Security and Privacy at Rally

SOC 2 Type II
Rally is SOC 2 Type II certified, demonstrating we have the appropriate controls in place to mitigate risks related to security, privacy, confidentiality, availability, and processing integrity.
To request a copy of our SOC 2 Type II report, email us at security@rallyuxr.com

GDPR + CCPA Compliant
Rally is GDPR and CCPA compliant and is committed to helping our customers comply with GDPR and CCPA for their research. We enable our customers to fulfill all the data subject rights requirements under the GDPR.
- Consent and Opt Out — Rally enables consent forms as part of the research recruitment process. We also provide unsubscribe and opt-out links for participants to remove themselves from panels or studies.
- Right to be forgotten — Rally is committed to supporting user’s right to be forgotten. When removing user data within Rally, we ensure all data is removed from our system and our sub-processors. Users can request data deletion directly from Rally by emailing privacy@rallyuxr.com.
- Data Portability — Within Rally, you can view all data associated with your user. For an export of this data, you can email privacy@rallyuxr.com.
- We never sell any data — Rally is focused on improving your research process, not selling your data. We will never sell any data.
Rally has a DPA for our customers in the EEA. Contact privacy@rallyuxr.com to receive a copy.
Rally takes security and privacy very seriously. If you discover vulnerabilities within the Rally platform or would like to participate in the bug bounty program, contact bugbounty@rallyuxr.com. Awards will be distributed based on severity.