Done-for-you offer · Fractional CMO with AI Swarm · local-pack-tracking 4-skill bundle · local-pack-tracking agent
Per-location 3-year SERP-rank history retention for multi- location retail, multi-unit franchise, and multi-location service brand operators — Capture + Persist + Analyze + Export 4-skill bundle under a 5-anchor compliance overlay anchored on SERP-scraping legal landscape, FTC + Lanham rank-marketing claims, records-retention reconciliation, per-vertical retention, and FTC reasonable-basis substantiation
You operate 50-1,500 locations and want three years of per- keyword per-day per-device SERP-rank history per location. Most rank-tracking platforms retain 6-24 months in-platform; full three-year retention requires export to an operator-controlled warehouse with a records-class tagging matrix that reconciles GDPR Article 17 right-to-erasure against SOX 7-year + FINRA 6-year + HIPAA 6-year + FTC Pfizer 1972 reasonable-basis substantiation retention. The SERP-scraping legal landscape keeps shifting (hiQ Labs v LinkedIn 9th Circuit 2022 narrowed CFAA; Meta v Bright Data ND Cal January 2024 reinforced ToS and tortious-interference exposure for logged-in scraping; DMCA Section 1201 + CFAA 18 USC 1030 + state computer-crime laws still apply), so per-vendor scraping-compliance attestation must update on every material legal development. When you advertise rank claims (#1 local plumber in Phoenix, top-ranked dental practice in Austin), the rank-data becomes substantiation under FTC Pfizer 1972 reasonable-basis doctrine + Lanham Act 15 USC 1125(a) + state false-advertising statutes, and must be retained with tamper-evidence hash fingerprints and an unbroken attestation chain. The SERP-scraping, rank-tracking, listings-management, data-warehouse, time-series, trend- modeling, and BI vendors below ship strong primitives. The orchestration above them — per-vendor scraping-compliance posture enforcement, records-class tagging, GDPR vs SOX/FINRA/ HIPAA/FTC reconciliation, FTC substantiation evidence preservation, per-algorithm-update event registry, audit trail — is operator-side architecture. The compliance gate is anchored on five real anchors: SERP scraping legal landscape (hiQ + Meta v Bright Data + per-platform ToS + DMCA + CFAA + state computer-crime); FTC Section 5 + Lanham + state UDAP + FTC Fake Review Rule 16 CFR Part 465 (effective October 2024) + Endorsement Guides 2024; records-retention matrix (SOX 302/404 + SEC Reg S-K + IRS 7yr + FINRA Rule 4511 6yr + GDPR Article 17 + CCPA 1798.105 + state patchwork); per-vertical retention (HIPAA 6yr + FCRA 5yr + GLBA + state licensing- board + per-vertical regulator); FTC reasonable-basis substantiation (Pfizer 1972) + Lanham false-advertising discovery. You keep the SERP-scraping and rank-tracking relationships, the warehouse, the trend-modeling library, the BI tool, the records-class tagging matrix, the per-vendor scraping-compliance policy, the WORM audit trail, and the policy-as-code policies. You keep the ability to in-house at any time.
Published September 24, 2026
The real ecosystem this sits above
SERP scraping + rank tracking
SERP scraping: DataForSEO, SerpApi, Bright Data, Smartproxy, Oxylabs, Scrapfly, ZenRows, ScrapingBee, ValueSERP, Scale SERP, Apify SERP. Local-pack-aware rank tracking: Local Falcon, Local Viking, GMB Crush, Pleper, BrightLocal, Whitespark. General rank tracking: AccuRanker, SE Ranking, Sistrix, Advanced Web Ranking, Wincher, SEMrush, Ahrefs, Mangools, GeoRanker, Serpfox. Each ships strong scraping + rank-capture primitives. Per-vendor compliance posture enforcement above them is operator-side architecture.
Listings management
Yext, Moz Local, Birdeye, Synup, Uberall, ReviewTrackers, Vendasta, Chatmeter, Brandify, Rio SEO. Each ships strong NAP propagation + per-data-aggregator distribution. Cross- platform canonicalization tied to rank-history above them is operator-side architecture.
