Security Overview
Axeman Technology Solutions LLP · Keywords Everywhere · Last updated: July 2026
1. About
Keywords Everywhere is a keyword research and SEO analytics service operated by Axeman Technology Solutions LLP, a limited liability partnership registered in India. The service has been in continuous operation since 2015 and serves over 1.6 million users through its browser extensions, website and APIs. This document summarises the security practices that protect customer data.
Axeman Technology Solutions LLP is committed to processing Personal Data in accordance with the applicable Data Protection Laws, including the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR and other applicable privacy laws. The technical and organisational measures described in this Security Overview are intended to support compliance with such applicable laws.
2. Data We Process
We process a deliberately narrow set of data:
- Account data: name, business email address and a unique API key used to authenticate to the Services.
- Usage and technical data: IP address, browser and device information, and feature usage.
- Service data: keyword queries, domains and related search metrics submitted by users.
- Billing contact details: name and email associated with a subscription.
What we do not process: we do not store payment card numbers (payments are handled entirely by Paddle, our merchant of record), and the service is not designed to receive sensitive or special category personal data such as health, financial account or government identification data. The overall data risk profile of the service is low.
Personal Data is processed solely for the purposes of providing, maintaining, securing and supporting the Services and shall not be processed for any purpose incompatible with those purposes except where required or permitted by applicable law.
3. Infrastructure and Hosting
Production systems run in professional data centres operated by Hetzner Online GmbH (Germany and Finland) and Akamai Technologies (Linode; United States and EU). Cloudflare provides DNS, CDN and network layer protection in front of our services. These infrastructure providers maintain their own certifications, including ISO 27001 and SOC 2 at the provider level, and industry standard physical security controls.
4. Encryption and Authentication
All data in transit between users and our services is encrypted using TLS 1.2 or higher. The service does not use passwords: authentication is via unique per user API keys, which removes the risk of a password database compromise, and keys can be reset if compromised.
5. Access Control
Administrative access to production systems is restricted to a small number of named engineers. Access requires SSH key authentication (password login is disabled) and takes place over a private, WireGuard based mesh VPN. Host firewalls restrict inbound traffic to required services only. Access rights follow least privilege, are reviewed periodically, and are revoked promptly when a team member changes role or departs.
6. Operations and Change Management
Code changes are version controlled and reviewed before deployment to production. Security updates are applied to production systems on an ongoing basis. System and application logs are maintained, and uptime and health monitoring alert the team to anomalies and incidents. We periodically review and update our privacy and security policies and operational procedures to ensure that they remain appropriate to the nature, scope and volume of data processed.
7. Backups and Availability
Production databases are backed up regularly and retained on a rolling basis of no more than 90 days. Backups are stored on infrastructure subject to the same access controls described above.
8. Incident Response and Breach Notification
We investigate suspected security incidents promptly. Where an incident constitutes a personal data breach affecting data processed on behalf of a customer, we shall notify the affected customer without undue delay after becoming aware of the breach, and in any event within 72 hours of becoming aware, and provide all information reasonably needed to enable the customer to comply with its obligations under applicable Data Protection Laws, including the Digital Personal Data Protection Act, 2023, where applicable.
9. Data Retention and Deletion
Account data is retained for as long as an account remains active. Upon a verified deletion request or termination of service, we delete or return customer data, with copies in routine backups expiring on the normal rotation cycle described above.
10. Sub Processors
We use the following categories of sub processors to deliver the service:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Infrastructure hosting | Germany, Finland |
| Akamai Technologies, Inc. (Linode) | Cloud hosting | United States, EU |
| Cloudflare, Inc. | DNS, CDN and network security | United States (global network) |
| Amazon Web Services, Inc. | Email delivery (Amazon SES) | United States, EU |
| Twilio Inc. (SendGrid) | Transactional email delivery | United States |
| Paddle.com Market Ltd | Global Reseller (merchant of record) | United Kingdom |
11. Compliance Posture
As a small, bootstrapped company we do not currently hold a SOC 2 or ISO 27001 certification of our own. In place of formal certification we offer: our standard Data Processing Agreement, aligned with Article 28 of the GDPR, which is incorporated into our Terms of Service and applies automatically to all customers; this security overview; and written responses to reasonable security questionnaires. Our infrastructure providers hold ISO 27001 and SOC 2 certifications at the provider level.
12. Contact, Privacy and Grievance Enquiries
Security and privacy enquiries: privacy@keywordseverywhere.com
Axeman Technology Solutions LLP · 502 B Anisha Apartments, Yari Road, Versova, Mumbai 400061, Maharashtra, India · privacy@keywordseverywhere.com