// Trust & Security Report

    MarketMuse, Inc. (owned by Siteimprove) logo

    MarketMuse, Inc. (owned by Siteimprove)

    AI-powered content planning and optimization platform for SEO and content strategy; now integrated into Siteimprove's broader platform including accessibility, SEO, analytics, and marketing tools

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    As a US business selling software to worldwide companies, we are proud to be both DPA and GDPR compliant.

    Verify on marketmuse.com
    Data Processing Agreement (DPA)
    HELD

    As a US business selling software to worldwide companies, we are proud to be both DPA and GDPR compliant.

    Verify on marketmuse.com
    > Show 6 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    No public evidence of SOC 2 certification on vendor domain. Parent company Siteimprove's DPA mentions sub-processors maintain SOC 2, but MarketMuse product itself does not claim SOC 2 independently.

    source: marketmuse.com
    ISO 27001
    NOT CONFIRMED

    No public evidence on marketmuse.com. Parent company Siteimprove holds ISO 27001:2022 certification (verified March 2024), but scope of applicability to MarketMuse product post-acquisition is unspecified by vendor.

    source: marketmuse.com
    HIPAA
    NOT CONFIRMED

    Terms of Service explicitly state customers warrant information is not subject to HIPAA except when expressly agreed. No HIPAA compliance claim made.

    source: marketmuse.com
    ISO 27017 (Cloud data security)
    NOT CONFIRMED

    no public evidence

    ISO 27018 (Personal data protection in cloud)
    NOT CONFIRMED

    no public evidence

    CSA STAR
    NOT CONFIRMED

    no public evidence

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    United States (vendor states: 'We are a US-based company and do all our tracking and analysis in the US')

    Privacy policy does not explicitly disclose whether MarketMuse uses customer content/data for AI model training. Opt-out mechanism available via support@marketmuse.com.

    // Security controls

    Data encryption in transit

    Required via TLS. Privacy policy references 'encrypted line for the secure transport of data' for non-public websites.

    marketmuse.com

    Data residency

    United States only. Vendor states all tracking and analysis conducted in US.

    marketmuse.com

    Sub-processor standards

    Parent company Siteimprove's DPA states sub-processors maintain SOC 2 and ISO 27001, but direct evidence limited to parent company certification.

    siteimprove.com

    // Products & data scope

    MarketMuse (Content Planning & Optimization)AI Content Tools / SEO

    data: Customer websites, content analysis, keyword research, competitor data, user account data

    Core AI-driven content planning tool. Now integrated into Siteimprove platform post-acquisition (Oct 2024).

    Content Brief GeneratorAI Content Tools

    data: Topic keywords, competitor content, customer content inventory

    Part of MarketMuse suite

    OptimizeContent Optimization

    data: Customer content, editorial recommendations

    Content optimization module; uses AI to suggest structure and depth improvements

    // What to watch

    • RECENT ACQUISITION: Siteimprove completed acquisition of MarketMuse on October 31, 2024. Compliance posture may still be aligning between parent and subsidiary.
    • PARENT-SUBSIDIARY AMBIGUITY: Siteimprove holds ISO 27001:2022 certification, but MarketMuse does not independently claim this on its public domain. Unclear whether certification extends to MarketMuse product or only to Siteimprove corporate infrastructure.
    • NO SOC 2 CLAIM: MarketMuse does not publicly claim SOC 2 Type II certification on vendor domain. Parent company Siteimprove's DPA references sub-processors with SOC 2, but Siteimprove itself does not publicly claim SOC 2 on its website.
    • AI TRAINING DISCLOSURE GAP: Privacy policy does not explicitly address whether customer content or data is used for AI model training. Vendor should clarify opt-out mechanisms for AI training.
    • NO TRUST CENTER: Unlike many competitors, MarketMuse does not maintain a dedicated trust center or security page. Compliance information scattered across privacy policy and terms.
    • TERMS REFERENCING PARENT: Terms of Service reference Siteimprove's DPA rather than MarketMuse's own—suggests operational dependency on parent company infrastructure but creates ambiguity about direct accountability.

    // At a glance

    Pricing model

    SaaS subscription (usage-based and team-based tiers)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on MarketMuse, Inc. (owned by Siteimprove)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    marketmuse.com

    > Browse all vendor trust reports