Home / Security
Your data, handled the way you would want it handled
Before you connect an account or crawl a site, here is exactly how Swiss Knife SEO treats your data: read-only Google access, encrypted tokens, European self-hosting, a crawler that behaves, and an export button that always works.
You approve access on Google's side, and we ask for as little as possible
Connecting Search Console or GA4 never means handing us a password. The whole flow runs through Google, and what we ask for is deliberately narrow.
Google's own consent screen
Both Search Console and GA4 connect through Google's OAuth flow. You review the request and approve it in Google, so the permission grant happens on Google's side, not ours. We never see or store your Google password.
Read-only scopes only
We request read-only access. Swiss Knife SEO reads the performance data it needs to join with your crawl, and nothing in the connection lets us change settings inside your Google properties.
Encrypted, and yours to revoke
The tokens Google returns are stored encrypted at rest. You can disconnect a connection or delete a site whenever you want, and you can also revoke access from inside your own Google account.
Self-hosted in Europe, with artifacts behind short-lived links
Your reports and exports do not scatter across a stack of third-party services. They live on infrastructure we run, in one place.
European self-hosted infrastructure
Swiss Knife SEO runs on self-hosted infrastructure in Europe. Your crawls, saved reports, and account data sit on servers we operate directly, not spread thinly across a chain of managed vendors.
Private object storage, signed access
Crawl artifacts, the workbooks and exports a crawl produces, are kept in private object storage. They are reachable only through short-lived signed links, so there is no permanent public URL that could be guessed, indexed, or forwarded to last forever.
A crawler that stays polite, and stays in its lane
A crawler that ignores the rules is a liability. Ours respects the boundaries of the sites it visits and protects your servers while it works.
Respects robots.txt on sites you have not verified
Point the crawler at a site you do not own, for example to look at a competitor, and it honors that site's robots.txt. It stays inside the rules that site publishes.
Requires proof before it overrides your own robots.txt
Overriding robots.txt is available only on sites where you have verified ownership. On your own verified property you can choose to crawl past a block, but nowhere else.
Paces itself and backs off under pressure
The crawler moves at a considerate pace and slows down when a server shows signs of strain, so an audit informs you about a site without knocking it over.
Validates every fetch against internal-address protection
Every request the crawler makes is checked against internal-address protection first, so the crawler cannot be steered into reaching private or internal network addresses.
Secrets are stored so that even we cannot read them back
The credentials you create inside Swiss Knife SEO are treated as secrets, not as convenient strings we keep lying around.
Shown once, then only a fingerprint remains
API tokens and log-ingestion tokens are shown to you a single time, at the moment you create them. After that we keep only their SHA-256 digest, a one-way fingerprint. We cannot display the original token again, because we no longer hold it. If you lose one, you create a new one.
- API tokens: SHA-256 digest only
- Log-ingestion tokens: SHA-256 digest only
- Revealed once at creation, never re-shown
Connected-account tokens, encrypted with a rotatable key
Tokens for connected accounts are encrypted with a key that can be rotated on its own, separately from the data it protects. That separation means the encryption can be refreshed without disturbing everything else, a standard part of good key hygiene.
- Encrypted at rest, not stored in the clear
- Key can be rotated independently
- Applies to your Google and other connections
Clear about the AI it uses, and easy to walk away from
Two things people ask about most: what happens when a feature calls an AI model, and whether they can take their data with them. Both answers are straightforward.
AI features call metered providers, in the open
When a feature uses AI, it calls metered third-party providers to do the work. That usage is visible inside your workspace, so the AI is never a black box running out of sight. You can see it being spent.
Your data is portable, always
Export any report to an xlsx workbook, CSV, a printable PDF, or pull it through the API at any time. Whatever you have built inside Swiss Knife SEO can leave with you in a format you can actually use.
This page describes how the product handles your data in plain language. The full legal terms and the complete privacy policy live inside the app: read the terms of use and the privacy policy for the binding detail.
Before you connect anything
Do you get access to my Google account password?
Where is my crawl data stored?
Can I get my data out whenever I want?
Read the handling, then try the tool
The free plan lets you connect a property, run a real audit, and see how your data is treated from the inside. No pressure, and an export button that always works.