Rankmind

Security Policy

This Security Policy describes Rankmind's security program and technical and organizational security controls to protect customer data from unauthorized use, access, disclosure, or theft.

Security Program

Rankmind maintains a risk-based security assessment program. The framework for Rankmind's security program includes administrative, organizational, and technical safeguards designed to protect Rankmind's services and the confidentiality, integrity, and availability of customer data.

Confidentiality

All Rankmind team members are bound by contractual agreements and Rankmind's internal policies regarding maintaining the confidentiality of customer data and are contractually obligated to comply with these obligations.

People Security

All Rankmind team members must complete security and privacy training which covers Rankmind's security policies, security best practices, and privacy principles.

  • All application passwords must be saved in a password manager
  • Each service must have its unique password
  • Two-factor authentication (2FA) must be enabled when available
  • Physical keys are preferred for 2FA, followed by authenticator apps

Hosting Architecture

Infrastructure

Rankmind's infrastructure is hosted on industry-leading cloud providers with SOC 2 Type II compliance. Our hosting architecture includes:

  • Redundant systems across multiple availability zones
  • Encrypted data at rest and in transit
  • Regular security patches and updates
  • Automated backup systems

Access Controls

Provisioning Access

Access to customer data is granted on a need-to-know basis and follows the principle of least privilege. All access is logged and regularly reviewed.

Password Controls

  • Minimum password length requirements
  • Password complexity requirements
  • Regular password rotation policies
  • Multi-factor authentication for all administrative access

Vulnerability Management

Rankmind maintains an active vulnerability management program that includes:

  • Regular security assessments and penetration testing
  • Automated vulnerability scanning
  • Timely patching of identified vulnerabilities
  • Security code reviews

Data Backups

Customer data is automatically backed up on a regular schedule. Backups are encrypted and stored in geographically distributed locations to ensure data availability and disaster recovery capabilities.

Incident Response

Rankmind maintains an incident response plan to quickly identify, contain, and remediate security incidents. In the event of a data breach affecting customer data, we will notify affected customers in accordance with applicable laws and regulations.

Questions?

If you have questions about our security practices, please contact us at security@rankmind.ai