// Trust & Security Report
Screaming Frog Limited
UK-based SEO software and agency: SEO Spider (desktop website crawler, local data storage), Log File Analyser (desktop server-log tool), plus a separate SEO/digital-marketing agency service line (technical SEO, PPC, content, digital PR, AI search optimisation).
Certifications held
1
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on screamingfrog.co.uk“"If you believe that we are not holding your information correctly or are unhappy at any dealings with us regarding your information you may complain to the Information Commissioners Office." The policy also documents user rights ("you have the right, at any time and free of charge, to ask us to provide you with copies of all personal information we hold about you"; rights to amend, delete, and opt out of marketing) and cross-border transfer disclosure ("Our website and some of our products or services or parts of them may be hosted in the United States and this means that we may transfer any information which is submitted by you through the website, product or service outside the European Economic Area").”
> Show 8 unconfirmed / not-held certifications
source: screamingfrog.co.ukNo public evidence. Not mentioned on the privacy policy, disclaimer, EULA, or FAQ pages at screamingfrog.co.uk. Note: an AI-generated web search summary claimed Screaming Frog is 'SOC 2 Compliant' but this claim traces to no vendor-domain source and could not be corroborated on any Screaming Frog page; treated as unverified/likely fabricated.
source: screamingfrog.co.ukNo public evidence. Not mentioned on the privacy policy, disclaimer, EULA, or FAQ pages. Same AI-search hallucination issue as SOC 2 above; no vendor-domain corroboration found.
source: screamingfrog.co.ukNo public evidence. HIPAA is not referenced anywhere on the vendor's privacy policy, disclaimer, EULA, or FAQ pages; product is a general-purpose SEO crawler, not positioned for healthcare/PHI use cases.
source: screamingfrog.co.ukNo public evidence found on vendor-domain pages. Payment processing for licences is not detailed with PCI DSS language on the reviewed pages.
source: screamingfrog.co.ukNo public evidence on any reviewed vendor page.
source: screamingfrog.co.ukNo public evidence. No AI-governance certification referenced anywhere on the vendor's site.
source: screamingfrog.co.ukNo public evidence. An AI-generated search summary asserted 'CSA Star Level 1 Compliant' with no traceable vendor-domain source; not corroborated on any Screaming Frog page and treated as unverified/likely fabricated.
source: screamingfrog.co.ukNo public evidence. FedRAMP applies to US federal cloud services; Screaming Frog is a UK SME selling desktop software and agency services with no indication of FedRAMP authorization. An AI-generated search summary claimed 'FedRamp Compliant' with no vendor-domain source; treated as unverified/likely fabricated.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
UK & US: "Your data is stored in secure data centres located in the United Kingdom & United States of America"; the site/services may also transfer data outside the EEA to the US.
No evidence Screaming Frog trains AI/ML models on customer or crawl data. The company is a crawler/SEO-tooling vendor, not an AI model provider; its blog discusses using the SEO Spider to prepare content for customers' own downstream LLM/RAG workflows, which is unrelated to Screaming Frog training on customer data. No public statement either way, so marked unknown (null) rather than assumed.
// Security controls
Encryption / data protection measures
Privacy policy states only a general assurance: "appropriate technical and organisational measures against ... unauthorised or unlawful processing and against ... accidental loss, destruction or damage." No specifics on encryption algorithms, in-transit/at-rest details, or audit evidence.
screamingfrog.co.ukPrimary data storage model
SEO Spider and Log File Analyser are desktop applications; crawl data and licence files are stored locally on the user's machine (e.g. a '.ScreamingFrogSEOSpider' folder in the user's home directory), not by default uploaded to Screaming Frog's servers. The tool can also be run on a user-controlled server/cloud instance at the customer's discretion.
screamingfrog.co.ukThird-party / subprocessor data sharing
"Where you have instructed us to do so, our software applications may share your crawl data with third party services or APIs; you accept full responsibility for ensuring the privacy of all such data." Screaming Frog states it requires service providers to have Data Processing Addendums in place and states it will never sell customer information to third parties.
screamingfrog.co.ukGoogle account data
"Our software applications may, with your consent, access and store your Google user data, however, such data is only available and stored by the user, will only be used for the purposes outlined in this policy and will not be accessible or shared by us."
screamingfrog.co.ukData retention
"Your data will be stored for the duration of your enquiry, contract, or dealings with us. We may be required to store your data for longer to comply with legal, contractual or compliance obligations."
screamingfrog.co.uk// Products & data scope
data: Crawls websites specified by the user; crawl output stored locally on the user's own machine or user-controlled server by default. No indication crawl data is uploaded to Screaming Frog's own infrastructure unless the user opts into cloud/API integrations.
Free tier (limited to 500 URLs) plus a paid licence unlocking full features; runs on Windows, Mac, Linux.
data: Processes server log files uploaded by the user; local desktop tool, same general data-locality profile as SEO Spider.
Sold as a separate licensed product from SEO Spider.
data: Client engagements involve access to client analytics/ad accounts and business data under standard agency service agreements; no distinct security/compliance documentation found for the agency side beyond the general company privacy policy.
Materially different trust profile from the desktop software products since it involves ongoing access to client accounts; no agency-specific DPA or security page was located.
// What to watch
- No trust center or dedicated security/compliance page found on screamingfrog.co.uk; all findings sourced from the general privacy policy, disclaimer, EULA, and product FAQ.
- An AI-generated web search summary asserted Screaming Frog is 'SOC 2 Compliant, GDPR Compliant, ISO 27001 Compliant, FedRamp Compliant, and CSA Star Level 1 Compliant.' This claim could not be traced to any vendor-domain source and directly contradicts the privacy policy, disclaimer, EULA, and FAQ pages, none of which mention any certification. Treated as a fabricated/hallucinated claim and excluded from the assessment; flagged so it is not repeated downstream.
- GDPR posture is graded held=true based on documented user rights, ICO complaint pathway, and cross-border transfer disclosures, but Screaming Frog does not publish a standalone GDPR compliance statement or offer a customer-facing DPA download; enterprise buyers requiring a signed DPA should contact Screaming Frog directly to confirm availability.
- Agency services (client account access) were not separately assessed for security controls; only the general company privacy policy applies across both software and agency lines.
// At a glance
Pricing model
Per-seat annual software licence for SEO Spider / Log File Analyser (free tier available with reduced URL limit); custom/retainer pricing for agency services.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Screaming Frog Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
screamingfrog.co.uk