The ClickedOn GEO platform sees a lot. Search performance, competitor citations, brand mentions across AI engines, the accounts you connect from Google, LinkedIn and Meta. This page explains how we look after all of it.
Last reviewed: May 2026
We build the GEO platform for performance marketers who answer to CFOs, boards, and legal teams. That means the security posture cannot be a footnote. It is part of the product.
A summary of the controls behind the dashboard. The detail is deliberately kept general so this page is useful to you, without becoming a playbook for anyone else.
Every account is isolated at the database layer with row-level access controls. One client cannot see, query, or infer the existence of another. Internal staff access is role-scoped and logged. We do not sell, share, or train third-party models on your data.
Authentication runs through audited identity providers with industry-standard session handling, secure HTTP-only cookies, and short-lived tokens. Passwords (where used) are hashed by the identity provider, never stored by us in any form.
When you connect Google, LinkedIn, Meta, or other accounts, we use OAuth so your password never reaches us. The resulting tokens are written to an encrypted secret store. They never appear in our application database, never reach the browser, and are scoped to the smallest set of permissions the integration actually needs.
All traffic between you, our platform, and the third-party APIs we call is encrypted in transit. Data at rest sits on managed cloud infrastructure with provider-level encryption and audited backup, key-management, and access controls.
We run on enterprise-grade hosting with global edge delivery, automated failover, and managed Postgres with point-in-time recovery. Background jobs are concurrency-limited and retried on failure. We monitor pipeline health per organisation so a missed sync surfaces in hours, not weeks.
Where the platform depends on third-party data (search performance, backlinks, AI citations), we design for vendor outages. Critical data classes have fallback sources so a 401 or a rate limit from one provider does not blank your dashboard.
Almost every integration in the GEO platform follows the same pattern. You click Connect, you are sent to the provider (Google, LinkedIn, Meta and others), you sign in there, and you choose which property the integration is allowed to read or write. We do not see your provider password at any point in that flow.
The token the provider issues to us is written to an encrypted secret store, never to a regular table. The application reads it only at the moment a request to the provider needs to be made, and only on our servers. Tokens are not exposed to the browser, not included in client bundles, and not logged.
You can disconnect any integration from your settings page. Disconnection invalidates the token on our side and, where the provider supports it, revokes the grant with them as well.
Workspaces are isolated at the database layer, not just in the UI. The platform is built so that every query made on behalf of a signed-in user is bounded to the organisations they belong to. This is enforced at the data store, so a bug in the user interface cannot expose another customer's rows.
Internal access is the same shape. ClickedOn staff who need to support an account use a separate, audited path with named-person attribution. Engineers do not have ambient access to customer data as part of their day job.
The application runs on a managed serverless platform with global edge delivery. The primary data store is a managed Postgres cluster with automated daily backups and point-in-time recovery within the supported window. Deployments are immutable and roll back in seconds if a release misbehaves.
Background syncs (daily and weekly) are consolidated under a small number of cron entry points. Each run is bounded in concurrency, retried on transient failure, and recorded against a per-organisation pipeline health record. When a sync misses, we see it. When you ask, “Is my data fresh?” the answer is not a guess.
The platform also assumes its upstream vendors will fail sometimes, because they do. Where we depend on a single third-party API for critical signal (backlinks, AI citation monitoring, search analytics), we build a fallback path so the dashboard keeps reporting through the outage.
The GEO platform calls AI models to analyse content, generate briefs, and measure how engines describe your brand. The prompts and responses involved are treated as customer data.
We only ever call these models through their commercial API endpoints under our own contracted accounts. We do not pipe your data through the consumer-facing chat products. Under the standard API terms our providers publish, customer inputs and outputs are not used to train their models. The providers may retain API traffic briefly (typically up to 30 days) for security and abuse monitoring before deletion, and that traffic is not used for training in either direction.
If your organisation needs a stricter posture (for example, zero retention on the model-provider side), tell us during onboarding. Several of our providers offer enterprise arrangements that we can request on your behalf.
If you spot a security issue, an unexpected piece of data, or anything in the platform that feels off, please email info@clickedon.co. We acknowledge responsible disclosures within two business days. We will not pursue legal action against researchers who report issues in good faith, give us reasonable time to fix them before publishing, and avoid accessing other customers' data while investigating.
Security is a moving target, so this is too. Active work includes formalising our SOC 2 readiness, expanding per-organisation audit trails inside the app, and giving customer admins more self-serve visibility over connected integrations and team access. We will update this page as those land.
For procurement questions, due-diligence questionnaires, or a deeper conversation about controls relevant to your industry, get in touch via the contact form and we'll route you to the right person.
Sign up for a GEO account and see the controls on this page from the inside, or talk to us first and we'll walk you through it.