SOC 2 Type II
Rally is SOC 2 Type II certified, demonstrating we have the appropriate controls in place to mitigate risks related to security, privacy, confidentiality, availability, and processing integrity.
To request a copy of our SOC 2 Type II report, email us at firstname.lastname@example.org.
GDPR + CCPA Compliant
Rally is GDPR and CCPA compliant and is committed to helping our customers comply with GDPR and CCPA for their research. We enable our customers to fulfill all the data subject rights requirements under the GDPR.
Consent and Opt-Out
Rally enables consent forms as part of the research recruitment process. We also provide unsubscribe and opt-out links for participants to remove themselves from panels or studies.
Right to be forgotten
Rally is committed to supporting users’ right to be forgotten. When removing user data within Rally, we ensure all data is removed from our system and our sub-processors. Users can request data deletion directly from Rally by emailing email@example.com.
Within Rally, you can view all data associated with your user. For an export of this data, you can email firstname.lastname@example.org.
We never sell any data
Rally is focused on improving your research process, not selling your data. We will never sell any data.
Recurring penetration testing
Rally uses a third-party to perform annual penetration tests to ensure there are no vulnerabilities in our application. To request a copy of our annual pentest, email email@example.com.
Data encryption at rest
All databases and backups are encrypted at rest with AES-256, block-level storage encryption.
Secure development process
Following OWASP Top 10 security risks.
Rally uses passwordless login for greater security and convenience for all our users. This means Rally will never store passwords.
Audit trail and logging
All access to user data is logged, whether by your own team members or Rally employees.
Data Networking & Security
Rally uses top-tier cloud service providers to run all of our core infrastructure and databases. All of Rally's data stored in data centers are SOC 1, SOC 2, SOC 3, and ISO 27001 certified.
Monitoring & alerting
We’ve configured monitoring and alerting to detect for anomalies in our network and help detect against any potential threats.
Rally uses AWS's continuous backup system to let us restore our databases back to any point within the past 7 days.
Data encrypted in transit
All data in-transit is secured using SSL/TLS 1.2+ only. Rally uses HTTPS for our web app to protect sensitive data transmitted to and from our application.
Rally requires all new employees to complete security awareness training within the first thirty days of hire.
Employee background checks
Rally verifies that all new employees have a background check on file before their first day of work.