Security and Privacy at Rally

Securing your customer’s data is core to Rally’s DNA and has been our top priority from day one. Check out all the security and privacy measures that we’ve put in place to protect your data and keep your research process compliant.
Backed by

SOC 2 Type II

Rally is SOC 2 Type II certified, demonstrating we have the appropriate controls in place to mitigate risks related to security, privacy, confidentiality, availability, and processing integrity.

To request a copy of our SOC 2 Type II report, email us at

GDPR + CCPA Compliant

Rally is GDPR and CCPA compliant and is committed to helping our customers comply with GDPR and CCPA for their research. We enable our customers to fulfill all the data subject rights requirements under the GDPR.

  • Consent and Opt Out — Rally enables consent forms as part of the research recruitment process. We also provide unsubscribe and opt-out links for participants to remove themselves from panels or studies.
  • Right to be forgotten — Rally is committed to supporting user’s right to be forgotten. When removing user data within Rally, we ensure all data is removed from our system and our sub-processors. Users can request data deletion directly from Rally by emailing
  • Data Portability — Within Rally, you can view all data associated with your user. For an export of this data, you can email
  • We never sell any data — Rally is focused on improving your research process, not selling your data. We will never sell any data.

Rally has a DPA for our customers in the EEA. Contact to receive a copy.

Read more about commitments to GDPR and CCPA .

Security features
Bug Bounty Program

Rally takes security and privacy very seriously. If you discover vulnerabilities within the Rally platform or would like to participate in the bug bounty program, contact Awards will be distributed based on severity.

Ready to ditch the spreadsheet?