Rankley
Demo

Security

Last updated: July 15, 2025

1. Our Commitment to Security

At Rankley, protecting your data is a top priority. We design our platform with security in mind and follow industry best practices to safeguard information entrusted to us by agencies and businesses.

This page provides an overview of our security practices. For details on how we collect and process personal data, please see our Privacy Policy.

2. Platform Architecture & Hosting

Rankley is built using modern, cloud-based infrastructure designed for reliability and security.

Key components include:

  • Application hosting: Vercel
  • Authentication & database: Supabase
  • Payments: Stripe
  • Cloud infrastructure: Reputable cloud service providers with industry-standard security certifications

We rely on these providers’ secure-by-default configurations and compliance programs to strengthen our overall security posture.

3. Data Encryption

We use encryption to protect data:

  • In transit: All data is transmitted using TLS 1.2 or higher
  • At rest: Data is encrypted at rest where supported by our infrastructure providers

Sensitive credentials (such as passwords) are never stored in plain text.

4. Access Controls & Authentication

We implement strict access controls to limit data exposure:

  • Role-based access controls (RBAC) within Rankley
  • Least-privilege principles for internal access
  • Secure authentication via Supabase
  • Optional multi-factor authentication (2FA) where available

Account access is logged and monitored to detect suspicious activity.

5. Application Security Practices

Rankley follows secure development practices, including:

  • Regular dependency updates and security patching
  • Environment variable management for secrets
  • Input validation and access control enforcement
  • Monitoring for abuse, excessive usage, or unauthorized access

We periodically review our systems to identify and address potential vulnerabilities.

6. Third-Party Security

We carefully select third-party service providers that meet strong security standards.

Examples include:

  • Stripe: PCI-DSS compliant payment processing
  • Supabase: Secure authentication and database services
  • Google APIs: Access governed by OAuth scopes and Google API policies

Each provider maintains its own security and compliance programs. We recommend reviewing their security documentation for more information.

7. Google API Data Protection

When you connect Google services (such as Google Analytics, Search Console, or Google Business Profile):

  • Access is granted only with your explicit consent
  • We request only the minimum OAuth scopes required
  • Data is used solely to provide the requested features
  • You may revoke access at any time from within Rankley or your Google Account

Rankley complies with the Google API Services User Data Policy, including Limited Use requirements.

8. Data Retention & Deletion

We retain data only as long as necessary to provide the Services, meet legal obligations, and support legitimate business purposes.

  • You may request deletion of your account and data
  • Integration data (such as Google API data) is deleted or anonymized after disconnect, subject to legal requirements
  • Backups are retained for a limited period in accordance with disaster recovery practices

Details are available in our Privacy Policy.

9. Incident Response

We maintain procedures to respond to security incidents, including:

  • Investigation and containment of potential threats
  • Remediation of identified vulnerabilities
  • Notification where required by applicable law

While no system can guarantee absolute security, we take reasonable and appropriate measures to reduce risk.

10. Your Role in Security

You play an important role in keeping your account secure:

  • Use strong, unique passwords
  • Enable two-factor authentication where available
  • Keep your login credentials confidential
  • Promptly report suspicious activity or potential vulnerabilities

11. Responsible Disclosure

If you believe you have discovered a security vulnerability, we encourage responsible disclosure.

Please report security issues to:

Email: security@rankley.com
(or legal@rankley.com if security@ is not monitored)

We appreciate responsible reports and will review them promptly.

12. Updates to This Page

We may update this Security page as our platform evolves.

The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact

If you have questions about our security practices, contact us at:

Email: security@rankley.com

Rankley, Inc.
800 N King Street Suite 304 #2230
Wilmington, DE 19801
United States