# Privacy Policy **Last updated: March 18, 2026** URL: https://www.tryrankly.com/privacy-policy --- ## 1. Introduction This Privacy Policy describes how Rankly Inc. ("Rankly," "we," "us," or "our") collects, uses, stores, and protects information when you access or use our services, including: - **Rankly Platform** (app.tryrankly.com) - Our Answer Engine Optimization (AEO) and Traffic Analytics platform - **Query Fanouts Chrome Extension** - A complimentary tool for analyzing AI-generated search behavior - **Marketing Website** (tryrankly.com) Rankly is committed to maintaining the highest standards of data privacy, transparency, and regulatory compliance. We operate under a **full data transparency policy**: no user data is processed, shared, or utilized for any purpose without explicit user consent. By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of our services. ## 2. Information We Collect ### 2.1 Account Information When you create an account, we collect: - **Email Address** - Used for account identification, authentication, and service communications - **Name** - First and last name (optional, provided at your discretion) - **Company Name** - Your organization name (optional, provided at your discretion) - **Authentication Data** - If you sign in via Google OAuth, we receive your Google account identifier and basic profile information (name and email) ### 2.2 Answer Engine Analytics Data Our core AEO analytics service collects and processes the following: #### Brand Analysis Configuration: - **URLs** - Website URLs you submit for brand visibility analysis - **Brand Context** - Your brand name, industry classification, and value propositions - **Topics and Personas** - Search topics and user personas you configure for tracking - **Competitors** - Competitor brands you designate for comparative analysis #### AI Platform Monitoring Data: Rankly monitors your brand's visibility across mainstream AI answer engines. **All data collected from AI platforms is publicly available information**, gathered through the following process: - We query AI platforms using brand-relevant search prompts configured by you - All queries are executed in **anonymous, unauthenticated sessions** - no user accounts or personal credentials are used - We collect the AI-generated responses, including brand mentions, positioning, sentiment indicators, and source citations - This data is **identical to what any member of the public would receive** when submitting the same queries to these platforms **AI Platforms Currently Monitored:** OpenAI ChatGPT, Perplexity, and Google Search. We are actively integrating Google Gemini and Microsoft Copilot. We exclusively partner with AI platforms that comply with applicable United States federal and state regulations, European Union data protection laws (including GDPR), and the Republic of India's data protection legislation. We do not integrate with, transmit data to, or receive data from any AI platform that does not meet these compliance standards. ### 2.3 Google Analytics 4 (GA4) Integration When you connect your Google Analytics 4 account to Rankly, the following applies: - **Authorization** - We use Google OAuth 2.0 with PKCE (Proof Key for Code Exchange) to obtain your explicit consent before accessing any analytics data - **Scope of Access** - We request **read-only access** (`analytics.readonly`) to your GA4 property. We cannot and do not modify, delete, or write any data to your Google Analytics account - **Data Retrieved** - We read standard GA4 metrics including sessions, page views, user counts, engagement rates, traffic sources, geographic summaries, and device categories - **Purpose** - GA4 data is used exclusively to display your website traffic analytics within the Rankly dashboard, to identify traffic originating from AI answer engines, and to calculate derived metrics such as session quality scores and traffic source comparisons - **Data Processing** - We process GA4 data to classify traffic sources, detect AI-referral traffic patterns, compute period-over-period trends, and generate aggregated visual reports. All processed data is displayed solely to you, the authenticated account owner - **No Onward Transfer** - Your GA4 data is never shared with, sold to, or transmitted to any third party. It is not used for advertising, profiling, or any purpose other than displaying analytics within your Rankly dashboard - **Revocation** - You may disconnect your GA4 account at any time through the Rankly platform settings. Upon disconnection, all cached GA4 data is permanently deleted from our systems ### 2.4 Query Fanouts Chrome Extension The Query Fanouts extension captures the following data only when you actively initiate a capture session: - **Search Queries** - The internal search queries generated by ChatGPT during web search operations - **Citations** - URLs and metadata of sources referenced by ChatGPT - **Product Data** - Product information displayed in shopping recommendation panels - **Search Context** - Geographic location context (UULE codes) and language settings **We do not capture your personal prompts, private conversations, or any content you type into ChatGPT.