// Trust & Security Report

    CodeCat s.r.o. logo

    CodeCat s.r.o.

    SEO tools suite including keyword research (KWFinder), backlink analysis (LinkMiner), SERP analysis (SERPChecker, SERPWatcher), site profiling (SiteProfiler), AI-powered search monitoring (AI Search Watcher), and complementary free SEO tools.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Privacy Policy states: 'You have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted' and 'Please allow up to 10 days for a response.' DPA (Version 1.1, Last Updated June 8, 2026) governs GDPR compliance with Standard Contractual Clauses (Module Two controller-to-processor / Module Three processor-to-subprocessor), the UK International Data Transfer Addendum, and Swiss FADP modifications.

    Verify on mangools.com
    Data Processing Agreement (DPA)
    HELD

    Data Processing Addendum Version 1.1 effective June 8, 2026 is available. Covers data residency (primary EU, AWS; secondary US/other), encryption (TLS 1.2+ transit, AES-256 rest), breach notification (72 hours), audit rights, and sub-processor management.

    Verify on mangools.com
    > Show 10 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    No Mangools-owned SOC 2 certification found. DPA references 'AWS data centers are ISO 27001 certified and SOC 2 Type II audited' - these are cloud provider certifications, not vendor certifications.

    source: mangools.com
    ISO 27001
    NOT CONFIRMED

    No Mangools-owned ISO 27001 certification found. DPA references AWS infrastructure certification only: 'AWS data centers are ISO 27001 certified and SOC 2 Type II audited'.

    source: mangools.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification. Not applicable to SEO tools use case.

    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification. Stripe (third-party payment processor) is PCI DSS compliant, but Mangools itself does not claim certification.

    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification.

    ISO 27017 (Cloud Data Security)
    NOT CONFIRMED

    No public evidence of ISO 27017 certification for Mangools.

    ISO 27018 (Personal Data Protection in Cloud)
    NOT CONFIRMED

    No public evidence of ISO 27018 certification for Mangools.

    ISO 27701 (Privacy Information Management)
    NOT CONFIRMED

    No public evidence of ISO 27701 certification for Mangools.

    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification. Mangools offers AI-powered tools (AI Search Watcher, AI Search Grader) but does not claim formal AI governance certification.

    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification.

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary: European Union (AWS data centers); Secondary: United States and other locations via sub-processors

    Privacy Policy explicitly states: 'The company does not store, retain, or log any user data retrieved from Looker Studio or any other Google Workspace APIs' and 'no use of Google API data for AI/ML model training.' However, no public statement on whether other customer data (keywords, competitors, websites analyzed) is used for AI/ML training. AI Search Watcher and AI Search Grader are Mangools' own AI products, but data usage for training is not disclosed.

    // Security controls

    Encryption in Transit

    TLS 1.2 or higher

    mangools.com

    Encryption at Rest

    AES-256 (or equivalent)

    mangools.com

    Data Residency (Primary)

    EU (AWS data centers)

    mangools.com

    Breach Notification

    72-hour notification window required (DPA); 'without undue delay' (Privacy Policy)

    mangools.com

    Sub-processor Management

    30-day prior notice for changes; customers may object on data protection grounds

    mangools.com

    Data Deletion Post-Termination

    90 days for active deletion; backups deleted within 180 days

    mangools.com

    Audit Rights

    Annual audits permitted with 30 days' notice

    mangools.com

    Network Security

    SSL encryption for sensitive data; regular malware scanning and security vulnerability assessments

    mangools.com

    // Products & data scope

    KWFinderKeyword Research

    data: Keyword data, search volumes, difficulty metrics; no personal data collected from users

    Core SEO product with 2.5B+ keywords in database

    SERPChecker / SERPWatcherSERP & Rank Tracking

    data: SERP data, rank positions, competitor analysis; 65k+ city-level locations; no personal data

    Real-time rank tracking and competitor analysis

    LinkMinerBacklink Analysis

    data: Backlink data, link quality metrics; no personal data

    Backlink opportunity identification and competitor analysis

    SiteProfilerSite Analysis

    data: Website metrics and SEO insights; no personal data

    Domain and website overview tool

    AI Search WatcherAI Search Monitoring

    data: AI search engine visibility (ChatGPT, Google Gemini, DeepSeek, Claude, Mistral, Llama); brand mentions tracking

    Monitors brand visibility in LLM-based search engines. Data usage for training not publicly disclosed.

    AI Search GraderAI Search Analysis

    data: Brand visibility in AI search engines; generative engine optimization metrics

    Free tool for evaluating performance in AI-powered search engines. Data usage not publicly disclosed.

    // What to watch

    • CERT AMBIGUITY: DPA references 'AWS data centers are ISO 27001 certified and SOC 2 Type II audited' - these are cloud provider certifications, NOT Mangools' own. Marketing materials could be misinterpreted as vendor certifications.
    • NO FORMAL SECURITY CERTS: Mangools holds zero formal third-party security certifications (SOC 2, ISO 27001, etc.). Common for smaller SaaS but limits enterprise adoption.
    • BROAD COMMUNICATION RIGHTS: Terms & Conditions grant Mangools 'a worldwide, non-exclusive perpetual right to any ideas, information, designs or other material contained in any communication.' Could be interpreted as ownership of customer feedback/ideas.
    • LIABILITY LIMITATIONS: Terms disclaim security warranties ('provided on an as-is basis') and cap liability at amounts paid. Heavy limitations for a security-sensitive tool.
    • AI TRAINING DISCLOSURE GAP: Privacy Policy only confirms Google API data is not used for AI/ML. No disclosure on whether other customer data (keywords, website URLs, competitors, analytics) is used for training Mangools' AI products (AI Search Watcher, AI Search Grader).
    • NO TRUST CENTER: No dedicated trust center or security certifications page. Compliance information scattered across DPA, Privacy Policy, and Terms.

    // At a glance

    Pricing model

    SaaS subscription with three tiers (Basic €37.70/mo, Premium €52.70/mo, Agency €97.70/mo) billed annually or monthly; 48-hour money-back guarantee

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on CodeCat s.r.o.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    mangools.com

    > Browse all vendor trust reports