PCI DSS 3.2 Certified
SiteSpect is the only PCI certified solution audited by a third party and is compliant with PCI DSS 3.2 for Service Providers. See SiteSpect’s Self-Assessment Questionnaire D (SAQ-D) and certificate from our Qualified Security Assessor (QSA). For more information about PCI and the PCI DSS, visit the PCI Security Standards Council website.
SiteSpect is GDPR Compliant. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for collecting and processing personal information of individuals within or who are citizens of the European Union. More information about SiteSpect’s GDPR support is located on our Customer Notice On EU GDPR Support page.
Privacy Shield Compliant
SiteSpect is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for US residents of California. More information about SiteSpect’s CCPA support is located on our Customer Notice On EU GDPR and CCPA Support page.
SiteSpect is HIPAA ready, which saves you time when you use SiteSpect in your HIPAA-compliant environment. SiteSpect obfuscates and encrypts visitor behavior and does not store any personal data. SiteSpect also offers on-premise and other deployment models to guarantee personal data never leaves your data center.
Data Encryption - In Transit & At Rest
SiteSpect fully supports encryption for data such as end-user content, SDK and API transmissions, and business user data. We also support testing on HTTP and HTTPS websites.
Restrict access to your websites by IP address. Create lists or ranges of IP addresses that allow trusted (whitelisted) users to access your websites or prevent access from disallowed (blacklisted) users.
Content Security Policy
SiteSpect supports your Content Security Policy while allowing you to offer the optimization variations and personalization experiences that drive conversion.
SiteSpect leverages Alert Logic to monitor and track security vulnerabilities. This additional line of defense notifies you of any detected threats or attacks on your website.
SiteSpect supports Single Sign-On (SSO) authentication through Active Directory and SAML. SSO allows you to centrally manage SiteSpect permissions and login credentials. It also makes it easier for SiteSpect users to quickly log in and switch between their applications, saving time and improving productivity.
Two-Factor Authentication (2FA)
Two-Factor Authentication, also known as 2FA, requires not only a password and username but also something that only a user has access to, such as a token. Using a username and password together with a token makes it harder for potential intruders to gain access to SiteSpect.
Private and Isolated Customer Data
SiteSpect maintains the privacy of all customer data by ensuring no test data is exposed and that data is not grouped with or shared with others in any way.
End User Permission Levels
SiteSpect supports nine different permission levels that provide control and configurable access. User-level permissions determine view and edit rights for building, managing, and analyzing campaigns.
Access Control List (ACL)
Restrict user access to SiteSpect by IP address.
SiteSpect includes a complete history of every user action. Quickly undo changes in the audit history list and audit any change as part of your change management process.
SiteSpect sends a sample of log data to Logz.io, a log visualization service. This service offers full flexibility to view and analyze logs relating to traffic health and routing. Your network operations center can also use this service to build your own visualization and dashboards or integrate into existing systems.
Directly ingest SiteSpect traffic logs into your monitoring infrastructure to diagnose underperforming applications/servers and identify site errors in near real time.