Privacy Policy

Effective Date: March 2, 2026 · Last Updated: March 2, 2026

1. Introduction & Who We Are

Rankrize ("we," "us," or "our") operates the website rankrize.io and the Rankrize platform (collectively, the "Service"). Rankrize is an AI-powered SEO blog autopublishing software-as-a-service that helps website owners automate keyword research, content creation, and blog publishing.

Rankrize is operated by its individual co-founders and is not currently incorporated as a legal entity. For any questions or concerns regarding this Privacy Policy, you may contact us at rankrizeio@gmail.com.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the choices and rights you have regarding your data. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

We are committed to protecting your privacy and complying with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Where the GDPR applies, the data controller is Rankrize, reachable at rankrizeio@gmail.com.

2. Information We Collect

We collect information that you provide directly, information generated through your use of the Service, and certain information collected automatically. The categories below describe each type in detail.

2.1 Account Information

When you create an account, we collect the following personal data:

Email address — provided during registration (password-based sign-up) or retrieved from your Google account when you authenticate via Google OAuth.
Full name — provided during registration or retrieved from your Google account profile.
Profile image — retrieved from your Google account when you authenticate via Google OAuth. We store the URL to your Google profile picture; we do not download or host the image file itself unless caching is required for display purposes.
Password (hashed) — if you register with an email and password, your password is cryptographically hashed before storage. We never store plaintext passwords.

2.2 Website & Integration Data

To provide the Service, we collect information about the websites you connect:

Website URLs and domain names — the websites you add to Rankrize for SEO analysis and content publishing.
Sitemap data — parsed from your website's XML sitemap to understand your site structure and existing content.
WordPress credentials — if you connect a WordPress site, we collect your WordPress site URL, username or application password. These credentials are encrypted at rest using AES-256-GCM encryption before being stored in our database. Decryption occurs only at the moment of use (e.g., when publishing an article to your site) and the decrypted values are never logged or persisted outside of that transient operation.
Other CMS integration data — API keys or authentication tokens for other content management systems you may connect in the future. All credentials are encrypted using the same AES-256-GCM standard.

2.3 Content Data

As part of delivering the Service, we process and store various forms of content data:

Crawled site content — text, metadata, headings, and structural information extracted from your website pages to build brand understanding and enable contextual content generation.
AI-generated articles — blog posts, drafts, and published articles created by our AI pipeline on your behalf.
Content briefs and outlines — structured plans generated before article drafting, including target keywords, section outlines, and content strategies.
Article versions — immutable version history of each article, including all drafts, revisions, and final published versions.
Quality reports — scores and feedback generated by our quality assessment system for each article version.
Brand profiles — AI-generated summaries of your website's brand voice, target audience, tone, and style preferences derived from crawled content.

2.4 SEO & Keyword Data

We collect and process SEO-related data to power keyword research and content strategy:

Keyword research results — search volume, keyword difficulty, cost-per-click, and competition metrics obtained from SEO data providers.
SERP snapshots — cached search engine results pages, including top-ranking URLs, "People Also Ask" questions, and related queries for target keywords.
Topic clusters — grouped keyword strategies and content plans generated from keyword research data.
Keyword candidates and scoring — scored and prioritized keyword opportunities associated with your site.

2.5 Usage & Telemetry Data

We collect operational data to monitor service quality, manage costs, and improve the platform:

LLM token usage and costs — the number of input and output tokens consumed by AI model calls during content generation, along with associated cost calculations. This data is stored per article and per processing stage.
Job execution logs — records of background processing jobs (e.g., site sync, keyword research, article generation, publishing), including status, duration, and any error messages.
Feature usage patterns — which features you use, how frequently, and in what sequence, to inform product development.

2.6 Device & Log Data

Like most web services, we automatically collect certain technical information when you access the Service:

IP address — used for security, abuse prevention, and approximate geolocation (country/region level).
Browser type and version — to ensure compatibility and troubleshoot issues.
Device type and operating system — desktop, mobile, tablet, and OS information.
Referring URL and pages visited — to understand how users find and navigate the Service.
Timestamps — date and time of access for security auditing and analytics.

2.7 Cookies & Tracking Technologies

We use cookies and similar technologies (such as local storage) to maintain your session, remember your preferences, and improve your experience. We may also use analytics cookies to understand aggregate usage patterns.

Essential cookies — required for authentication and core Service functionality. These cannot be disabled.
Analytics cookies — we plan to use analytics tools (such as Google Analytics) to collect aggregate, anonymized usage data. When implemented, you will be able to opt out of analytics cookies through your browser settings or our cookie preferences.
No marketing or advertising pixels — we do not currently use any marketing pixels, retargeting cookies, or advertising trackers.

