Privacy Policy

Last updated April 23, 2026

Introduction

Rankealo (“Rankealo,” “we,” “us,” or “our”) operates https://rankealo.ai (the “Service”). This Privacy Policy explains what information we collect, how we use it, how we store it, and the rights you have over it.

By using the Service you agree to the practices described in this policy. If you do not agree, do not use the Service.

Table of Contents

  1. Information We Collect
  2. Google User Data
  3. Limited Use Disclosure
  4. How We Use Information
  5. How We Store and Secure Information
  6. Subprocessors and Third Parties
  7. Data Retention and Deletion
  8. Revoking Access and Deleting Your Data
  9. Cookies and Analytics
  10. Your Rights
  11. International Data Transfers
  12. Children
  13. Changes to This Policy
  14. Contact Us

1. Information We Collect

We collect the following categories of information:

Account information

When you register, we collect your email address, name (optional), and authentication identifiers. If you pay for a subscription, our payment processor collects billing details; we store only non-sensitive payment metadata (e.g., subscription status, last four digits of card).

Usage information

We collect information about how you interact with the Service, such as pages viewed, features used, and error logs. This helps us operate, debug, and improve the Service.

Content you submit

Domains, keywords, articles, and other content you enter into Rankealo to generate SEO recommendations, reports, or AI-generated articles.

Google user data

If you choose to connect Google Search Console, we access data through Google APIs. See the dedicated section below.

2. Google User Data

Rankealo offers an optional integration with Google Search Console. This integration uses Google's OAuth 2.0 flow. You are prompted to grant access, and you may revoke access at any time.

Scopes we request

We request exactly one Google OAuth scope:

  • https://www.googleapis.com/auth/webmasters.readonly — read-only access to your Google Search Console data.

We do not request write access, account information (such as your Gmail contents), Drive access, or any other scope.

Data we access

With the webmasters.readonly scope, Rankealo accesses the following data from your Google Search Console account:

  • The list of Search Console properties (websites) you have verified in your Google account.
  • Search analytics data for properties you choose to connect to Rankealo, including: search queries, landing pages, clicks, impressions, click-through rate (CTR), and average position.
  • Aggregated performance metrics for date ranges you select.

How we use this data

We use data from Google Search Console exclusively to provide features you have requested, including:

  • Displaying performance dashboards for your domain inside Rankealo.
  • Generating SEO optimization recommendations (for example, identifying striking-distance keywords, low-CTR pages, content refresh opportunities).
  • Tracking changes in search performance over time.
  • Creating reports that you explicitly generate or export.

We display Google user data only to the authenticated user who granted access. Other Rankealo users and Rankealo staff do not have access to your Google user data, except as described in the Subprocessors section.

3. Limited Use Disclosure

Rankealo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Rankealo affirms that:

  • We do not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not sell Google user data to third parties, including for the purpose of training generalized AI/ML models.
  • We do not transfer Google user data to third parties except as strictly necessary to provide or improve the Service (see Subprocessors), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with appropriate notice to users.
  • We do not allow humans to read Google user data unless (a) we have the user's affirmative consent for specific data, (b) it is necessary for security purposes (such as investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymized and is used for internal operations.

4. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Authenticate your account and prevent fraud or abuse.
  • Process payments and manage subscriptions.
  • Generate SEO analytics, recommendations, and reports you request.
  • Communicate with you about the Service (e.g., transactional emails, support responses).
  • Comply with legal obligations.

We do not sell your personal information. We do not use Google user data for advertising.

5. How We Store and Secure Information

Your data, including Google user data, is stored in a managed PostgreSQL database operated by Supabase. The database enforces row-level security so that each user can only access their own records. Data is encrypted at rest (AES-256) and encrypted in transit (TLS 1.2+).

OAuth refresh tokens for Google Search Console are stored encrypted at rest and are accessible only to the Rankealo backend processes that need them to perform actions on your behalf.

Despite our safeguards, no method of transmission or storage is 100% secure. If we become aware of a breach that affects your personal information, we will notify you as required by applicable law.

6. Subprocessors and Third Parties

We use the following subprocessors to operate the Service. Each has been selected based on their privacy and security commitments:

  • Supabase — database hosting where your account data and cached Google Search Console metrics are stored. Data is encrypted at rest and isolated per-user via row-level security.
  • Vercel — application hosting. Data passes through Vercel in transit over TLS.
  • Google — the source of Google Search Console data when you connect your account.
  • OpenAI, Anthropic — AI providers used to generate SEO recommendations when you explicitly request them. Your raw Google user data is never sent to these providers. Only the specific keywords, page URLs, or prompts you choose to act on are transmitted, and they are not used by these providers to train their general models.

We do not sell, rent, or trade your personal information or Google user data to any third party.

7. Data Retention and Deletion

We retain your account information for as long as your account is active. Usage logs are retained for up to 12 months for debugging and security purposes.

Google user data is retained only while your Google Search Console integration is connected. When you disconnect the integration, or when you delete your Rankealo account, we delete stored Google user data (including cached search analytics and OAuth tokens) within 30 days. Backups containing deleted data are rotated out within 90 days.

8. Revoking Access and Deleting Your Data

You can revoke Rankealo's access to your Google account at any time:

Revoking access immediately stops further data collection. To permanently delete your Rankealo account and all associated data, email contact@rankealo.ai.

9. Cookies and Analytics

We use strictly necessary cookies to keep you signed in and to maintain session state. We may use privacy-respecting analytics (e.g., aggregated page view counts) to understand Service usage. We do not use advertising cookies or cross-site tracking.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • The right to access the personal information we hold about you.
  • The right to correct inaccurate personal information.
  • The right to delete your personal information.
  • The right to restrict or object to processing.
  • The right to data portability.
  • The right to withdraw consent at any time.

To exercise these rights, email contact@rankealo.ai. We will respond within 30 days.

11. International Data Transfers

Rankealo is operated from the United States and uses subprocessors in the United States and the European Union. By using the Service, you consent to your information being transferred to and processed in these jurisdictions, subject to appropriate safeguards such as Standard Contractual Clauses where required.

12. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or in-app notice. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: