Rankability Trust Center

Security, privacy, and compliance are foundational to how we build and operate Rankability. This trust center provides transparency into our security practices, data handling, and the controls we have in place to protect your information.

Is Rankability SOC 2 Type II certified?

Rankability is not yet SOC 2 Type II certified. We have implemented controls across all five SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) and are actively progressing through SOC 2 audit readiness. Our SOC 2 report is available under NDA — contact [email protected] to request it.

Separately, the core subprocessors we rely on (including Clerk, Stripe, OpenAI, Anthropic, Google, Sentry, and AWS) are independently SOC 2 Type II certified.

Quick Facts

Encryption in transit

TLS 1.2+ on all connections

Encryption at rest

AES-256-GCM for OAuth tokens; SHA-256 hashing for API keys

Authentication provider

Clerk (SOC 2 Type II certified)

Payment processor

Stripe (PCI DSS Level 1, SOC 2 Type II)

Multi-tenant isolation

Organization-scoped data with session-derived access control

Data retention

Automated policies with defined retention periods per data type

Audit logging

All administrative and authentication events logged with 7-year retention

Incident response

Defined severity levels, escalation matrix, and response procedures

Frequently asked questions

Is Rankability SOC 2 Type II certified?

Not yet. Rankability has implemented controls across all five SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) and is actively progressing through SOC 2 audit readiness. We do not yet hold a completed SOC 2 Type II certification. Our SOC 2 report and supporting documentation are available under NDA — contact [email protected] to request them.

Is Rankability SOC 2 compliant?

Rankability operates a security program aligned to the SOC 2 Trust Service Criteria — encryption, access controls, audit logging, and incident response are all in place. Controls are implemented and the audit is in progress; formal SOC 2 Type II certification is not complete yet.

How do I get Rankability’s SOC 2 report?

Email [email protected] to request our SOC 2 report and related security documentation. It is available under NDA, and we respond within one business day.

Which of Rankability’s subprocessors are SOC 2 certified?

The core subprocessors we rely on — including Clerk, Stripe, OpenAI, Anthropic, Google, Sentry, and AWS — are independently SOC 2 Type II certified. See our subprocessors page for the full list of third parties that process data on our behalf.

How does Rankability protect my data?

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM for OAuth tokens, SHA-256 hashing for API keys). We use organization-scoped multi-tenant isolation with session-derived access control, audit logging with 7-year retention, and a defined incident response process with severity levels and escalation procedures.

Security Inquiries

For security inquiries, to request our SOC 2 report, or to report a vulnerability, reach out to our security team. We respond within one business day.

[email protected]