Trust, Security & Privacy
This page is maintained by the TradeRank team to answer common security and privacy questions about the TradeRank platform. It describes controls that are currently enabled. It is not an independent certification or third-party audit report.
Account access & authentication
- Email and password sign-in, with Google sign-in available.
- Optional two-factor authentication (TOTP authenticator app) per account.
- Sessions are protected with short-lived access tokens and refresh rotation.
- Password reset is performed via a signed, time-limited email link.
Data handling
- Customer data (profiles, businesses, SEO snapshots, invoices, expenses) is stored in our managed Postgres database and protected by row-level security so users only see data they own or have been granted access to.
- Data is encrypted in transit (TLS) and at rest by our hosting provider.
- Service-role and administrative credentials are held server-side only and never shipped to the browser.
Subprocessors & integrations
TradeRank relies on the following categories of subprocessors:
- Application hosting and database (managed cloud platform).
- Email delivery for transactional and authentication messages.
- Payments (Stripe) — used only when you subscribe or buy add-ons.
- Optional Google Search Console and Google Business Profile connections — only the accounts you explicitly connect, and only the scopes shown at consent.
Cookies & analytics
We use strictly necessary cookies to keep you signed in and product analytics to understand feature usage. We do not sell personal data.
Retention & deletion
You can remove your business data from inside the app. To request full account deletion, contact us using the link below and we will remove your account and associated personal data, subject to legal retention requirements (e.g. invoicing records).
Reporting a security or privacy concern
If you believe you have found a vulnerability or have a privacy question, please reach out via our contact page. Please do not include passwords or sensitive personal data in your message.
This page describes app-owned practices and enabled controls. It is editable content and should not be read as a guarantee of regulatory compliance or as an independent certification.