Security and Privacy at Rally
SOC 2 Type II
Rally is SOC 2 Type II certified, demonstrating we have the appropriate controls in place to mitigate risks related to security, privacy, confidentiality, availability, and processing integrity.
To request a copy of our SOC 2 Type II report, email us at [email protected]
GDPR + CCPA Compliant
Rally is GDPR and CCPA compliant and is committed to helping our customers comply with GDPR and CCPA for their research. We enable our customers to fulfill all the data subject rights requirements under the GDPR.
- Consent and Opt Out — Rally enables consent forms as part of the research recruitment process. We also provide unsubscribe and opt-out links for participants to remove themselves from panels or studies.
- Right to be forgotten — Rally is committed to supporting user’s right to be forgotten. When removing user data within Rally, we ensure all data is removed from our system and our sub-processors. Users can request data deletion directly from Rally by emailing [email protected].
- Data Portability — Within Rally, you can view all data associated with your user. For an export of this data, you can email [email protected].
- We never sell any data — Rally is focused on improving your research process, not selling your data. We will never sell any data.
Rally has a DPA for our customers in the EEA. Contact [email protected] to receive a copy.
Rally takes security and privacy very seriously. If you discover vulnerabilities within the Rally platform or would like to participate in the bug bounty program, contact [email protected]. Awards will be distributed based on severity.