Docs/Overview

Security Overview

Security is a core design principle at RankWriting. Here's how your data is protected.

WordPress credentials

RankWriting never stores your WordPress password. The connection flow works as follows:

  1. ·You install the plugin and generate a unique Connect Token in WordPress
  2. ·After token verification, a dedicated API key is generated for your site
  3. ·The API key is stored as a hash in the WordPress database
  4. ·All subsequent operations are authenticated using that key — never a password

API keys

API keys for external services (Anthropic, Pexels, YouTube, etc.) are stored in server-side environment variables. They are never exposed to the frontend or written to the database.

Data in transit

All communication between the client and server is enforced over HTTPS (TLS 1.2+).

Data at rest

User data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enabled, ensuring each user can only access their own data.

Authentication

User identity is managed by Clerk, which supports OAuth 2.0, multi-factor authentication (MFA), and secure session management. RankWriting servers never handle or store user passwords directly.

Content ownership

All articles you generate belong entirely to you. We do not use your content for AI model training or share it with any third party.

See Data Privacy & GDPR for more details.

Back to docsGo to dashboard →