Privacy Policy

Rankfender ("Rankfender", "we", "our", "us") operates the AI Visibility Intelligence platform available at rankfender.com and its subdomains (the "Service"). This Privacy Policy explains how we collect, use, share, and protect Personal Data when you visit our website, create an account, or use any of our products — including the RAIVE Engine, Content Engine, Keyword Intelligence, and the RAISA AI assistant.

For data protection purposes, Rankfender acts as the Controller of the data described in this Policy when you sign up directly. When you use the Service on behalf of an organization, that organization is the Customer under our Terms of Service, and we generally act as a Processor for the data the Customer pushes through the Service.

• Privacy contact: privacy@rankfender.com
• Data Protection Officer: dpo@rankfender.com
• Security contact: security@rankfender.com

Personal Data — information relating to an identified or identifiable individual. Customer Data — content and configuration the Customer or its Authorized Users submit to the Service (brands, domains, keywords, prompts, articles, files). Visibility Data — data Rankfender produces by querying public AI systems on behalf of a Customer (responses, mentions, scores, snapshots). Sub-processor — any third party engaged by Rankfender to process Personal Data on our behalf. Authorized User — an individual the Customer permits to access the Service under their account.

We collect the following categories of data:

a) Account & profile data. Name, email, password hash, company, role, time zone, profile picture, language preference, and any details you add to your dashboard.

b) Billing data. Billing address, VAT/tax ID, plan tier, invoice history, and the payment-method token returned by our payment processor (Stripe). We never store full card numbers.

c) Customer Data. Brands, domains, competitors, keywords, prompts, briefs, articles, and any other content you submit for monitoring, generation, or analysis.

d) Visibility Data. Responses returned by AI systems (ChatGPT, Gemini, Perplexity, Claude, DeepSeek, Grok, Llama, and others we add over time), the prompts we sent, mention counts, sentiment, ranks, and the resulting visibility scores.

e) Usage & telemetry data. Pages viewed, features used, clicks, in-app search queries, API calls, session duration, browser, OS, IP address, referrer, and crash logs.

f) Communications data. Support tickets, chat messages with our team, survey responses, and email engagement (opens, clicks).

g) Cookies & similar technologies as described in section 14.

We do not knowingly collect special-category data (health, biometrics, political opinions) and ask you not to submit any.

• Directly from you when you sign up, configure projects, contact support, or buy a plan.
• Automatically through cookies, server logs, and product telemetry as you use the Service.
• From third parties when you connect an integration (Google Search Console, Google Analytics, WordPress, Shopify, webhooks). We only receive the scopes you explicitly authorize.

For users in the EEA, the United Kingdom, and Switzerland, we rely on the following legal bases under Article 6 GDPR:

• Provide and operate the Service (account, monitoring, dashboards, content generation) — performance of contract.
• Bill, collect taxes, invoice, fight chargebacks — performance of contract and legal obligation.
• Improve, secure, and debug the Service; prevent fraud and abuse — legitimate interests.
• Send service emails and security notices — performance of contract / legitimate interests.
• Send marketing emails — consent, withdrawable at any time.
• Comply with legal requests — legal obligation.

For California residents, the categories collected, sources, purposes, and recipients are described in section 13 (CCPA/CPRA).

The RAIVE Engine sends prompts to public AI systems on your behalf to compute visibility scores. For this monitoring:

• We never share your account credentials with the AI providers.
• We do not feed Authorized User identifiers into prompts.
• Prompts are derived from the brand, competitor, and keyword inputs you provide.
• Responses are stored to render historical comparisons and surface mentions.
• Where the AI provider offers a "do not train on inputs/outputs" enterprise endpoint, we use it.

You can request deletion of any individual snapshot or prompt from your dashboard at any time.

Content Engine. When you generate articles, briefs, schemas, or images, the brief and any source files you attach are sent to one or more LLM providers under enterprise data terms (no training on your data). Generated drafts stay on your account until you publish or delete them. If you publish via an integration (WordPress, Shopify, Wix, webhook), we transmit only the content and metadata required for that publishing action.

RAISA AI assistant. RAISA can read your project's brand, scores, and recent activity to answer your questions and propose actions. RAISA conversations are stored on your workspace so you can resume them. You can clear individual conversations or your entire RAISA history from the assistant settings.

We do not sell your Personal Data and we do not share it for cross-context behavioral advertising.