** We exclusively capture the search queries that ChatGPT generates internally as part of its web retrieval process. ### 2.5 Usage and Billing Data - **Service Usage Metrics** - API token counts, response times, and feature utilization statistics used for service optimization - **Subscription Information** - Your plan tier and billing cycle - **Payment Information** - Payment processing is handled exclusively by our PCI-compliant payment processor. We do not store, process, or have access to your credit card numbers, bank account details, or other financial instrument data ## 3. How We Use Your Information We use collected information strictly for the following purposes: - To operate, maintain, and deliver our analytics services - To analyze and display your brand's visibility across AI answer engines - To process and display your GA4 traffic analytics in read-only dashboards - To generate insights, trend analyses, and actionable reports - To provide data export functionality (CSV/JSON) - To process subscription payments and manage billing - To communicate with you regarding your account, service updates, and support requests - To improve service reliability, performance, and user experience **We do not use your data for advertising, behavioral profiling, or sale to any third party under any circumstances.** ## 4. Data Sovereignty and International Compliance ### 4.1 Infrastructure and Data Residency All Rankly infrastructure is hosted on **Google Cloud Platform (GCP)** within the **United States (us-east1 region)**. Our infrastructure components include: - **Application Services** - Google Cloud Run (serverless compute) - **Database Systems** - Self-hosted on Google Compute Engine within GCP's US data centers - **Data Backups** - Google Cloud Storage within the US region ### 4.2 Regulatory Compliance Rankly is designed and operated to comply with: - **United States** - Applicable federal and state data protection regulations, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) - **European Union** - General Data Protection Regulation (GDPR), including provisions for lawful processing, data minimization, and data subject rights - **Republic of India** - The Digital Personal Data Protection Act, 2023 (DPDPA), including provisions for data principal rights and cross-border data transfer requirements ### 4.3 Prohibited Data Transfers Rankly maintains a strict policy against transmitting, mirroring, replicating, or otherwise transferring any user data - whether personal, analytical, or behavioral - to any jurisdiction, service provider, or platform that does not comply with the regulatory frameworks enumerated in Section 4.2. We do not engage with service providers domiciled in, or routing data through, jurisdictions that lack adequate data protection standards as assessed under GDPR adequacy decisions, US regulatory guidance, or equivalent frameworks. ### 4.4 Third-Party AI Platform Compliance All AI platforms integrated with Rankly are evaluated against the following criteria before integration: - Compliance with US federal and state data protection regulations - Compliance with GDPR and EU data protection standards - Compliance with Indian data protection legislation - Transparent data handling and privacy policies - No evidence of unauthorized data sharing or onward transfer to non-compliant jurisdictions Platforms that fail to meet any of these criteria are not integrated, regardless of market demand or technical capability. ## 5. Third-Party Service Providers We engage the following categories of third-party service providers, each bound by contractual data protection obligations: | Provider Category | Purpose | Data Shared | |---|---|---| | **Cloud Infrastructure** (Google Cloud Platform) | Application hosting, compute, storage | All service data (encrypted at rest and in transit) | | **AI Answer Engine Providers** (OpenAI, Google, Perplexity) | Brand visibility monitoring via public queries | Anonymized search queries only; no user personal data | | **Payment Processor** (Dodo Payments) | Subscription billing and payment processing | Email address and subscription tier; no analytics data | | **Email Service** (SMTP via Google Workspace) | Transactional and account communications | Email address and message content | | **Google OAuth / GA4 API** | User authentication and analytics data retrieval | OAuth tokens (encrypted); GA4 data displayed only to the authenticated user | **No user data - including personal information, GA4 analytics, brand analysis results, or account details - is shared with any entity not listed above.** Each provider processes data solely for the stated purpose and is prohibited from using it for independent purposes. ## 6. Data Sharing Policy **We do not sell, rent, lease, trade, or otherwise transfer your personal information or analytics data to any third party for commercial, advertising, or any other purpose.