Data warehouse + time-series
Warehouses: Snowflake, Databricks, BigQuery, Redshift, ClickHouse, Apache Druid, StarRocks, Pinot. Time-series: InfluxDB, TimescaleDB, Prometheus, QuestDB, VictoriaMetrics. Each ships strong storage primitives. Records-class tagging + retention-policy enforcement above them is operator-side architecture.
Trend modeling + BI
Trend modeling: Prophet, ARIMA, SARIMA, statsmodels, pmdarima, sktime, GluonTS, Darts, Kats, Orbit, tsfresh, tslearn, Ruptures, CausalImpact. BI: Looker, Tableau, Power BI, Sigma, Hex, Mode, Preset/Apache Superset. Each ships strong analysis + visualization primitives. The per- algorithm-update event-registry + operator-data-science- team causal-attribution review above them is operator- side architecture.
Policy-as-code + WORM + legal research
Policy-as-code: OPA Rego, AWS Cedar, Casbin, Cerbos, Oso. WORM: AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel. Legal research: Westlaw, Lexis+, Bloomberg Law, Practical Law, Compliance.ai. Each ships strong primitives. The 5-anchor compliance gate that maps SERP scraping legal landscape + FTC/Lanham + records- retention matrix + per-vertical retention + FTC substantiation onto an operator-counsel-approved policy bundle is operator-side architecture.
Frequently asked
What does per-location 3-year SERP-rank history retention actually deliver, and how does the 4-skill bundle decompose?
An orchestration layer that sits above the operator SERP-scraping + rank-tracking + listings-management + data-warehouse + time-series + trend-modeling + BI + policy-as-code + WORM-storage stack and captures, retains, analyzes, and exports per-location per-keyword per-day per-device SERP-rank history with a three-year retention horizon. The skill is a four-skill bundle on the local-pack-tracking agent. Skill 1 — Capture: orchestrate per-location per-keyword per-day SERP scrapes through the operator-chosen SERP-scraping vendor (DataForSEO, SerpApi, Bright Data, Smartproxy, Oxylabs, Scrapfly, ZenRows, ScrapingBee, ValueSERP, Scale SERP, Apify SERP) or rank-tracking platform (Local Falcon, Local Viking, GMB Crush, Pleper, AccuRanker, SE Ranking, Sistrix, Advanced Web Ranking, Wincher, SEMrush, Ahrefs, Mangools, Whitespark, BrightLocal, GeoRanker, Serpfox) with per-scrape geocoordinate, per-scrape device type (desktop, mobile, tablet), per-scrape user-agent, per-scrape timestamp, per-scrape persona context, per-scrape SERP-feature presence, per-scrape paid-vs-organic split, per-scrape competitor universe, per-scrape page-1 candidate roster. Each scrape includes per-vendor compliance metadata (which vendor, under what Terms of Service version, with what attestation that scraping complies with target-platform Terms of Service per current SERP-scraping legal landscape). Skill 2 — Persist: store the captured rank-history rows in the operator data warehouse (Snowflake, Databricks, BigQuery, Redshift, ClickHouse, Apache Druid, StarRocks, Pinot — operator chooses) or time-series database (InfluxDB, TimescaleDB, Prometheus, QuestDB, VictoriaMetrics — operator chooses) with per-row provenance, per-row raw-HTML fingerprint hash for tamper-evidence, per-row scrape-vendor attestation, per-row counsel-policy-version tag, per-row retention-class tag (SOX-tier, HIPAA-tier, FINRA-tier, marketing-substantiation-tier, deletable-tier). Records-class assignment is what later distinguishes which rows survive a GDPR Article 17 or CCPA right-to-delete request and which rows are retained under SOX 7-year, FINRA 6-year, HIPAA 6-year, or FTC substantiation obligations. Skill 3 — Analyze: compute per-period trend metrics across operator-counsel-approved trend algorithms (Prophet, ARIMA, SARIMA, ETS, Holt-Winters, STL decomposition, EWMA, CUSUM, Mann-Kendall, Bayesian change-point, Ruptures, CausalImpact, Kats, Darts, GluonTS, Orbit — operator data-science team chooses subset) with per-period algorithm-update event attribution (Google Core Updates, Helpful Content Updates, Spam Updates, Reviews Updates, Product Reviews Updates, Page Experience, Mobile-First, MUM, BERT, AI Overview/AI Mode rollouts, Bing algorithm updates, Apple Spotlight changes). The Analyze skill does not autonomously diagnose causality — it surfaces pre-update vs post-update rank deltas, correlated rank movements across locations + keywords + verticals, and candidate algorithm-update windows. Causal attribution is operator-data-science-team-and-counsel-reviewed. Skill 4 — Export: emit per-period rank-history snapshots to the operator BI tool (Looker, Tableau, Power BI, Sigma, Hex, Mode, Preset/Apache Superset — operator chooses), to the operator data warehouse downstream consumers, and to per-stakeholder reporting endpoints per operator-defined access controls. Export honors records-class tags so deletable-tier rows propagate deletion correctly and retained-tier rows remain regardless of downstream-system deletion requests. The SERP-scraping, rank-tracking, listings-management, warehouse, time-series, trend-modeling, BI vendors below ship strong primitives. The orchestration above them — per-vendor compliance attestation, records-class tagging, retention-class enforcement, GDPR Article 17 vs SOX 7-year reconciliation, FTC substantiation evidence preservation — is operator-side architecture.
