Privacy Policy

Last Updated: November 18, 2025

This privacy notice describes how Rankability, Inc. collects, uses, and protects your personal data in compliance with GDPR, UK GDPR, and applicable privacy laws.

Quick Navigation

What We Collect Lawful Basis Data Processors Data Retention Your Rights Contact Us

Introduction

This privacy notice for Rankability, Inc. ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

  • Visit our website at https://www.rankability.com
  • Use our SEO software and tools
  • Engage with us through contact forms, support requests, or email
  • Participate in our Academy programs or events

Questions or concerns? If you do not agree with our policies and practices, please do not use our Services. For questions, contact us at [email protected].

1. What Information Do We Collect?

Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

  • Contact Information: Name, email address, company name
  • Account Data: Username, password (hashed), account preferences
  • Payment Information: Billing address, payment method details (processed by Stripe)
  • Communication Data: Messages, support requests, feedback
  • Profile Information: Job title, industry, company size (optional)

Automatically Collected Information

When you visit our website, we automatically collect certain information (with your consent where required):

  • Device Information: Browser type, operating system, device type
  • Usage Data: Pages viewed, time spent, click patterns, feature usage
  • Location Data: Approximate geographic location (IP-based, anonymized)
  • Cookies & Tracking: Analytics cookies, session cookies, affiliate tracking (see our Cookie Policy)

2. Lawful Basis for Processing (GDPR/UK GDPR)

We process your personal data under the following lawful bases:

Consent (Article 6(1)(a) GDPR)

We process data with your explicit consent for:

  • Analytics cookies (Google Analytics, Microsoft Clarity)
  • Marketing communications and newsletters
  • Affiliate tracking (Rewardful)

You can withdraw consent anytime via Cookie Settings or by emailing us.

Contract (Article 6(1)(b) GDPR)

We process data to fulfill our contract with you:

  • Account creation and management
  • Providing SEO software services
  • Processing payments
  • Customer support

Legitimate Interest (Article 6(1)(f) GDPR)

We process data for our legitimate business interests:

  • Fraud prevention and security monitoring
  • Service improvement and optimization
  • Internal analytics and business intelligence

We balance our interests against your rights and only process where our interests do not override your fundamental rights.

Legal Obligation (Article 6(1)(c) GDPR)

We process data to comply with legal obligations such as tax reporting, fraud prevention, and responding to lawful requests from authorities.

3. Third-Party Data Processors

We share your data with the following processors under Data Processing Agreements (DPAs):

Processor Purpose Location Safeguards
Google (Analytics) Website analytics USA SCCs, Data Privacy Framework
Microsoft (Clarity) Session recording, heatmaps USA SCCs, Data Privacy Framework
Rewardful Affiliate tracking USA SCCs
SendGrid (Twilio) Transactional emails USA SCCs, Data Privacy Framework
Neon Database Database hosting USA SCCs, encryption at rest
Stripe Payment processing USA SCCs, PCI DSS compliant
Replit Application hosting USA SCCs, SOC 2 certified

Note: SCCs = Standard Contractual Clauses. All US-based processors operate under EU-approved Standard Contractual Clauses and/or the EU-US Data Privacy Framework.

4. International Data Transfers

Rankability, Inc. is based in the United States. If you are accessing our services from the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data will be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for all international transfers:

  • Standard Contractual Clauses (SCCs): EU Commission-approved clauses with all US-based processors
  • EU-US Data Privacy Framework: Processors certified under the adequacy decision
  • Technical Safeguards: Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, audit logs

5. Data Retention Periods

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data Active account + 3 years after closure
Payment Records 7 years (tax/legal requirements)
Analytics Cookies Up to 2 years
Marketing Cookies 90 days
Support Requests 3 years after resolution
Marketing Communications Until unsubscribe + 30 days

After retention periods expire, we securely delete or anonymize your data. You can request early deletion at any time (subject to legal requirements).

6. Your Data Protection Rights

If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR/UK GDPR:

Right to Access (Article 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data.

Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data (subject to legal obligations).

Right to Restriction (Article 18)

Request restriction of processing in certain circumstances.

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format (CSV/JSON).

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent for cookie tracking or marketing at any time.

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe your rights have been violated.

How to Exercise Your Rights: Visit our Data Subject Rights Portal or email [email protected]. We will respond within 30 days.

7. How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication, least privilege principle
  • Regular Audits: Security assessments, penetration testing, vulnerability scanning
  • Staff Training: Regular data protection and security awareness training
  • Incident Response: Documented breach notification procedures (within 72 hours to authorities)
  • Vendor Management: DPAs with all processors, regular compliance reviews

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

9. Updates to This Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by email (if you have an account) or by posting a prominent notice on our website. The "Last Updated" date at the top indicates when the policy was last revised.

10. Contact Information

For privacy-related questions, data subject rights requests, or complaints:

Privacy Contact

Email: [email protected]

Company Information

Rankability, Inc.

6 Cardinal Way, Suite 900

St. Louis, MO 63102

United States

EU Representative

We are currently a small business and do not have a dedicated EU representative. EU residents can contact us directly at the address above or at [email protected].

Supervisory Authority

EU/EEA residents have the right to lodge a complaint with their local data protection authority. UK residents can contact the Information Commissioner's Office (ICO).