1. Security program
Ranx maintains commercially reasonable administrative, technical, and physical safeguards designed to protect Customer Data and service operations. Our controls are risk-based and evolve as the product, customer base, and regulatory expectations change.
2. Data protection
- Encryption in transit using HTTPS/TLS where supported.
- Encryption at rest through managed cloud database, storage, and infrastructure services where supported.
- Separation between production, development, and testing environments where appropriate.
- Backup and recovery practices designed to support service continuity.
- Data retention and deletion workflows tied to customer instructions, agreements, and legal obligations.
3. Access controls
- Role-based access controls in customer workspaces.
- Administrative access limited to authorized personnel with a business need.
- Authentication and session controls appropriate to the service surface.
- Audit and diagnostic logs used to monitor access, changes, and security events.
4. Application safeguards
Ranx includes product safeguards such as respondent aggregation, configurable confidentiality thresholds, publication controls, consent capture, and administrative review surfaces. These safeguards reduce privacy and misuse risk but do not remove the customer's obligation to use Ranx lawfully and responsibly.
5. Operational security
- Security and availability monitoring for production services.
- Dependency, infrastructure, and configuration review as part of ongoing maintenance.
- Least-privilege access practices for systems that process Customer Data.
- Vendor and subprocessor review proportional to the sensitivity of the processing.
6. Incident response
Ranx maintains procedures for identifying, investigating, responding to, and notifying affected customers of security incidents as required by law and applicable agreements.
7. Customer responsibilities
Customers are responsible for managing authorized users, source-system permissions, exported data, internal notices and consents, appropriate human review, and lawful use of survey outputs.
8. Report a security issue
Report suspected vulnerabilities or security incidents to security@ranx.app. Please include enough detail to reproduce or assess the issue and avoid accessing or disclosing data that does not belong to you.
