Security, privacy, and legal resources

Trust Center

AddSearch is built to help teams deliver secure site search while giving legal, security, and procurement teams the evidence they need to review us with confidence.

SOC 2 Type II and SOC 3 reports available
DPA, privacy policy, and security measures ready for review

Certified security with SOC 2 compliance

Principles

Overview

Documents & Resources

FAQs

Our principles

How we approach trust at AddSearch

Our Trust Center is designed to make reviews easier: clear enough for business teams, specific enough for legal and security reviewers.

Protect customer and visitor data

AddSearch processes technical web usage data to provide site search and analytics features. Our DPA defines the processing scope, data categories, and customer-controller relationship.

Limit access by design

We use least-privilege access, individual accounts, MFA where technically feasible, centralized identity management, and employee lifecycle access reviews.

Secure the service continuously

Our controls include encryption in transit and at rest, tenant separation, production change review, activity logging, vulnerability scanning, backups, and annual penetration testing.

Make evidence easy to access

The Vanta Trust Center centralizes security documentation, compliance reports, and access requests so customers can complete vendor reviews with fewer back-and-forth emails.

Security and privacy overview

The practical details reviewers usually ask for

These summaries bring together the key points legal and security teams usually need before reviewing the full DPA, Privacy Policy, and assurance evidence.

Processing role and scope

For customer website visitor data processed through the AddSearch service, customers act as controllers and AddSearch acts as processor or subprocessor, depending on the customer context.

Purpose: provide site search and related analytics features.
Data examples: IP address, search queries, device identifiers, browser and operating system, timestamps, language settings, URL route, and search history on the page.
Customer responsibility: ensure a lawful basis for processing and appropriate notice to website visitors.

Security controls

AddSearch uses administrative, organizational, technical, and physical safeguards intended to protect confidentiality, integrity, availability, and resilience.

Encryption for data in transit and at rest.
MFA, centralized identity management, strong password controls, and least-privilege access.
Tenant separation at application and database layers.
Encrypted backups, disaster recovery procedures, and annual backup restore testing.

Governance and assurance

AddSearch maintains processes for regular security review, incident response, subprocessor management, and third-party audit evidence.

Control reviews through annual SOC 2 Type II audit scope.
Annual penetration testing by an independent party.
Monthly vulnerability scanning with findings triaged by severity.
Employee confidentiality obligations, security training, and access revocation on termination.

Documents

Review our legal and compliance resources

Access standard agreements, privacy documentation, processing details, and assurance reports for vendor review.

Terms Enterprise Terms and Conditions Standard contract terms for premium and enterprise customer agreements.

Terms Self-Service Terms Terms for website sign-up, self-service plans, registration, payment, and service use. Privacy Privacy Policy How AddSearch handles website, customer, marketing, and analytics data. Data processing Data Processing Agreement DPA terms, GDPR processing details, technical measures, and subprocessor commitments. Vendors Subprocessor List Infrastructure and service-specific subprocessors used to provide AddSearch.

Assurance Request SOC 2 Type II Report Request gated access to the latest SOC 2 Type II report for vendor review.

Assurance SOC 3 Report Public-facing assurance report for customers who do not need the full SOC 2 package.

FAQ

Common review questions

What personal data does AddSearch process for the service?

The DPA describes processing of technical website visitor data, including IP address, search queries, device identifiers, operating system, browser type and version, time of visit, language settings, URL route, and search history on the page.

Who is the controller and who is the processor?

For personal data submitted through the service by a customer, the customer is generally the controller and AddSearch acts as processor. If the customer acts as processor for another controller, AddSearch may act as subprocessor.

How does AddSearch protect customer data?

AddSearch uses measures such as encryption in transit and at rest, MFA where technically feasible, least-privilege access, tenant separation, production change review, logging, backups, vulnerability scanning, and annual penetration testing.

How can we get the SOC 2 report?

Request access through the Vanta Trust Center or the SOC 2 request flow. The full SOC 2 Type II report is treated as controlled evidence for vendor reviews.

Where can we review subprocessors?

The DPA includes a subprocessor annex covering infrastructure and service-specific subprocessors. A standalone subprocessor page can mirror that list once the final legal text is approved.

Need another document?

Contact our team for legal, privacy, or security review questions.

Contact Sales Email Legal