Where does single-vendor rank tracking stop compounding for multi-location operators with 3-year retention?
Single-vendor rank tracking is solved. Local Falcon ships strong geo-grid rank tracking for local-pack. AccuRanker, SE Ranking, Sistrix, SEMrush, Ahrefs ship strong general rank tracking. BrightLocal, Whitespark, GMB Crush ship strong local SEO tooling. DataForSEO and SerpApi ship strong SERP scraping APIs. The compound case the local-pack-tracking agent has to handle is the one where a 50-1,500 location operator wants three years of rank history per location per keyword per day per device, where (a) the rank-tracking platform default retention is shorter than three years (most platforms retain 6-24 months in their hosted database; longer retention requires data export to the operator warehouse), (b) the SERP-scraping vendor Terms of Service vary on whether scraped data may be retained, redistributed, or used to substantiate advertising claims (per-vendor compliance attestation has to be on file for every retained row), (c) some rank-history rows must be retained for SOX 7-year + FINRA 6-year + FTC substantiation 5-7 year regardless of subject access requests, (d) other rows must be deleted on GDPR Article 17 or CCPA Section 1798.105 right-to-delete requests within operator-counsel-set response windows, (e) when rank claims are used in operator marketing (#1 local plumber in Phoenix, top-ranked dentist in Austin), the rank-data becomes substantiation evidence under FTC Pfizer 1972 reasonable-basis doctrine and Lanham Act 15 USC 1125(a) false advertising — meaning the records must be retained, hash-fingerprinted, and producible in discovery, (f) the SERP-scraping legal landscape (hiQ Labs v LinkedIn 9th Cir 2022 + Meta v Bright Data ND Cal January 2024 + DMCA Section 1201 anticircumvention + CFAA 18 USC 1030 + state computer-crime laws) keeps shifting, so per-vendor scraping-compliance attestation must update on every material legal development. Without an orchestration layer above the scraping + rank-tracking + warehouse + time-series + trend-modeling + BI vendors, records-class tagging breaks down (one row cannot be deleted under GDPR while simultaneously retained under SOX without explicit class tagging), the FTC substantiation evidence trail splinters across vendor consoles (when the FTC asks for substantiation of a 2024 rank claim in 2027, the rank data must be producible with attestation chain intact), and the per-vendor scraping-compliance posture goes stale. The orchestration above the vendors is what holds the cross-vendor + cross-class + cross-jurisdiction invariants.
How does the records-class tagging in Skill 2 Persist reconcile GDPR Article 17 right-to-erasure against SOX + FINRA + FTC substantiation retention?