We share data only with:

a) Sub-processors that operate the Service. Current categories include: - Hosting & database — Supabase, AWS (EU/US regions). - Payments — Stripe. - Transactional email — Resend, Postmark. - LLM and AI providers — Anthropic, OpenAI, Google, xAI, Meta, DeepSeek, Perplexity (used by RAIVE, Content Engine, and RAISA). - Keyword and SERP intelligence — DataForSEO. - Error monitoring — Sentry. - Product analytics — Plausible / PostHog (privacy-respecting).

The current list is published at rankfender.com/sub-processors. We give 30 days' notice before adding a new sub-processor that materially changes the processing.

b) Professional advisors — auditors, lawyers, accountants — bound by confidentiality.

c) Authorities — only when required by valid legal process. We push back on requests that exceed what the law requires and notify you unless prohibited.

d) Successors — in the context of a merger, acquisition, or sale of assets, in which case the new entity becomes bound by this Policy.

Rankfender is operated from the European Union and uses sub-processors located in the EU, the United States, and other regions. When we transfer Personal Data outside the EEA, the UK, or Switzerland, we rely on:

• adequacy decisions where they exist (e.g., the EU-US Data Privacy Framework for certified vendors);
• the European Commission's Standard Contractual Clauses (SCCs) plus supplementary measures where required;
• your explicit consent in narrow cases.

A copy of the SCCs covering a given transfer is available on request to dpo@rankfender.com.

• Account & billing data — retained while your account is active and for 7 years after closure to meet tax and accounting obligations.
• Customer Data and Visibility Data — retained while your subscription is active. After cancellation, available for export for 30 days, deleted from production within 60 days and from backups within 180 days.
• Cookies / web analytics — up to 13 months.
• Support tickets — 3 years after the last interaction.
• Marketing emails — until you unsubscribe, then suppression-list only.

You can ask us to delete Customer Data sooner; we'll do so within 30 days unless retention is required by law.

Rankfender treats security as a product feature, not a checkbox. We:

• encrypt data in transit (TLS 1.2+) and at rest (AES-256);
• isolate Customer Data per workspace via row-level security;
• enforce SSO and 2FA for our team, with least-privilege access;
• rotate secrets, keep audit logs, and run automated dependency scans;
• run periodic third-party penetration tests;
• maintain an incident response plan and notify affected Customers within 72 hours of a confirmed breach.

No platform is invincible. Report security issues to security@rankfender.com.

Subject to local law, you have the right to:

• access the Personal Data we hold about you;
• rectify inaccurate or incomplete data;
• erase your data ("right to be forgotten");
• restrict or object to certain processing;
• portability — receive your data in a machine-readable format;
• withdraw consent at any time without affecting prior lawful processing;
• lodge a complaint with your supervisory authority (in France, the CNIL).

California residents (CCPA/CPRA) also have the right to know, delete, correct, and limit the use of sensitive Personal Information. We do not sell or share Personal Information for cross-context behavioral advertising.

To exercise these rights, write to privacy@rankfender.com from the email tied to your account, or use the Privacy tab in your dashboard. We respond within 30 days.

We use:

• Strictly necessary cookies — login, security, load balancing. Cannot be disabled.
• Functional cookies — preferences (language, currency, theme).
• Analytics cookies — aggregated usage measurement (Plausible / PostHog). Optional.
• Marketing cookies — only on the public marketing site, only with consent.

A cookie banner lets you accept, reject, or fine-tune categories. You can change your choice anytime via the "Cookie preferences" link in the footer.

The Service uses automated processing to compute visibility scores, rank prompts and competitors, and suggest content actions. None of these decisions produce legal or similarly significant effects on individuals. You can always export your raw data, request a manual review, or contact privacy@rankfender.com if you disagree with a result.

The Service is not intended for, nor directed to, anyone under 18. We do not knowingly process data of minors. If you believe a minor has provided us data, contact privacy@rankfender.com and we will delete it.

We may update this Policy as the Service evolves or the law changes. Material changes are announced in-app and by email at least 30 days before they take effect. The "Effective date" at the top always reflects the current version, and previous versions are available on request.

For any question, request, or complaint: - Privacy: privacy@rankfender.com - Data Protection Officer: dpo@rankfender.com - Security: security@rankfender.com - Postal address: provided on request to legal@rankfender.com