other website tools to track behavior unrelated to our services or outside of our websites.
Your contact information is not used for ongoing communication unless you opt in and this data is never shared or sold. We ask our website visitors to fill out a contact form to communicate with us in the hopes of better serving them. This information is used solely for this purpose and is never shared or sold to a third party. If you wish to opt out and not receive further communication, we will honor your wishes.
Blogs and support forums. If you choose to participate in discussions on any blog or forum on our site(s), please be aware that any information you share can be read and utilized by other visitors. We are not responsible for the personal information you post or any actions that result from said actions.
Links to Other Websites. Our websites may contain links to other sites not owned or controlled by SiteSeer Technologies or its parent companies. We are not responsible for the content or privacy policies of these sites.
For those that use SiteSeer Professional and/or engage us for professional services
Data provided by users is never used for other client engagements. Information you provide is never shared with other clients and is never used for other client or non-client projects. Only information that can be readily attained elsewhere without access to this data or through published or licensed sources is ever used on other client engagements.
For those that use our SiteSeer Professional to collect data
Data collected is the responsibility of the user. Siteseer products may be used to collect data on customers, competitors and markets. This data is covered by the same privacy and security policies as data provided directly by the User.
Data access. We will only access stored user data as needed, such as to provide technical support, professional services you have contracted for, or to audit accounts to ensure compliance with the Terms of Service.
Data retention and deletion. Data will be retained and deleted per our Terms of Service. We retain the right to purge data we feel is in violation of the Terms of Services.
User Data Protection
This policy applies to user data with particular concern for protection of user’s sensitive information:
1. Security. Protect client sensitive information from loss, damage, inappropriate access, and unauthorized disclosure or use;
2. Integrity. Provide reasonable assurance that data, once received, will not be subject to unauthorized modification, and that data will remain unaltered during transmission, storage, migration, and use;
3. Accountability. Monitor and record security-related events and link them to the originator; and
4. Technical Guidelines. Provide technical guidelines and collaborative solutions to respond to these requirements.
The SiteSeer computer and communications systems’ privileges of all users, systems, and programs shall be restricted based on the following principle of “least privileges”:
1. Users shall be granted the “least privileges” required to accomplish their tasks;
2. Applications shall be granted the “least privileges” to perform their functions; and
3. General support systems shall be granted the “least privileges” to fulfill their role in a larger network.
Each file or collection of data in a computer system must have an identifiable origin and use. Accessibility, maintenance, movement, and disposition of the data are governed on the basis of its sensitivity.
Information Flow Control
To ensure that proper information flow control is established, the use of data labeling shall be applied to sensitive data. All computer-resident information, which the information is classified as either sensitive or non-sensitive, shall have an operating system with discretionary access controls and auditing functionality to ensure the confidentiality, integrity, and availability of the system.
Data Access Authority to Production Files
Access by application programmers and analysts to production programs shall be limited through an approved change control request. This access shall be allowed for a specific timeframe to accomplish the approved change control request and then withdrawn. Programmers and analysts will not transform, alter, or modify the operating environment or standard operating procedures; programmers and analysts shall not make any modification that could have potential and/or significant impact on the stability and reliability of the infrastructure which impacts normal business operations.
Internal Audit/Operations Analysis
Internal auditors shall be authorized unrestricted read access for computer systems audits, provided management approves their request for audit privileges in advance. The request may be on the Internal Network Support-LAN Request Form or an approved substitute. The privileges authorized shall last for the duration of the audit. Requests for more than read or browse privileges during an audit must be documented and approved by management before privileges are granted.
Information Security Group
The security group shall be authorized unrestricted read access for computer systems, reviews or audits, provided the Information Security Officer approves their request for audit privileges in advance. The privileges authorized shall last for the duration of the review or audit.