Records-class tagging is operator-counsel-approved and applied at persist time. Each rank-history row carries one or more retention-class tags. The tags determine which legal regime governs retention for that row. Tag class A (deletable consumer-record-tier): rows tied to a specific consumer subject who has GDPR or CCPA standing to request erasure or deletion. These rows propagate deletion within operator-counsel-set response windows (GDPR Article 17 typically 30 days, CCPA Section 1798.105 typically 45 days, Texas Data Privacy and Security Act + Virginia CDPA + Connecticut CTDPA + Colorado CPA + Utah CPA + Maryland Online Data Privacy Act with state-specific windows). Tag class B (SOX 7-year-tier): rows that are part of internal control over financial reporting under SOX 302/404, including rank-data that informs revenue forecasts or impairment analyses. Records subject to SOX 7-year retention and SEC Reg S-K 5-year retention; these survive consumer deletion requests because the legal basis for retention is non-consumer-controlled (Article 17(3)(b) GDPR exemption for compliance with legal obligations). Tag class C (FINRA 6-year-tier): rows applicable when operator is a FINRA-regulated entity or affiliate, retained under FINRA Rule 4511. Tag class D (HIPAA 6-year-tier): rows applicable when operator is a HIPAA-covered entity or business associate and rank data touches protected health information (typically when search terms or landing pages carry PHI references — operator counsel determines the threshold). Tag class E (FTC reasonable-basis-substantiation-tier): rows that substantiate operator advertising claims (when operator advertises "#1 local roofing contractor in Houston" or "top-ranked dental practice in Phoenix," the underlying rank data is the substantiation evidence under FTC Pfizer 1972 reasonable-basis doctrine and Lanham Act 15 USC 1125(a) false advertising). Per FTC Endorsement Guides 2024 and the FTC Fake Review Rule 16 CFR Part 465 effective October 2024, substantiation must be in operator possession before the claim is made and retained as long as the claim runs plus operator-counsel-set retention tail (typically 5-7 years). Tag class F (lawsuit-discovery-tier): rows currently or potentially subject to discovery hold (state AG investigation, FTC investigation, private litigation, IRS audit) — these survive all other deletion regimes during the hold period. Tag class G (regulator-correspondence-tier): rows tied to ongoing regulator correspondence. The Persist skill records the class tags at ingest time with the operator-counsel-policy-version that drove the tagging; subsequent regulatory developments may add tags but never remove them without operator-counsel-approved revision. When a consumer deletion request arrives, the orchestration enumerates affected rows, partitions them into deletable-only vs retained-under-class-B-through-G, deletes the deletable subset within the operator-counsel-set response window, and responds to the requester with the GDPR Article 17(3) or CCPA Section 1798.105(d) basis for retaining the remainder. The audit trail of every deletion decision lives on operator-controlled WORM storage with per-statute retention per operator counsel policy. The orchestration does not autonomously resolve class conflicts — it surfaces them to operator counsel for decision, then implements the decision once approved.
How does the SERP-scraping legal landscape (hiQ v LinkedIn + Meta v Bright Data + per-platform ToS + DMCA + CFAA) get operationalized through per-vendor compliance attestation?
The SERP-scraping legal landscape is operator-counsel-tracked, not autonomously interpreted by the orchestration. The orchestration enforces the operator-counsel-approved per-vendor scraping policy. hiQ Labs v LinkedIn (9th Cir 2022) narrowed CFAA application to scraping of publicly accessible data but left contractual (Terms of Service) and tortious interference claims viable. Meta Platforms v Bright Data (ND Cal January 2024) reinforced that scraping logged-out public pages may be lawful under CFAA but logged-in scraping subject to ToS likely violates contract. DMCA Section 1201 anticircumvention applies when technical access controls are bypassed. CFAA 18 USC 1030 applies when authorization is exceeded. State computer-crime laws (California Penal Code 502, Texas Penal Code 33, Florida Computer Crimes Act, similar state patchwork) add state-level enforcement. Per-platform Terms of Service vary: Google Search ToS, Bing Webmaster Terms, Apple Spotlight, Yahoo, DuckDuckGo each have distinct stances on automated access; rate limits, IP-blocking, and CAPTCHA evasion all interact with the legal posture. The operator-counsel-approved per-vendor scraping policy assigns each SERP-scraping vendor (DataForSEO, SerpApi, Bright Data, Smartproxy, Oxylabs, Scrapfly, ZenRows, ScrapingBee, ValueSERP, Scale SERP, Apify SERP) to an operator-counsel-approved compliance posture (cleared for use at current attestation level, cleared with restrictions, paused pending re-attestation, prohibited). The orchestration checks the per-vendor compliance posture before each Capture call. When a vendor moves to paused or prohibited, the orchestration refuses to route new scrapes through that vendor and surfaces the change to the operator data team for substitution to a still-cleared vendor. The historical rank-history rows captured through a previously-cleared vendor remain retained under the operator-counsel-approved records-class tagging — they were captured under a then-current compliance posture and remain subject to whatever class tagging applied at capture time. The audit trail records per-row per-vendor compliance attestation, attestation timestamp, and attestation source (counsel-approval-document version). The orchestration does not autonomously decide whether a vendor remains compliant — counsel reviews material legal developments (new case law, new ToS amendments, new state statute) and updates the per-vendor posture; the orchestration implements the posture.
