Security & Data Protection

4SEO.ai integrates using an official GitHub App—not personal access tokens. We believe personal access tokens (PATs) are a security risk due to their broad scope and lack of granular repository control.

When you install our GitHub App:

• Access is granted strictly per repository during installation. You choose exactly which repos we can see.
• We do not have access to your private organization data outside of the selected repositories.
• Access can be revoked instantly directly from your GitHub Settings dashboard.

Permission Scopes

Our GitHub App adheres to the Principle of Least Privilege and only requests:

• Read access to repository metadata and contents (to analyze the React/Next.js code).
• Write access strictly limited to creating branches and Pull Requests.

4SEO.ai operates under a strict “human-in-the-loop” workflow. Final control over what gets deployed to production remains with your engineering team at all times.

• No automatic merging: We never merge changes automatically.
• No direct commits: We never push directly to main or any protected branches.
• No history rewriting: We do not force push or alter existing branch history.
• Full visibility: All optimization changes are submitted as standard Pull Requests, visible as clear code diffs for your review.

We connect to your Google Search Console (GSC) using standard, secure OAuth 2.0 flows. We do not ask for or store your Google account passwords.

• We request read-only access solely to GSC performance and indexing data.
• We cannot and do not modify your Search Console settings.
• We cannot access unrelated Google services (like Gmail or Drive).

Token Handling

The short-lived access tokens expire rapidly. Our backend refresh tokens are encrypted at rest using AES-256 encryption. If you disconnect your account, all associated tokens are securely destroyed.

Our infrastructure is designed to be specific and boring when it comes to security. We rely on proven, industry-standard cryptographic methods.

• In Transit: All communication between your browser, our servers, GitHub, and Google uses HTTPS (TLS 1.2 or higher).
• At Rest: OAuth tokens and sensitive installation credentials are encrypted at rest using AES-256.
• Storage: Our core database utilizes managed, encrypted storage volumes.
• Secrets Management: Application environment variables and master cryptographic keys are isolated and stored securely in a dedicated secrets manager, never hardcoded in source.

We understand that proprietary source code is your most valuable asset. Customer codebase data is NOT used to train public AI models.

AI processing is performed through secure, isolated API endpoints solely to generate your optimization recommendations.

What we send to the AI for analysis:

• The specific React/Next.js page components being optimized.
• Associated existing metadata (titles, descriptions).
• Public performance metrics (keyword volumes, impressions).

What we DO NOT send:

• Customer personal user data or PII.
• Payment or billing information.
• Your OAuth tokens or GitHub Installation secrets.

Short retention increases trust. We do not permanently store data we do not actively need to provide the 4SEO.ai service.

• Repository Content: Your source code is processed temporarily in memory to generate the Pull Request. We do not maintain clones of your proprietary repository on our storage volumes.
• Google Search Console Data: Aggregated metrics are cached periodically for dashboard performance, but raw queries are pulled on-demand.
• Application Logs: System logs are retained for 14 days solely for debugging and operational security monitoring.
• Account Deletion: Upon account termination, or upon uninstalling the GitHub App, all associated access tokens are immediately revoked and any cached repository context is destroyed.