Muck Rack is designed to facilitate the important relationship between journalists and public relations professionals. We aggregate data that promotes more thoughtful research about news and encourages one-to-one outreach between media professionals. Keeping data on Muck Rack safe and secure is the most important thing we do, and it’s fundamental to the nature of our business.
We’ve outlined some information below to help you understand more about how we handle your personal data, the data we provide and your organization’s data. If you have any additional questions, please reach out to us at email@example.com.
An overview of data on Muck Rack
All data available on Muck Rack is handled safely and stored securely. Data may be made available to you depending on if you’re using the platform as a journalist or as a user on a public relations team. We group the data on Muck Rack into three categories:
1. Personal data
Personal data is used to access or enhance your account, like your email address, name or picture.
2. Data provided by Muck Rack
Data provided by Muck Rack is aggregated automatically or manually from publicly available sources and tools.
3. Organization data
Organization data is added to Muck Rack by you or your teammates, like notes, lists of profiles, email interactions or additional contact information for a profile.
About personal data
If you choose to use Muck Rack, you will create an account with your name and email address. You also may choose to include information like a picture of yourself. Any of the data added to your account is considered your personal data. Information you add to your Muck Rack account (e.g. the email address you use to login) is never made available or provided to other Muck Rack users without your explicit permission.
About data provided by Muck Rack
Muck Rack’s technology and team of experts create profiles for people and organizations based on information found from publicly available sources and tools. Profiles for people or organizations may include news articles published, contact information that’s been shared online, social media posts and other data already publicly available on the Internet (similar to what would be found in a search engine like Google).
We strive to provide the most accurate and up-to-date record for each person in our platform, which is why we also encourage journalists to claim their profile and choose which information they’d like Muck Rack to provide or which data they would like hidden or removed.
All data available on a profile that is not provided by Muck Rack is organization data added by you or your teammates.
About organization data
Your organization may be using Muck Rack to access data provided by Muck Rack. You and your teammates using Muck Rack can also add data to profiles that are not provided by Muck Rack and organize data in the features Muck Rack offers (like Media Lists, Reports, Pitches, etc).
When teammates in your organization choose to add and organize data in Muck Rack, it is like adding information to your team’s address book or a spreadsheet. This data may be contact information not provided by Muck Rack, notes and relationship history information related to a profile, email history, lists of profiles, etc.
Organization data is only available and accessible to other teammates in your organization. This data is never shared with Muck Rack users outside of your organization.
How we protect and secure data on Muck Rack
For all of the data stored on Muck Rack, we take many steps to ensure it’s stored safely and securely. We’ve outlined some information about how we protect data below.
We follow best practices
We use a variety of industry-standard security technologies and procedures to help protect personal and public data from unauthorized access, use, or disclosure. We require users to enter passwords to access account information and two-factor authentication is required for every user.
We encrypt data whenever possible
Data encryption is the process of transforming data from a readable format into code. Sensitive data is encrypted at rest with strong, industry standard protocols. All data is encrypted in transit with minimum TLS 1.2. We also use secure protocols (SSL / TLS) across the web, API and SMTP endpoints.
We perform security testing, reviews and implement updates
Our team tests for security vulnerabilities and bugs on a regular basis, and we make any critical upgrades as soon as possible (after they are tested, of course). We also have and continue to partner with industry security experts to help make our security procedures better, and more transparent. We are currently undergoing processes to acquire a SOC2 certification.
We train (and retrain) our employees on new and existing policies
Every Muck Rack employee is committed to data security. We make sure that every new employee is trained to properly handle and access data. We frequently review our policies with industry experts. We also retrain any Muck Rack employee if a policy is changed. We have policies for traveling internationally, accessing data through our VPN, limiting access controls and many more.
We restrict our employees access to data
Muck Rack employees are only given access to data that they need for their job role and function. By default, our employees do not have access to user data. Only employees that need access to user data (e.g. to resolve a customer service request) are given access to that data. Very few employees have access to servers where data is stored. We go to great lengths to ensure the right balance between support and a secure infrastructure.
We have secure, redundant servers, and monitoring
Muck Rack’s primary data and servers are in various locations on the East Coast and West Coast. Muck Rack provides multiple levels of backups and redundancy to ensure uptime and peace of mind. We have redundancy in as many areas as possible to avoid and recover from failure. This includes automatic recovery on physical hardware failures. Our data centers include redundancy across all aspects of potential failure including network transit, routing, and power.
We do not store payment information
Muck Rack does not store or process payments directly. Payments made with a credit card are processed by our partner, Stripe. Details about their security set-up and PCI compliance can be found at Stripe's security page.
Extra steps you can take to protect your data
As an organization, we are committed to providing a secure and stable platform and to providing you tools that can enhance your data security. Here are a few extra tips:
- Enable two-factor authentication in Muck Rack (learn more)
- Use a password manager to generate a strong, random password with more than 8 characters, integers or symbols
- Do not share login credentials, passwords or two-factor codes with anyone (even your teammates!)
Reporting a security issue
If you have discovered a security issue, please report it by emailing us at firstname.lastname@example.org.