What compliance does the retention layer enforce, and how does it map to scraping legal landscape, FTC/Lanham, records-retention matrix, per-vertical retention, and FTC substantiation?
Five anchors. Anchor 1 — SERP scraping legal landscape. hiQ Labs v LinkedIn (9th Cir 2022) + Meta Platforms v Bright Data (ND Cal January 2024) + DMCA Section 1201 anticircumvention + CFAA 18 USC 1030 + state computer-crime laws (California Penal Code 502 + Texas Penal Code 33 + Florida Computer Crimes Act + state patchwork) + per-platform Terms of Service (Google Search + Bing Webmaster + Apple Spotlight + Yahoo + DuckDuckGo) + per-vendor compliance posture for each SERP-scraping vendor (DataForSEO, SerpApi, Bright Data, Smartproxy, Oxylabs, Scrapfly, ZenRows, ScrapingBee, ValueSERP, Scale SERP, Apify SERP). The orchestration enforces operator-counsel-approved per-vendor posture before each Capture and records per-row per-vendor attestation. Anchor 2 — FTC Section 5 + Lanham Act + state UDAP on rank-based marketing claims + FTC Fake Review Rule (16 CFR Part 465 effective October 2024 prohibiting fake/incentivized/unflagged-bot/AI-generated/insider reviews and review suppression) + FTC Endorsement Guides 2024 (updated October 2024 with AI-disclosure expectations + clearer rules on review collection, display, and AI-generated content). When operator marketing uses rank claims (#1 local X in Y, top-ranked Z in W), the rank-data is the substantiation; the orchestration preserves the underlying rank-history rows with tamper-evidence hash fingerprints. Anchor 3 — Records-retention regulatory matrix. SOX Section 302 + 404 internal control over financial reporting (rank data informing revenue forecasts or impairment analyses) with 7-year retention per Sarbanes-Oxley + 17 CFR 240.17a-4 for broker-dealers + SEC Reg S-K + IRS Section 6001 7-year. FINRA Rule 4511 6-year retention for FINRA-regulated affiliates. GDPR Article 17 right-to-erasure subject to Article 17(3) exemptions including legal-obligation compliance (Article 17(3)(b)) and exercise of legal claims (Article 17(3)(e)) + Article 5(1)(e) storage limitation principle balanced against retention obligations. CCPA Section 1798.105 right-to-delete subject to 1798.105(d) exceptions including legal obligation and exercise/defense of legal claims. State patchwork: Texas Data Privacy and Security Act, Virginia CDPA, Connecticut CTDPA, Colorado CPA, Utah CPA, Oregon Consumer Privacy Act, Maryland Online Data Privacy Act, Washington My Health My Data Act (when health-data implicated), Tennessee Information Protection Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Florida Digital Bill of Rights, Delaware Personal Data Privacy Act, Montana Consumer Data Privacy Act with state-specific deletion-response windows. The orchestration reconciles deletion obligations against retention obligations via records-class tagging. Anchor 4 — Per-vertical results retention requirements. HIPAA 45 CFR Parts 160 + 164 6-year retention when rank-data touches PHI. FCRA 5-year (15 USC 1681) for consumer-reporting-adjacent records. GLBA Safeguards Rule for financial-services-vertical records. FDA OPDP DTC pharma substantiation retention. DISCUS Code marketing-claim records for alcohol-vertical. Per--regulator records-retention obligations. State insurance-commissioner records-retention regs. State medical/dental/optometry/pharmacy/PT licensing-board records-retention rules. Anchor 5 — FTC reasonable-basis substantiation doctrine (Pfizer 1972 and progeny) + Lanham Act 15 USC 1125(a) false advertising private right of action + state false-advertising statutes (California Business and Professions Code 17500 + similar). The substantiation must exist in operator possession before the claim runs and be retained through the FTC limitations period (5-year typical) plus operator-counsel-set tail. Per-row hash fingerprints establish tamper-evidence; per-row counsel-policy-version tags establish the policy context at capture time; per-row vendor-attestation establishes the chain of custody. Broader gate also enforced: HIPAA + HITECH + PCI DSS 4.0 + GLBA Safeguards + SOC 2 Type II + ISO 27001 + ISO 42001 + NIST AI RMF via policy-as-code (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso). WORM audit trail (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-row per-class retention enforcement per operator counsel policy.
