Privacy Policy

1. Introduction

Rankmint Inc. ("Rankmint," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, store, share, and protect information when you use the Rankmint platform, website, and related services (collectively, the "Services").

This policy applies to all users of the Services, including account holders, workspace members, client viewers, and visitors to our website. We encourage you to read this policy carefully and contact us with any questions.

2. Information We Collect

We collect information in several categories to provide and improve our Services:

Account Information. When you register, we collect your name, email address, password (hashed), organization name, and billing information. If you authenticate via third-party providers (Google, GitHub), we receive your name, email, and profile picture from those services.

Site and Crawl Data. When you add websites to Rankmint, we process domain information, crawled page data (URLs, HTML content, metadata, schema markup, link structures), and integration data from connected services such as Google Search Console and Google Analytics 4.

Usage Analytics. We collect information about how you interact with the Services, including pages visited, features used, actions taken, session duration, device type, browser type, IP address, and referring URLs.

Communication Data. When you contact support, submit feedback, or participate in surveys, we collect the content of your communications along with associated metadata.

Payment Data. Payment processing is handled by Stripe. We do not store full credit card numbers on our servers. We receive and store transaction identifiers, billing addresses, invoice details, and subscription status from Stripe.

3. How We Use Your Information

We use collected information for the following purposes:

• To provide, maintain, and improve the Services
• To process crawls, audits, and generate SEO and GEO analysis
• To power AI-generated recommendations and content suggestions
• To manage your account, subscription, and billing
• To send transactional communications (account confirmations, billing receipts, security alerts)
• To provide customer support and respond to inquiries
• To monitor platform performance, detect anomalies, and ensure security
• To enforce our Terms of Service and prevent abuse
• To comply with legal obligations
• To send product updates and marketing communications (with your consent, where required)

4. Legal Basis for Processing

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Contractual necessity: Processing required to provide the Services you have subscribed to, including account management, crawling, auditing, and reporting.
• Legitimate interests: Processing for purposes such as improving our Services, ensuring platform security, preventing fraud, and conducting internal analytics, where such interests are not overridden by your rights.
• Consent: Processing based on your explicit consent, such as marketing communications and optional analytics cookies. You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings.

5. Data Sharing and Third Parties

We do not sell your personal data. We share information with third parties only in the following circumstances:

Service Providers. We use trusted third-party services to operate the platform, including:

• Supabase for database hosting, authentication, and file storage
• Stripe for payment processing and subscription management
• Vercel for web application hosting
• Upstash for caching and queue management
• AI model providers for powering AI-generated recommendations and content analysis
• Email service providers for transactional and marketing emails
• Analytics providers for understanding platform usage and performance

Legal Requirements. We may disclose information if required by law, subpoena, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.

6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. When transferring data from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Services. Specific retention periods include:

• Account data: Retained for the duration of your account, plus 30 days following deletion request
• Crawl and audit data: Retained according to your plan's data retention settings, typically 12 months for historical comparison
• Billing records: Retained for 7 years to comply with tax and accounting obligations
• Activity logs: Retained for 90 days for security and debugging purposes
• Support communications: Retained for 3 years after resolution

Enterprise plan customers may negotiate custom data retention periods to meet their compliance requirements.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations
• Right to data portability: Request your data in a structured, machine-readable format
• Right to restrict processing: Request limitation of processing in certain circumstances
• Right to object: Object to processing based on legitimate interests, including direct marketing
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

For users in California, the CCPA grants additional rights, including the right to know what personal information is collected and the right to opt out of the sale of personal information. Rankmint does not sell personal information.

To exercise any of these rights, contact us at privacy@rankmint.com. We will respond to verified requests within 30 days.

9. Cookie Usage

We use cookies and similar tracking technologies to operate and improve the Services. For detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

10. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at privacy@rankmint.com.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest
• Secure authentication with support for multi-factor authentication
• Role-based access controls and scoped API keys
• Regular security assessments and vulnerability monitoring
• Audit logging of administrative actions and data access
• Secrets isolation and secure credential management

While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated via email or a prominent notice within the Services at least 30 days before they take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

If you are located in the EEA and believe that our processing of your personal data infringes your rights under the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.