For more details, please refer to our Cookie Policy (available separately on the Service when published).

3. How We Use Your Information

We use the information we collect for the following purposes:

Service delivery and operation — to create and manage your account, authenticate your identity, connect your websites, and provide the core functionality of the Service.
Content generation — to analyze your website, understand your brand, and generate SEO-optimized articles tailored to your brand voice, target audience, and keyword strategy.
SEO research and analysis — to perform keyword research, analyze search engine results, identify content opportunities, and build content strategies for your websites.
Publishing and CMS integration — to publish generated content to your connected CMS platforms (e.g., WordPress) on your behalf and at your direction.
Quality assurance — to evaluate generated content against quality rubrics, run quality checks, and improve article output over time.
Billing and payments — to process payments, manage subscriptions, track usage against plan limits, and send billing-related communications (when payment features are active).
Security and fraud prevention — to protect the Service and our users from unauthorized access, abuse, and fraudulent activity.
Service improvement — to analyze usage patterns, identify bugs, optimize performance, and develop new features.
Communication — to send you transactional emails (e.g., account verification, password resets, publishing notifications), service announcements, and, with your consent, product updates.
Legal compliance — to comply with applicable laws, regulations, and legal processes.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR to process your personal data:

Performance of a contract (Article 6(1)(b)) — processing necessary to provide the Service you have requested, including account creation, website analysis, content generation, and publishing. This is the primary legal basis for most of our data processing.
Legitimate interests (Article 6(1)(f)) — processing necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes service improvement, security, fraud prevention, and analytics. We balance our interests against the potential impact on your privacy and apply appropriate safeguards.
Consent (Article 6(1)(a)) — where we rely on your consent, such as for optional analytics cookies or marketing communications. You may withdraw your consent at any time by contacting us at rankrizeio@gmail.com or adjusting your preferences in the Service.
Legal obligation (Article 6(1)(c)) — processing necessary to comply with a legal obligation to which we are subject, such as tax reporting or responding to lawful government requests.

5. How We Share Your Information

We do not sell, rent, or trade your personal data. We share your information only in the limited circumstances described below.

5.1 Third-Party Service Providers

We use trusted third-party providers to operate the Service. These providers process data on our behalf and are contractually obligated to protect your data and use it only for the purposes we specify:

Google (Google LLC, USA) — authentication via Google OAuth (name, email, profile image) and AI content generation via Google Gemini API. Google's privacy policy: policies.google.com/privacy.
OpenAI (OpenAI LLC, USA) — fallback AI content generation. Your website content and keyword data may be sent to OpenAI's API for processing when our primary AI provider is unavailable. OpenAI's privacy policy: openai.com/privacy.
DataForSEO (DataForSEO Inc.) — SEO data provisioning, including keyword metrics, search volume data, and SERP analysis. Your target keywords and domain information may be shared with DataForSEO for research purposes. DataForSEO's privacy policy: dataforseo.com/privacy-policy.
Convex (Convex, Inc., USA) — backend infrastructure, real-time database, and serverless compute. All Service data (including account information, content, and operational data) is stored and processed on Convex's infrastructure. Convex's privacy policy: convex.dev/privacy.
Stripe (Stripe, Inc., USA) — payment processing (planned). When payment features are active, Stripe will process your payment information (credit card, billing address). We do not store your full payment card details on our servers. Stripe's privacy policy: stripe.com/privacy.
Vercel (Vercel, Inc., USA) — frontend hosting and content delivery.

5.2 CMS Platforms

When you connect a CMS platform (such as WordPress) and instruct us to publish content, we transmit the generated article content and associated metadata (title, slug, meta description, featured image) to your CMS. This transfer occurs solely at your direction and using the credentials you have provided. We act as your agent when publishing to your CMS.

5.3 No Sale of Personal Data

We do not sell your personal data to any third party. We have never sold personal data and have no plans to do so. For the purposes of the CCPA, we confirm that we do not "sell" or "share" (as those terms are defined under the CCPA) personal information of California residents.

5.4 Law Enforcement & Legal Requirements

We may disclose your information if we believe in good faith that disclosure is necessary to:

Comply with applicable law, regulation, or legal process (e.g., a subpoena or court order).
Protect the rights, property, or safety of Rankrize, our users, or the public.
Detect, prevent, or address fraud, security, or technical issues.
Enforce our Terms of Service.

Where legally permitted, we will make reasonable efforts to notify you before disclosing your data in response to a legal request.