What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?
Tier 1 AI Readiness Assessment (2-3 weeks, diagnostic): audits the operator current per-location SERP-rank capture and retention posture against the 4-skill bundle + 5-anchor compliance overlay + per-vendor scraping-compliance attestation state; deliverable is a gap-pack report identifying which locations lack three-year history backfill, which keywords lack daily-cadence capture, which rank-tracking platform retention is shorter than the operator three-year target (most platforms retain 6-24 months in-platform), which per-vendor scraping-compliance attestations are stale, which records-class tags are unassigned, which GDPR Article 17 vs SOX retention conflicts are unresolved, whether per-vertical retention obligations (HIPAA + FCRA + GLBA + FDA OPDP) are captured, whether FTC substantiation evidence for operator rank-based marketing claims is producible with hash-fingerprint and attestation chain intact, and a recommended remediation sequence for Tier 2. Tier 2 AI Swarm Setup Sprint (4-8 weeks): builds the 4-skill bundle on the local-pack-tracking agent, wires the SERP-scraping vendor or rank-tracking platform (operator-chosen subset), wires the data warehouse (Snowflake/Databricks/BigQuery/Redshift/ClickHouse/Druid — operator chooses), wires the time-series database when retention pattern fits (InfluxDB/TimescaleDB/Prometheus/QuestDB/VictoriaMetrics), configures the operator-counsel-approved per-vendor scraping-compliance policy, configures the records-class tagging matrix, wires the trend-modeling library subset (operator data-science team chooses), wires the BI tool (operator chooses), wires policy-as-code + WORM-storage, runs 30-day shadow + canary period before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/wk embedded): continues operating with daily Capture across the operator-counsel-approved vendor mix + weekly trend-metric refresh + monthly per-Google-algorithm-update event-registry update + quarterly per-vendor scraping-compliance attestation refresh against recent case law + quarterly records-class tagging policy review against statute amendments + quarterly compliance evidence packages. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-location capture-completeness trend + per-keyword capture-completeness trend + per-vendor compliance-attestation freshness + per-records-class tagging coverage + deletion-request response time against operator-counsel-set windows + WORM audit-trail completeness) measured against the operator’s pre-engagement baseline. Each workstream surfaces trend direction and the gap to operator-defined targets. Reporting carries explicit caveats: SERP-scraping vendor SLA + rank-tracking platform SLA + warehouse + time-series + BI vendor SLA + Google algorithm update cadence (Core Updates + Helpful Content + Spam + Reviews + Product Reviews + Page Experience + Mobile-First + MUM + BERT + AI Overview/AI Mode rollouts) + Bing algorithm cadence + Apple Spotlight changes + per-platform Terms of Service amendments + DMCA + CFAA + state computer-crime statute amendments + GDPR + CCPA + state-comprehensive-privacy implementing guidance + FTC Fake Review Rule and Endorsement Guides amendments + per-vertical regulator guidance + scraping-legal-landscape case law (hiQ progeny + Meta v Bright Data progeny + similar) sit outside Completions control. Attorney-client privilege preservation across operator-counsel-approved per-vendor scraping-compliance policy + records-class tagging matrix + GDPR Article 17 vs SOX retention reconciliation records + FTC substantiation evidence library + per-vertical retention compliance evidence is maintained per operator counsel policy.
Who owns the rank-history data, the per-vendor scraping policy, the records-class tagging matrix, and the audit trail?