** Data may be disclosed only in the following limited circumstances: - **Service Operations** - To the third-party service providers listed in Section 5, strictly for the purpose of delivering our services, under binding data protection agreements - **AI Platform Queries** - Search prompts submitted to AI platforms for brand monitoring are anonymized and contain no personally identifiable information - **Legal Obligations** - If required by law, regulation, subpoena, court order, or governmental request from a jurisdiction with lawful authority - **Protection of Rights** - To protect the rights, property, or safety of Rankly, our users, or the public, as permitted by law - **Aggregated Statistics** - In anonymized, aggregated form that cannot be used to identify any individual user, for industry research or statistical reporting purposes ## 7. Data Security We implement comprehensive technical and organizational security measures, including: - **Encryption in Transit** - All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher - **Encryption at Rest** - All stored data is encrypted using industry-standard encryption algorithms - **Access Controls** - Role-based access controls and principle of least privilege for all system access - **Authentication Security** - OAuth 2.0 with PKCE for third-party integrations; JWT-based session management with secure token handling - **Infrastructure Security** - Firewall rules, network segmentation, and regular security assessments - **Credential Security** - API keys and secrets are stored in environment variables and never exposed in client-side code While we employ commercially reasonable measures to protect your data, no method of electronic transmission or storage is entirely infallible. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with applicable breach notification laws. ## 8. Data Retention - **Account Data** - Retained for the duration of your active account and for thirty (30) days following account deletion to facilitate recovery requests, after which it is permanently deleted - **Analytics and Brand Monitoring Data** - Retained while your account is active to provide historical tracking and trend analysis. Deleted within thirty (30) days of account termination - **GA4 Cached Data** - Cached for up to five (5) minutes for performance optimization. All cached GA4 data is permanently deleted upon disconnection of your GA4 account - **Chrome Extension Data (Local)** - Stored exclusively in your browser's local storage until you clear it. We do not retain extension data on our servers unless you explicitly save a report - **Payment Records** - Retained as required by applicable tax and financial regulations ## 9. Your Rights Regardless of your jurisdiction, we honor the following data subject rights: - **Right of Access** - Request a copy of all personal data we hold about you - **Right to Deletion** - Request permanent deletion of your account and all associated data - **Right to Rectification** - Request correction of any inaccurate personal data - **Right to Data Portability** - Export your data at any time using our built-in CSV and JSON export functionality - **Right to Withdraw Consent** - Revoke consent for any data processing, including disconnecting third-party integrations (e.g., GA4), at any time without affecting the lawfulness of processing performed prior to withdrawal - **Right to Object** - Object to specific forms of data processing - **Right to Restrict Processing** - Request restriction of processing in certain circumstances To exercise any of these rights, contact us at **privacy@tryrankly.com** or **contact@tryrankly.com**. We will respond to all requests within thirty (30) days, or within the timeframe required by applicable law. ## 10. Cookies and Tracking Technologies - **Essential Cookies** - Used for authentication, session management, and security (e.g., GA4 OAuth session cookies) - **Preference Cookies** - Used to remember your dashboard settings and display preferences - **Analytics** - We may use first-party analytics to understand aggregate usage patterns. We do not use third-party advertising trackers or behavioral profiling cookies The Query Fanouts Chrome Extension does not use cookies and only activates on ChatGPT pages when you explicitly initiate a capture session. ## 11. Children's Privacy Our services are not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such data, we will promptly delete it. ## 12. Changes to This Policy We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. Material changes will be communicated by posting the revised policy on this page, updating the "Last updated" date, and where appropriate, notifying you via email. Your continued use of our services following the posting of changes constitutes your acceptance of the revised policy. ## 13. Contact Us For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us at: - **Privacy Inquiries:** privacy@tryrankly.com - **General Support:** contact@tryrankly.com - **Website:** tryrankly.com