5.5 Business Transfers

If Rankrize is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your data according to the following principles:

Active account data — your personal data, website data, generated content, and associated operational data are retained for as long as your account remains active and the Service is being provided.
Account deletion — when you request account deletion (via the Service or by emailing us), we will immediately delete your personal data, website data, generated content, integration credentials, and all associated records from our active databases.
Backup purge — residual copies of your data in automated backups will be purged within 30 days of your deletion request.
Anonymized and aggregated data — we may retain anonymized, aggregated data (which cannot be used to identify you) indefinitely for analytics, benchmarking, and service improvement purposes.
Legal obligations — we may retain certain data beyond the periods above if required by law (e.g., tax records, fraud prevention).

7. Data Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it:

Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
Encryption at rest — data stored in our database is protected by the encryption-at-rest mechanisms provided by our infrastructure provider (Convex).
Application-level encryption for credentials — sensitive integration credentials (such as WordPress passwords and API keys) are encrypted using AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode) before storage. This provides both confidentiality and integrity verification. The encryption key is stored separately from the encrypted data and is accessible only to the server-side processing environment.
Password hashing — user passwords are cryptographically hashed using industry-standard algorithms before storage. We never store plaintext passwords.
Access controls — role-based access control (RBAC) is enforced at the application level, ensuring users can only access data within their authorized workspaces and at their permitted role level (owner, admin, editor, viewer).
Minimal data exposure — credentials are decrypted only at the moment of use and are never logged, cached, or persisted in decrypted form.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents. If we become aware of a data breach that affects your personal data, we will notify you and the relevant supervisory authorities in accordance with applicable law.

8. International Data Transfers

Rankrize is operated from and our primary infrastructure is located in the United States. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data-protection laws that differ from those in your country of residence. By using the Service, you consent to the transfer of your data to these countries.

For users in the EEA, UK, or Switzerland, we ensure that international data transfers are protected by appropriate safeguards, including:

Standard Contractual Clauses (SCCs) — where applicable, we rely on European Commission-approved Standard Contractual Clauses with our service providers to ensure adequate data protection.
Adequacy decisions — where the European Commission has determined that a third country provides an adequate level of data protection, we may rely on that decision.
Data Processing Agreements — our third-party providers are bound by data processing agreements that require them to protect your data in accordance with applicable law.

You may request a copy of the safeguards we have in place by contacting us at rankrizeio@gmail.com.

9. Your Rights

Depending on your location and applicable law, you may have specific rights regarding your personal data. We are committed to honoring these rights promptly and transparently.

9.1 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR:

Right of access (Article 15) — you have the right to request a copy of the personal data we hold about you, along with information about how we process it.
Right to rectification (Article 16) — you have the right to request correction of inaccurate or incomplete personal data.
Right to erasure (Article 17) — you have the right to request deletion of your personal data. Upon receiving a valid erasure request, we will delete your data immediately from active systems and from backups within 30 days, unless retention is required by law.
Right to data portability (Article 20) — you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit it to another controller where technically feasible.
Right to restrict processing (Article 18) — you have the right to request that we restrict the processing of your personal data under certain circumstances (e.g., while we verify the accuracy of your data).
Right to object (Article 21) — you have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent (Article 7(3)) — where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint — you have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates the GDPR.

9.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the CCPA:

Right to know — you have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
Right to delete — you have the right to request deletion of your personal information, subject to certain exceptions permitted by law.
Right to opt out of the sale of personal information — we do not sell your personal information. Accordingly, there is no need to opt out, but we affirm this right for transparency.
Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied service for exercising your rights.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at rankrizeio@gmail.com with the subject line "Privacy Rights Request."

Please include in your request:

Your full name and the email address associated with your Rankrize account.
A description of the specific right(s) you wish to exercise.
Any additional information that may help us verify your identity and locate your data.

We will respond to verified requests within 30 days (or within the timeframe required by applicable law). If we need additional time (up to 60 additional days for complex requests), we will notify you of the extension and the reason.

We may need to verify your identity before processing your request to protect against unauthorized access. We will not require you to create an account solely to submit a privacy request.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use the Service or provide any personal information.

If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at rankrizeio@gmail.com and we will promptly delete the information.

11. Third-Party Links

The Service may contain links to third-party websites, services, or resources that are not operated or controlled by Rankrize. This includes links within generated articles, SEO research results, and integration partner websites.

We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party website you visit. The inclusion of a link does not imply endorsement by Rankrize.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

We will update the "Last Updated" date at the top of this page.
For material changes (changes that significantly affect how we collect, use, or share your data), we will notify you by email (sent to the email address associated with your account) and/or by posting a prominent notice within the Service at least 14 days before the changes take effect.
For minor changes (clarifications, formatting, or corrections that do not materially alter your rights), we will update this page without separate notification.

Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue use of the Service and request account deletion.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: rankrizeio@gmail.com
Website: rankrize.io

We aim to respond to all privacy-related inquiries within 5 business days. For formal GDPR or CCPA requests, we will respond within the legally required timeframe (typically 30 days).