Privacy Policy
Effective date: 1 June 2025
1. Who We Are
Rank Ledge ("we", "us", "our") is a SaaS product operated as a sole-trader business in Ireland under the registered business name Limerick Family Farm (CRO 750471). We are the data controller for personal data processed through our platform.
Data protection enquiries: support@rankledge.com
2. What Data We Collect
Data you provide directly
- Account information: name, email address, mobile number (optional)
- Payment information: billing name and address (processed by Stripe — we do not store card numbers)
- Site configuration: website URLs, business descriptions, context documents you upload
- API keys you choose to store (stored encrypted, never logged)
- Communications: support emails, feedback
Data collected automatically
- Usage data: pages visited, features used, analysis runs performed
- Technical data: IP address, browser type, device type, operating system
- Log data: error logs, API request timestamps
- Cookies and similar technologies (see Section 8)
Data from third parties
- Subscription and payment status from Stripe
- Social media profile information when you connect platforms (Meta, LinkedIn, Twitter)
3. How We Use Your Data
| Purpose | Lawful Basis |
|---|---|
| Providing the Service and analysis features | Performance of contract |
| Processing payments and billing | Performance of contract |
| Sending service-related emails (receipts, alerts) | Performance of contract |
| Improving and debugging the Service | Legitimate interests |
| Fraud prevention and security | Legitimate interests |
| Sending marketing emails (with opt-in) | Consent |
| Complying with legal obligations | Legal obligation |
4. Data Sharing
We do not sell your personal data. We share data only with:
- Stripe — payment processing (PCI DSS compliant) — EU/US
- Google (Gemini API) — AI analysis (your site content and context documents may be sent as prompts) — US
- Anthropic (Claude API) — optional AI prompt generation — US
- OpenAI — optional AI features and AI-visibility checks — US
- Perplexity — AI answer-engine visibility checks — US
- DataForSEO — keyword, ranking and backlink data for competitor/SEO analysis — EU/US
- SerpAPI — live search-engine ranking lookups — US
- Moz — domain authority and backlink metrics — US
- Google Search Console (OAuth) — when you connect Google, we access your Search Console performance data on your behalf — US
- SendGrid — transactional email delivery (verification, password reset, alerts) — US
- Railway / cloud hosting provider — infrastructure — EU/US
- Social media platforms — only when you explicitly connect an account
- Law enforcement — when required by law
All third-party processors are bound by data processing agreements and may only process your data for the purposes we specify.
5. Data Retention
- Account data: retained while your account is active and for 30 days after deletion
- Analysis results: retained for 12 months or until you delete them
- Payment records: retained for 7 years as required by Irish tax law
- Uploaded context documents: deleted immediately upon removal or account deletion
- API keys: deleted immediately upon removal or account deletion
- Log data: retained for 90 days
6. International Transfers
Some of our service providers (including Google and Anthropic) process data in the United States. These transfers are made under the EU Standard Contractual Clauses or equivalent safeguards as required by GDPR. By using the Service you acknowledge these transfers.
7. Security
We implement appropriate technical and organisational security measures including TLS encryption in transit, encrypted storage of API keys, bcrypt password hashing, and access controls. No system is 100% secure; you should use a strong password and keep it confidential.
8. Cookies
We use only strictly-necessary cookies:
- Session cookies — required to keep you logged in during your visit. Cannot be disabled.
- Preference cookies — remember your settings (e.g. theme, display, and your cookie choice).
We do not use advertising, tracking, or third-party analytics cookies, and we do not sell or share your data with third parties for advertising.
9. Your Rights (GDPR)
If you are in the EEA, UK, or Switzerland, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restriction — request we restrict processing of your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — withdraw consent at any time where processing is based on consent
To exercise these rights, email support@rankledge.com. We will respond within 30 days.
You have the right to lodge a complaint with the Data Protection Commission (Ireland): www.dataprotection.ie.
10. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the Service. The effective date at the top of this page indicates when the policy was last updated.
12. Contact Us
For privacy enquiries: support@rankledge.com