Privacy Policy

1. Who we are

Ranket (“we”, “us”) is an AI SEO automation platform operated by the entity behind ranket.app. This Privacy Policy explains what personal data we collect about you, how we use it, and the rights you have over it. It applies whenever you visit our website, sign up for an account, or use any part of the service.

2. What we collect

We collect three categories of data:

• Account data: your email address, name (if provided), password hash, billing details, and organisation membership. This is what makes the account work.
• Brand data: every URL, page, sitemap, and brand profile field you connect to Ranket. This includes content we scrape from your public website (titles, headings, body text, images, metadata) and from third-party integrations you authorise (e.g. Google Search Console queries, PostHog events).
• Usage data: information about how you use the app — which pages you visit, which features you click, error logs, and performance metrics. This helps us improve the product and diagnose issues.

3. How we use it

• To provide, secure, and improve the service.
• To generate the keyword research, articles, images, and backlinks that you sign up for.
• To send transactional emails (billing receipts, security alerts, critical product notifications).
• To send occasional product updates and tips. You can unsubscribe at any time.
• To comply with legal obligations.

We do not sell your personal data. We do not use your brand content, generated articles, or scraped pages to train AI models — yours or anyone else's.

4. Sub-processors

Ranket is built on a stack of vendors that process data on our behalf under contract. The full list as of May 15, 2026:

• Supabase — Postgres database, authentication, file storage. Hosts your account data and brand content.
• Cloudflare — edge runtime, DNS, CDN, queues. Powers the API and serves the app.
• Anthropic (Claude) — language model used for keyword relevance scoring, brand profiling, strategy, briefs, drafts, polish.
• OpenAI — embeddings model used for backlink semantic matching.
• DataForSEO — keyword research, SERP data, search volume, keyword difficulty.
• Fal — generative image model for article hero and inline images.
• Stripe — billing and subscription management.
• Google — OAuth and Search Console API for the GSC integration you optionally authorise.
• PostHog — product analytics and the optional integration that imports your blog traffic into the dashboard.
• Resend (or equivalent) — transactional email delivery.

Each sub-processor is bound by their own privacy and security commitments. We review the list quarterly and update it here when it changes. Material changes to the sub-processor list are notified by email in advance.

5. Cookies and tracking

Our marketing site (ranket.app) and the app (app.ranket.app) use a small number of first-party cookies for session management, CSRF protection, and basic analytics. We do not run third-party advertising cookies. We do not share visitor data with ad networks. You can disable cookies in your browser; the app will continue to work, though some features (notably staying logged in) require them.

6. Data retention

• Active accounts: we keep your data for as long as your account is active.
• Closed accounts: data is deleted within 30 days of account closure, except for records we're legally required to keep (e.g. invoices, anti-fraud logs) for up to 7 years.
• Generated articles: stay in your account until you delete them. If you publish them to your CMS, the published copy is governed by your CMS's retention policy.
• Backups: rolling backups are retained for 30 days for disaster recovery purposes.

7. Your rights

Depending on where you live (GDPR for EEA/UK, CCPA for California, LGPD for Brazil, and similar laws elsewhere), you may have the right to:

• Request a copy of your personal data.
• Correct inaccurate data.
• Delete your data (subject to legal retention obligations).
• Restrict or object to certain processing.
• Withdraw consent for marketing emails at any time.
• Lodge a complaint with your local data protection authority if you believe we've mishandled your data.

To exercise any of these rights, email hello@ranket.app from the address associated with your account. We respond within 30 days.

8. International data transfers

Our infrastructure is global. Data may be processed in the United States, the European Union, and other jurisdictions where our sub-processors operate. We rely on Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable to safeguard cross-border transfers.

9. Children

Ranket is a B2B SaaS product. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we'll delete it.

10. Security

We follow industry-standard security practices: encrypted transit (TLS everywhere), encrypted storage of sensitive fields (refresh tokens, secrets), principle-of-least-privilege access controls, audit logs, and regular dependency reviews. No system is perfectly secure, but we work hard to avoid the obvious failures. If you believe you've found a vulnerability, please email hello@ranket.app — we treat security reports as a priority.

11. Changes to this policy

We'll update this page when our data practices change. Material changes — new categories of data, new purposes, new sub-processors that affect data location or access — are notified by email at least 14 days before they take effect. Non-material changes (clarifications, typos) are reflected immediately.

12. Contact

Questions, requests, or complaints about how we handle your data: hello@ranket.app.