SiteSpect takes security and compliance seriously. Our product is highly secure and meets the latest standards in compliance.

DSS Certified
GDPR Compliant
Privacy Shield Certified
Two-Factor Authentication
Single Sign-On

PCI 3.2 Certified

SiteSpect is a PCI DSS 3.2 certified Service Provider. See SiteSpect’s Self-Assessment Questionnaire D (SAQ-D) and the certificate from our Qualified Security Assessor (QSA).

The Payment Card Industry Security Standards Council (PCI SSC) has developed a set of requirements called the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS applies to all organizations or merchants that process, store, or transmit cardholder data, regardless of size or number of transactions. It covers technical and operational practices for system components included in or connected to environments with cardholder data.

For more information about PCI and the PCI DSS, visit the PCI Security Standards Council website at www.pcisecuritystandards.org.

GDPR Compliant

SiteSpect is GDPR Compliant. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collecting and processing personal information of individuals within or who are citizens of the European Union.

More information about SiteSpect’s GDPR support is located on our Customer Notice On EU GDPR Support page.


SiteSpect complies with both the EU-US and the Swiss-US Privacy Shield Frameworks. SiteSpect certifies that it adheres to the Privacy Shield Principles with respect to personal data. Privacy Shield is a framework designed by the U.S. Department of Commerce and the European Commission and Swiss Administration that provides companies on both sides of the Atlantic a common mechanism for data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

More information about SiteSpect’s support of Privacy Shield is available on our Business Services Privacy Policy - GDPR and Privacy Shield page.


SiteSpect is HIPAA ready. Deploying SiteSpect into a HIPAA-compliant environment does not cause you to be out of compliance. SiteSpect obfuscates and encrypts visitor behavior and does not store any personal data. HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared.


SiteSpect fully supports 2FA using Google Authenticator. Two-Factor Authentication, also known as 2FA, requires not only a password and username but also something that only a user has access to such as a token. Using a username and password together with a token makes it harder for potential intruders to gain access to SiteSpect.


SiteSpect supports SSO authentication through Active Directory and SAML. Single Sign-On, also known as SSO, is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.