Access authorizations shall be appropriately limited. Access to system software is restricted to a limited number of personnel, corresponding to job responsibilities. Application programmers and computer operators shall be specifically prohibited from accessing system software. The access capabilities of systems programmers shall be periodically reviewed to see that access permissions correspond with job duties. Justification and management approval for access to systems software shall be documented and retained.
Individuals assigned with maintaining User IDs shall only be given access to enter, change, delete, etc., user profiles and no other permissions or access to other files or system level programs.
There are many interdependencies among the security controls on the Web. SiteSeer’s web site shall provide the following minimum features and controls:
1. The site’s domain naming service entries for all URL-referenced systems must be resolvable;
2. The site must maintain logging. Access to logs must be limited to authorized personnel. Logs must be retained in a secure but retrievable format;
3. The site must use a standard encryption mechanism for sensitive data transmission commensurate with the level of protection required;
4. The site must meet logical security requirements, such as secure password policies, Webmaster contact, Hyper Text Transfer Protocol Daemon server configured for least privilege, and separate development/production systems;
5. Backups and restore capabilities must be in place;
6. The site shall not allow Web development on production Web servers. Proper change control policies and procedures must be complied with;
7. FTP transfer to/from x-span’s servers will be via protocol FTP over SSL implicit to ensure data is protected during transfer. User’s must authenticate prior to transfer and authentication credentials will be given to the client’s assigned system administrator responsible for providing client’s data required by the application.
As a matter of the SiteSeer’s policy, all firewall services are denied, except those explicitly permitted and approved. Therefore, the procurement of a firewall product, installation of the product, and turning on the services of the firewall product must be coordinated and approved by the Information Security Officer. An examination and evaluation shall be required every quarter or when one of the following occurs:
1. A change or modification is made to the system software; and
2. There is a change in system administrators or Information Security Representative personnel.
Remote Desktop Security
The system administrator shall put into place security mechanisms that ensure all users take steps to protect the confidentiality, integrity, and availability of the client’s information.
The system administrator shall deploy the necessary hardware and software to ensure that all such external access is identified, authenticated, tracked and logged. This means that the site is making a good-faith effort to ensure:
1. That the identity of all users is authenticated, and only properly validated users are granted access;
2. That a log is kept to permit, should the need arise, historical review of offsite access to the system, by time, date, access port identity and user identity;
3. That the system administrator shall ensure all remote connections be protected anytime when the user leaves the system unattended. The system administrator shall enforce this access control by using a locking “screen saver,” which locks user interaction after no more than five (5) minutes of inactivity.
All areas of SiteSeer shall comply with this User Data Protection policy; otherwise, an exception to the policy should be filed (and approved prior to implementation) if the policy requirement is not met. The following areas should comply with this policy:
This policy shall impact all users that have access to the SiteSeer network or systems. This policy illustrates that all access is recorded and holds the individual user accountable and responsible for unauthorized access.
This policy shall assist the data owners in assuring that only authorized users have access to information data and that unauthorized access to information data will be determined and prevented when possible. This policy allows Data Owners to assign “least privileges” to sensitive information to ensure the confidentiality, integrity, and authorization of that information.
This policy shall allow management to take appropriate action to ensure that authentication is designed to combat fraud and make the SiteSeer network more secure. Management shall ensure that every program or system component will operate with the minimum set of privileges it needs to accomplish its task. Managers shall ensure that proper labeling of sensitive data is incorporated into identifying the SiteSeer system components.
Application Development/Database Administrators
This policy shall ensure that all administrators are responsible for implementing and monitoring approved access control solutions on computer systems. This policy shall ensure that all sensitive applications have the appropriate audit functions to abide by Federal laws, policies, and shall ensure that sensitive information flow is properly labeled and controlled within its own environment.
This policy shall ensure that continuity of access control solutions and data user protection solutions meet the needs of the Application Owners/Data Owners. The Help Desk will document any vulnerabilities identified in their ticket and report such findings to the system administrator for appropriate action.
Last Updated: May 4, 2016