Rankability Trust Center
Security, privacy, and compliance are foundational to how we build and operate Rankability. This trust center provides transparency into our security practices, data handling, and the controls we have in place to protect your information.
Is Rankability SOC 2 Type II certified?
Rankability is not yet SOC 2 Type II certified. We have implemented controls across all five SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) and are actively progressing through SOC 2 audit readiness. Our SOC 2 report is available under NDA — contact [email protected] to request it.
Separately, the core subprocessors we rely on (including Clerk, Stripe, OpenAI, Anthropic, Google, Sentry, and AWS) are independently SOC 2 Type II certified.
Quick Facts
Encryption in transit
TLS 1.2+ on all connections
Encryption at rest
AES-256-GCM for OAuth tokens; SHA-256 hashing for API keys
Authentication provider
Clerk (SOC 2 Type II certified)
Payment processor
Stripe (PCI DSS Level 1, SOC 2 Type II)
Multi-tenant isolation
Organization-scoped data with session-derived access control
Data retention
Automated policies with defined retention periods per data type
Audit logging
All administrative and authentication events logged with 7-year retention
Incident response
Defined severity levels, escalation matrix, and response procedures
What We Cover
Security Overview
How we protect your data with encryption, access controls, and monitoring.
Data Handling & Privacy
What data we collect, how we store it, and your rights.
Infrastructure & Availability
Our hosting, uptime, backups, and disaster recovery.
Authentication & Access Control
How we secure user accounts, API keys, and integrations.
Subprocessors
Third-party services that process data on our behalf.
Compliance
Our SOC 2 journey, policies, and audit readiness.
Incident Response
How we detect, respond to, and communicate about security events.
Frequently asked questions
Is Rankability SOC 2 Type II certified?
Not yet. Rankability has implemented controls across all five SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) and is actively progressing through SOC 2 audit readiness. We do not yet hold a completed SOC 2 Type II certification. Our SOC 2 report and supporting documentation are available under NDA — contact [email protected] to request them.
Is Rankability SOC 2 compliant?
Rankability operates a security program aligned to the SOC 2 Trust Service Criteria — encryption, access controls, audit logging, and incident response are all in place. Controls are implemented and the audit is in progress; formal SOC 2 Type II certification is not complete yet.
How do I get Rankability’s SOC 2 report?
Email [email protected] to request our SOC 2 report and related security documentation. It is available under NDA, and we respond within one business day.
Which of Rankability’s subprocessors are SOC 2 certified?
The core subprocessors we rely on — including Clerk, Stripe, OpenAI, Anthropic, Google, Sentry, and AWS — are independently SOC 2 Type II certified. See our subprocessors page for the full list of third parties that process data on our behalf.
How does Rankability protect my data?
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM for OAuth tokens, SHA-256 hashing for API keys). We use organization-scoped multi-tenant isolation with session-derived access control, audit logging with 7-year retention, and a defined incident response process with severity levels and escalation procedures.
Security Inquiries
For security inquiries, to request our SOC 2 report, or to report a vulnerability, reach out to our security team. We respond within one business day.
[email protected]