Back to Documentation
Security & Privacy

Compliance

GDPR, SOC 2, and other regulatory certifications

12 min read
Guide

Compliance Overview

SearchRank AI maintains compliance with major regulatory frameworks and industry standards. Our compliance program ensures your data is handled according to strict legal and security requirements.

GDPR Compliance

What is GDPR?

The General Data Protection Regulation is the EU's comprehensive data protection law that sets strict requirements for how personal data must be collected, processed, and protected.

Our GDPR Commitments

  • Lawful Basis: We process data based on legitimate interests or consent
  • Data Minimization: We collect only necessary information
  • Purpose Limitation: Data used only for stated purposes
  • Storage Limitation: Data kept only as long as needed
  • Integrity & Confidentiality: Strong security measures in place

Data Subject Rights

We support all GDPR-mandated rights:

  • Right to access your data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object

Data Processing Agreement (DPA)

Available for enterprise customers:

  • Defines roles (controller vs processor)
  • Specifies processing terms
  • Includes standard contractual clauses
  • Ensures GDPR-compliant data transfers

SOC 2 Compliance

What is SOC 2?

Service Organization Control 2 is an auditing framework that validates a company's information security practices based on five trust service criteria.

Trust Service Criteria

Security

  • Protection against unauthorized access
  • System components protected
  • Logical and physical access controls

Availability

  • System available for operation as committed
  • 99.9% uptime SLA
  • Redundancy and failover systems

Processing Integrity

  • Data processed accurately and completely
  • Error handling and monitoring
  • Quality assurance procedures

Confidentiality

  • Data protected from unauthorized disclosure
  • Encryption at rest and in transit
  • Access controls and monitoring

Privacy

  • Personal data collected and used appropriately
  • Privacy policy adherence
  • Data subject rights supported

SOC 2 Type II Report

Our annual audit covers:

  • 12-month operational period
  • Third-party auditor review
  • Controls testing and validation
  • Report available to customers under NDA

ISO 27001

Information Security Management

Our practices align with ISO 27001 standards:

  • Risk management framework
  • Security controls implementation
  • Continuous improvement cycle
  • Regular internal audits

Key Controls

  • Information security policies
  • Asset management
  • Access control
  • Cryptography
  • Operations security
  • Communications security

CCPA Compliance

California Consumer Privacy Act

For California residents, we provide:

  • Right to know what data is collected
  • Right to delete personal information
  • Right to opt-out of data sales (we don't sell data)
  • Right to non-discrimination

CCPA Categories

Categories of data we collect:
- Identifiers (email, name)
- Commercial information (subscription data)
- Internet activity (usage logs)
- Professional information (company name)

Categories we DON'T collect:
- Biometric information
- Geolocation data
- Sensory information
- Protected classifications

Industry-Specific Compliance

PCI DSS

Payment Card Industry Data Security Standard:

  • Payment processing through PCI-compliant provider (Stripe)
  • No storage of full card numbers
  • Secure payment environment

HIPAA

Health Insurance Portability and Accountability Act:

  • Not designed for PHI storage
  • Not a covered entity or business associate
  • Enterprise agreements available for specific needs

Compliance Documentation

Available Documents

  • SOC 2 Report: Available under NDA to customers
  • Data Processing Agreement: Standard DPA for GDPR
  • Privacy Policy: Publicly available on website
  • Security Whitepaper: Detailed security practices
  • Subprocessor List: Third-party providers we use

Requesting Documents

  1. Contact [email protected]
  2. Specify documents needed
  3. Sign NDA if required
  4. Receive documents within 5 business days

Audit Support

For customers undergoing their own audits:

  • Provide compliance documentation
  • Support auditor inquiries
  • Demonstrate security controls
  • Share relevant certifications

Regulatory Updates

We stay current with evolving regulations:

  • Monitor regulatory changes globally
  • Update practices as requirements evolve
  • Communicate changes to customers
  • Engage legal and compliance experts

Vendor Risk Management

We carefully vet our service providers:

  • Security assessments before engagement
  • Contractual security requirements
  • Regular compliance reviews
  • Data processing agreements in place

Compliance Contacts

General Compliance: [email protected]
Data Protection Officer: [email protected]
Security Team: [email protected]
Legal Inquiries: [email protected]

Your Compliance Responsibilities

When using SearchRank AI:

  1. Ensure you have rights to monitor brands
  2. Comply with your own regulatory requirements
  3. Protect access credentials
  4. Report security concerns promptly

Understand how long we keep your data in Data Retention.

Ready to get started?

Put this knowledge into practice with SearchRank AI.