Operator owns every artifact. The SERP-scraping vendor accounts (DataForSEO, SerpApi, Bright Data, Smartproxy, Oxylabs, Scrapfly, ZenRows, ScrapingBee, ValueSERP, Scale SERP, Apify SERP — operator chooses) run under operator billing on operator-controlled credentials. The rank-tracking platform accounts (Local Falcon, Local Viking, GMB Crush, Pleper, AccuRanker, SE Ranking, Sistrix, Advanced Web Ranking, Wincher, SEMrush, Ahrefs, Mangools, Whitespark, BrightLocal, GeoRanker, Serpfox — operator chooses) run under operator billing. The listings-management platform (Yext, Moz Local, Birdeye, Synup, Uberall, ReviewTrackers, Vendasta, Chatmeter, Brandify, Rio SEO — operator chooses) runs under operator billing. The data warehouse (Snowflake, Databricks, BigQuery, Redshift, ClickHouse, Apache Druid, StarRocks, Pinot — operator chooses) runs under operator cloud account. The time-series database (InfluxDB, TimescaleDB, Prometheus, QuestDB, VictoriaMetrics — operator chooses if used) runs under operator account. The BI tool (Looker, Tableau, Power BI, Sigma, Hex, Mode, Preset/Apache Superset — operator chooses) runs under operator billing. The operator-counsel-approved per-vendor scraping-compliance policy + records-class tagging matrix + GDPR Article 17 vs SOX/FINRA/HIPAA/FTC retention reconciliation policy + FTC substantiation evidence library + per-vertical retention compliance evidence + per-algorithm-update event registry all live in operator counsel repo. The Capture + Persist + Analyze + Export skill code lives in operator code repo. The trend-modeling library configurations (Prophet, ARIMA, SARIMA, statsmodels, pmdarima, sktime, GluonTS, Darts, Kats, Orbit, tsfresh, tslearn, Ruptures, CausalImpact — operator data-science team chooses subset) live in operator code repo. The records-class tagging matrix lives in operator code repo. The WORM audit trail lives on operator-controlled cloud storage (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-row per-class retention enforcement. The policy-as-code policies (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso) live in operator code repo, counsel-aligned. The HIPAA + FCRA + GLBA + FDA OPDP + state-licensing-board + SOX + FINRA + FTC substantiation + GDPR Article 17 + CCPA + state-comprehensive-privacy compliance evidence records are operator-counsel-maintained. Completions owns the orchestration knowledge — how to design the per-vendor scraping-compliance posture against the actual operator vendor mix, how to design the records-class tagging matrix against operator regulatory exposure, how to reconcile GDPR Article 17 deletion requests against SOX + FINRA + HIPAA + FTC substantiation retention without violating either regime, how to preserve FTC substantiation evidence with tamper-evidence hash fingerprints, how to wire per-Google-algorithm-update event-registry against operator data-science-team causal-attribution review, how to coordinate with sibling rank-tracking + serp-feature-presence-tracking + rank-stream-emission skills on the local-pack-tracking agent — and that knowledge transfers under the Tier 3 transition path (30-60 days at engagement end with full hand-off of the per-vendor scraping-compliance policy maintenance playbook, the records-class tagging matrix maintenance runbook, the GDPR vs SOX/FINRA/HIPAA/FTC reconciliation playbook, the FTC substantiation evidence library generation playbook, the per-algorithm-update event-registry maintenance playbook, and the compliance evidence-package generation playbook). Completions credentials revoke on engagement-end.
Engage Completions
Start with the AI Readiness Assessment (Tier 1, 2-3 weeks): audit of the operator current per-location SERP-rank capture and retention posture against the 4-skill bundle + 5-anchor compliance overlay + per-vendor scraping-compliance attestation state + records-class tagging matrix. Hand off to Tier 2 AI Swarm Setup Sprint (4-8 weeks): build the 4-skill bundle on the local-pack-tracking agent, wire SERP- scraping or rank-tracking platform + warehouse + time-series + trend modeling + BI + policy-as-code + WORM-storage, run 30-day shadow + canary before flipping to enforce-mode. Continue under Tier 3 Fractional CMO with AI Swarm (/ mo, 6-month minimum, 1-2 days/wk embedded).