Privacy Policy

RankPin is the data controller for the personal data described in this policy. That means we decide why and how your personal data is processed. If you have any questions about this policy or want to exercise your rights, you can reach our privacy team at privacy@rankpin.app.

We collect the following categories of personal data:

• Audit inputs. The business name, city or location, and search keyword you enter to run a free geo-grid audit. A business name can be personal data when it identifies a sole trader.
• Contact details. The email address you provide to receive your audit report or to create an account.
• Account and billing data. For paid plans, your name, billing address, plan tier, and the partial card or payment metadata returned by our payment provider. We never see or store full card numbers.
• Google Business Profile data. If you choose to connect your Google Business Profile through OAuth, we access the profile information, reviews, posts, and insights needed to generate review replies, weekly posts, and your monthly action plan. We only request the minimum scopes required and we act on your behalf based on the permission you grant.
• Technical and usage data. Information your browser sends automatically, such as IP address, device and browser type, pages viewed, and timestamps. This is used to keep the service secure and working.
• Cookies and similar technologies. See our Cookie Policy for details on essential and analytics cookies.

We do not intentionally collect special categories of data (such as health, biometric, or political data) and we ask that you do not submit such data through audit fields.

We use personal data for these purposes:

• To run your geo-grid audit and generate your rank heatmap and report.
• To deliver the report to the email address you provide and to follow up about the service.
• To provide paid features, including AI-generated review replies, weekly Google Business Profile posts, and your monthly action plan.
• To manage your account, process payments, and provide support.
• To keep the service secure, prevent abuse and fraud, and debug problems.
• To measure and improve how the service is used, where you have consented to analytics.
• To send service messages and, where permitted, occasional product updates that you can opt out of at any time.
• To comply with our legal and tax obligations.

Under the GDPR, we rely on the following legal bases to process your data:

• Performance of a contract. To provide the audit you requested, to deliver paid features, and to manage your subscription.
• Consent. For analytics cookies, for connecting your Google Business Profile, and for optional marketing emails. You can withdraw consent at any time without affecting processing that already took place.
• Legitimate interests. To secure and improve the service, to prevent fraud and abuse, and to send service-related communications. We balance these interests against your rights and only proceed where your interests do not override ours.
• Legal obligation. To keep accounting records and respond to lawful requests.

For California residents, we do not sell or share your personal data for cross-context behavioral advertising, and we do not use sensitive personal information for purposes beyond providing the service.

We do not sell your personal data. We share it only with the service providers (subprocessors) that help us run RankPin, each bound by a data processing agreement and obliged to process data only on our instructions. Our current subprocessors are:

Resend and Polar are introduced as we roll out email delivery and paid plans. We do not send the content you submit to AI providers for them to train their own models. We may also disclose data where required by law, to protect our rights, or in connection with a merger or acquisition, in which case we will notify you.

Because RankPin is operated from the EU and several of our subprocessors are based in the United States, your personal data may be transferred outside your country, including to the United States. Where we transfer personal data out of the European Economic Area, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses, and where applicable the EU-US Data Privacy Framework, together with supplementary measures. You can request a copy of the relevant safeguards by emailing privacy@rankpin.app.

We keep personal data only for as long as we need it for the purposes described above:

• Audit inputs and one-off reports for leads: up to 24 months from your last activity, then deleted or anonymized.
• Account and Google Business Profile data: for the life of your account and up to 90 days after you close it, unless a longer period is required.
• Billing and tax records: up to the period required by Belgian and EU law, typically 7 years.
• Security and server logs: a short rolling window, typically up to 90 days.

Depending on where you live, you have some or all of the following rights over your personal data:

• Access. Ask for a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"). Ask us to delete your data where there is no overriding reason to keep it.
• Restriction and objection. Ask us to pause processing or object to processing based on legitimate interests or for direct marketing.
• Portability. Receive the data you provided in a structured, commonly used, machine-readable format, and ask us to transmit it to another provider where technically feasible.
• Withdraw consent. Withdraw any consent you gave, at any time.
• Non-discrimination (California). We will not deny service, charge a different price, or provide a different quality of service because you exercised your rights.

To exercise any of these rights, email privacy@rankpin.app from the address associated with your request. We may ask for information to verify your identity before we act. We will respond within the timeframes required by law, generally within 30 days for GDPR requests and 45 days for CCPA requests, and we will let you know if we need more time. You can use an authorized agent where the law allows. If you are in the EU and are not satisfied with our response, you may lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) or your local supervisory authority.

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and least-privilege access for our team and subprocessors. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you and the relevant authorities of any breach as required by law.

RankPin is a business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top and, where appropriate, notify you. Your continued use of RankPin after an update means you accept the revised policy.

For any privacy question or request, email privacy@rankpin.app. You can also review our Terms of Service and Cookie Policy.