Secure and Certified

The most secure and compliant optimization solution.



PCI DSS 3.2 Certified

SiteSpect is the only PCI certified solution audited by a third party and is compliant with PCI DSS 3.2 for Service Providers. For more information about PCI and the PCI DSS, visit the PCI Security Standards Council website.

GDPR Compliant

GDPR Compliant

SiteSpect is GDPR Compliant. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for collecting and processing personal information of individuals within or who are citizens of the European Union. More information about SiteSpect’s GDPR support is located on our Customer Notice On EU GDPR Support page.


Privacy Shield Compliant

SiteSpect complies with both the EU-US and the Swiss-US Privacy Shield Frameworks. SiteSpect certifies that it adheres to the Privacy Shield Principles with respect to personal data. More information about SiteSpect’s Privacy Shield support is available on our Business Services Privacy Policy - GDPR and Privacy Shield page.


CCPA Compliant

SiteSpect is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for US residents of California. More information about SiteSpect’s CCPA support is located on our Customer Notice On EU GDPR and CCPA Support page.



SiteSpect is HIPAA ready, which saves you time when you use SiteSpect in your HIPAA-compliant environment. SiteSpect obfuscates and encrypts visitor behavior and does not store any personal data. SiteSpect also offers on-premise and other deployment models to guarantee personal data never leaves your data center.

Network Security

data encryption

Data Encryption - In Transit & At Rest

SiteSpect fully supports encryption for data such as end-user content, SDK and API transmissions, and business user data. We also support A/B testing on HTTP and HTTPS websites.

IP whitelist blacklist

IP Whitelisting/Blacklisting

Restrict access to your websites by IP address. Create lists or ranges of IP addresses that allow trusted (whitelisted) users to access your websites or prevent access from disallowed (blacklisted) users.


Content Security Policy

SiteSpect supports your Content Security Policy while allowing you to offer the optimization variations and personalization experiences that drive conversion.

alert logic logo

Security Alerts

SiteSpect leverages Alert Logic to monitor and track security vulnerabilities. This additional line of defense notifies you of any detected threats or attacks on your website.

Application Security


Single Sign-On

SiteSpect supports Single Sign-On (SSO) authentication through Active Directory and SAML. SSO allows you to centrally manage SiteSpect permissions and login credentials. It also makes it easier for SiteSpect users to quickly log in and switch between their applications, saving time and improving productivity.


Two-Factor Authentication (2FA)

Two-Factor Authentication, also known as 2FA, requires not only a password and username but also something that only a user has access to, such as a token. Using a username and password together with a token makes it harder for potential intruders to gain access to SiteSpect.

database lock

Private and Isolated Customer Data

SiteSpect maintains the privacy of all customer data by ensuring no test data is exposed and that data is not grouped with or shared with others in any way.


End User Permission Levels

SiteSpect supports nine different permission levels that provide control and configurable access. User-level permissions determine view and edit rights for building, managing, and analyzing campaigns.


Access Control List (ACL)

Restrict user access to SiteSpect by IP address.

Audit Trail

Audit Trail

SiteSpect includes a complete history of every user action. Quickly undo changes in the audit history list and audit any change as part of your change management process.

log visualization

Logs Visualization

SiteSpect sends a sample of log data to, a log visualization service. This service offers full flexibility to view and analyze logs relating to traffic health and routing. Your network operations center can also use this service to build your own visualization and dashboards or integrate into existing systems.

log shipping

Log Shipping

Directly ingest SiteSpect traffic logs into your monitoring infrastructure to diagnose underperforming applications/servers and identify site errors in near real time.

Want to learn more? Let's talk.