Trust & security

Where your data lives. Who processes it. How we keep it safe.

Everything we'd send to your legal team — public, up to date, honest.

01 · Data residency

All primary data stays in the EU

  • Application + database — Hetzner Cloud CCX23 in Falkenstein, Germany.
  • PostgreSQL 15.4 running on the same VM, inside a private Docker network.
  • Article images — AWS S3 bucket unlimitedvisitors in eu-north-1 (Stockholm).
02 · Sub-processors

Who processes your data

VendorPurpose
OpenAIContent generation · zero-retention API
AnthropicContent generation · zero-retention API
StripePayments · PCI-DSS Level 1
AWS S3Image hosting · eu-north-1 (Stockholm)
CloudflareCDN / DNS / DDoS protection
GoogleOAuth sign-in
SentryError tracking
03 · Backups

Nightly, encrypted, off-site

  • Nightly pg_dump to s3://unlimitedvisitors-backups/db/ at 03:00 UTC.
  • Monthly restore drill on the 1st at 04:00 UTC — we actually run the recovery.
  • Host-level cron — /etc/cron.d/uv-backup and uv-restore-drill.
04 · TLS

HTTPS on every domain — including yours

  • Caddy terminates TLS at the origin.
  • Let's Encrypt wildcard for *.unlimitedvisitors.io via Cloudflare DNS-01.
  • On-demand LE certificates for customer-owned CNAMEd domains — you bring the domain, we issue and rotate the cert.
05 · GDPR · Article 28

We act as a processor

Under GDPR Article 28, UnlimitedVisitors acts as a data processor for the content you generate and the account metadata we hold. You remain the data controller.

A Data Processing Agreement (DPA) is available on request — email contact@unlimitedvisitors.io and we'll send you a signable version within 24h.

06 · Incident response

One email. Real human. < 24h.

Security or data-incident contact: contact@unlimitedvisitors.io.

Target acknowledgement: under 24h. We'll confirm scope, impact, and next steps in that first reply — no PR-filtered auto-response.

Honest note

No SOC 2 yet — and we won't pretend otherwise.

We're a solo-founder SaaS. We're transparent about what we have and what we don't have: Stripe, Hetzner, AWS, OpenAI, and Anthropic each handle their own audited posture (SOC 2, ISO 27001, PCI-DSS where relevant). UV itself does not hold a SOC 2 Type II report yet. If your procurement process requires one before onboarding a vendor, we're not the right fit today — and we'd rather say that upfront than waste your legal team's time.

Ready to ship

Start generating SEO-ready articles today

Daily article generation, internal linking, schema markup, and auto-publishing — all included. Cancel anytime, no setup fees, no long-term contract.

See pricing Stripe-secured · No setup fees · Cancel anytime

Explore more tools

Back to home →
ContentAI Blog WriterContentSEO Content GeneratorStrategyGenerative Engine OptimizationStrategyProgrammatic SEOStrategyIntegrationsProofArticle samplesFree toolAI Search Readiness ScoreFree toolKeyword ClusteringFree toolSchema Markup GeneratorFree toolSEO ChecklistFree toolURL Slug GeneratorFree toolKeyword CombinerFree toolKeyword Density CheckerFree toolSEO ROI CalculatorFree toolAI Cost CalculatorFree toolRobots.txt CheckerFree toolSitemap CheckerFree toolCanonical CheckerFree toolWebsite Metadata CheckerFree toolGoogle Crawler SimulatorFree toolJSON to CSV ConverterFree toolMeta Description GeneratorFree toolTitle Tag GeneratorFree toolAlt Text Generator