WE ARE HIRING FOR LIA/PRAKTIK RIGHT NOW - READ MORE
    Home/Security

    Security & Data Protection

    Last updated: October 20, 2025

    At Rankad.ai, we take security seriously. This page outlines the measures we implement to protect your data and our service.

    Our Security Commitment

    Rankad AB (org. nr. 559551-8738) implements industry-standard security measures to protect your data from unauthorized access, disclosure, alteration, and destruction in compliance with GDPR and Swedish data protection laws.

    Important Disclaimer: While we implement industry-standard security measures and follow best practices, no system is 100% secure. We cannot guarantee absolute security or zero data breaches. However, we continuously work to improve our security posture, conduct regular audits, and respond quickly to any incidents. We maintain appropriate technical and organizational measures as required by GDPR Article 32.

    Data Encryption

    Encryption in Transit

    • HTTPS/TLS: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (Transport Layer Security)
    • Certificate: Valid SSL/TLS certificates from trusted certificate authorities
    • API Communication: All API calls use encrypted HTTPS connections

    Encryption at Rest

    • Database Encryption: Customer data is encrypted in our databases using AES-256 encryption
    • File Storage: Uploaded files and documents are encrypted at rest
    • Backup Encryption: All backups are encrypted before storage

    Access Controls

    • Authentication: Secure password-based authentication with bcrypt hashing
    • Session Management: Secure session tokens with automatic expiration
    • Role-Based Access: Internal team members have role-based access controls (least privilege principle)
    • Multi-Factor Authentication (MFA): Available for account holders (recommended)
    • Password Requirements: Strong password policies (minimum length, complexity)
    • Account Lockout: Automatic lockout after repeated failed login attempts

    Infrastructure Security

    Hosting & Network

    • EU Data Centers: Data stored in secure EU-based data centers (GDPR compliant)
    • Firewalls: Network-level firewalls to filter and monitor traffic
    • DDoS Protection: Distributed denial-of-service attack mitigation
    • Intrusion Detection: Monitoring systems for suspicious activity

    Application Security

    • Secure Coding: Following OWASP Top 10 security best practices
    • Input Validation: All user inputs are validated and sanitized
    • SQL Injection Prevention: Parameterized queries and ORM usage
    • XSS Protection: Content Security Policy (CSP) and output encoding
    • CSRF Protection: Anti-CSRF tokens on all forms

    Security Audits & Testing

    • Regular Security Audits: Periodic internal security reviews
    • Vulnerability Scanning: Automated scanning for known vulnerabilities
    • Penetration Testing: Periodic third-party security assessments
    • Code Reviews: Security-focused code reviews before deployment
    • Dependency Management: Regular updates of libraries and dependencies

    C5 Framework Compliance

    As mentioned on our investors page, Rankad.ai follows the Cloud Computing Compliance Criteria Catalogue (C5) framework established by the German Federal Office for Information Security (BSI).

    C5 covers:

    • Organization of information security
    • Physical security
    • Human resources security
    • Asset management
    • Access control
    • Cryptography
    • Operations security
    • Communications security
    • Incident management
    • Business continuity
    • Compliance with legal requirements

    Data Backup & Recovery

    • Automated Backups: Daily automated backups of all customer data
    • Encrypted Backups: All backups are encrypted before storage
    • Geo-Redundancy: Backups stored in multiple geographic locations
    • Retention: Backups retained for 30 days (rolling window)
    • Disaster Recovery: Tested disaster recovery procedures to restore service

    Security Incident Response

    If a security incident occurs:

    1. Detection: Security monitoring systems alert us to potential incidents
    2. Assessment: We immediately assess the scope, severity, and impact
    3. Containment: We take steps to contain and stop the incident
    4. Notification:
      • Authorities notified within 72 hours (GDPR requirement)
      • Affected users notified promptly if personal data is compromised
    5. Remediation: We fix vulnerabilities and strengthen security
    6. Post-Incident Review: We analyze the incident and improve our processes

    Employee Access & Training

    • Background Checks: All employees undergo background checks
    • Security Training: Regular security awareness training for all staff
    • Least Privilege: Employees only have access to data necessary for their role
    • Access Logging: All employee access to customer data is logged
    • NDA & Confidentiality: All employees sign non-disclosure agreements
    • Offboarding: Access is immediately revoked when employees leave

    Third-Party Service Security

    We carefully vet all third-party services and processors:

    • Due Diligence: Security and privacy assessments before integration
    • Data Processing Agreements: GDPR-compliant DPAs with all processors
    • Regular Reviews: Ongoing monitoring of third-party security practices
    • Minimal Data Sharing: Only share data necessary for service delivery

    See our Privacy Policy for a list of third-party services we use.

    Your Security Responsibilities

    Help us keep your account secure:

    • Strong Passwords: Use unique, complex passwords (minimum 12 characters)
    • Password Manager: Consider using a password manager
    • Enable MFA: Enable multi-factor authentication on your account
    • Don't Share Credentials: Never share your password or account access
    • Secure Devices: Keep your devices updated and protected with antivirus
    • Public Wi-Fi: Avoid accessing sensitive data on public Wi-Fi
    • Phishing Awareness: Be wary of emails claiming to be from Rankad.ai - verify sender
    • Report Suspicious Activity: Contact us immediately if you notice anything unusual

    Reporting Security Vulnerabilities

    Found a security vulnerability? We appreciate responsible disclosure.

    How to report:

    • Email kontakt@rankad.ai with subject "Security Vulnerability"
    • Provide detailed description of the vulnerability
    • Include steps to reproduce (if applicable)
    • Allow us reasonable time to investigate and fix before public disclosure

    We commit to:

    • Acknowledge your report within 48 hours
    • Investigate and respond promptly
    • Keep you informed of our progress
    • Credit you (if desired) when the issue is resolved

    Security Updates

    This security page is updated regularly to reflect changes in our security practices. For questions about our security measures, contact kontakt@rankad.ai.

    Important Legal Disclaimer

    No Guarantee of Results: Rankad AB provides AI visibility optimization tools and services on an "as-is" and "as-available" basis. We make no guarantees, warranties, or representations regarding:

    • Specific improvements in search engine rankings, AI engine visibility, or website traffic
    • Achievement of specific business outcomes, revenue increases, or ROI
    • Compatibility with all third-party AI engines, search platforms, or technologies
    • Uninterrupted, error-free, or secure operation of our services
    • Accuracy, reliability, or completeness of any data, analytics, or recommendations provided

    External Factors: AI engines, search algorithms, and ranking factors are controlled by third parties (e.g., Google, OpenAI, Perplexity) and change frequently without notice. Rankad AB has no control over these external systems and cannot be held liable for changes, updates, or decisions made by these platforms.

    User Responsibility: Results depend on numerous factors including your content quality, website technical health, competitive landscape, industry dynamics, and proper implementation of our recommendations. You are solely responsible for your use of our services and any decisions made based on our tools, data, or guidance.

    Limitation of Liability: To the maximum extent permitted by Swedish law (Produktansvarslagen, Konsumentköplagen), Rankad AB and its directors, employees, and partners shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including lost profits, lost revenue, lost data, or business interruption, arising from your use of our services, even if advised of the possibility of such damages. Our total liability shall not exceed the amount you paid us in the 12 months preceding the claim.

    Security Questions or Concerns?

    If you have questions about our security practices or want to report a security issue, contact us.

    kontakt@rankad.ai