Back

Rankfor.AI — Privacy Policy

Last updated: 09 Oct 2025 Data Controller: Rankfor.AI Sp. z o.o., ul. Skarbowców 23B, 53-025 Wrocław, Poland • dpo@rankfor.ai This policy explains what we collect, why, how we use it, and your rights under GDPR.

1) What we collect

• Account & identity: name, email, company, role.
• Auth & logs: login timestamps, session IDs, IP (anonymized for analytics), user agent.
• Product usage: features used, prompts/inputs you submit, generated artifacts, error telemetry.
• Billing (if paid): billing contact, address; card data handled by our processor (we don’t store PANs).
• Content context: public URLs you scan; we process publicly available content for analysis.

2) Why we collect (lawful bases)

• Contract (Art. 6(1)(b)) — provide the Platform and support.
• Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, service improvement, quality analytics (pseudonymous).
• Consent (Art. 6(1)(a)) — marketing emails; non-essential cookies/analytics.
• Legal obligation (Art. 6(1)(c)) — tax/audit records.

3) How we use data

Operate the Platform; secure accounts; measure and improve performance; send service updates; process payments; provide reports/exports; and (if you opt-in) send marketing. We may use de-identified aggregates to improve reliability and reduce bias.

4) Cookies & tracking

See Cookie Policy summary in the Terms; analytics/marketing load only with consent. Manage choices via the banner or “Cookie settings”.

5) Sharing (processors/sub-processors)

We use vetted providers under Article 28 agreements:

• AI providers: Google Gemini; OpenAI — process inputs to generate Outputs; SCCs for US transfers; no model training on your data per provider terms.
• Auth: Authentik (self-hosted) — email, user ID, login timestamps.
• Cache/infra: Redis (self-hosted/Redis Cloud EU) — session & short-lived scan cache.
• Payments: Stripe (EU/US) — billing and transactions.
  We don’t sell personal data.

6) Retention

• Account data: while active + 30 days after deletion request.
• Scan cache: ~24 hours; auto-purged.
• Reports/outputs you keep: until you delete or close account (+30 days).
• Billing records: 7 years (legal).
• Anonymized analytics: may be kept longer; cannot identify you.

7) International transfers

When data leaves the EEA (e.g., to OpenAI/Stripe US), we use Standard Contractual Clauses and safeguard measures.

8) Your rights (GDPR)

Access, rectify, erase, restrict, portability, object, withdraw consent, and lodge a complaint with your authority (PL: UODO). Request at dpo@rankfor.ai (subject: “GDPR Request”). Response within 30 days.

9) Security

We apply technical/organizational measures (encryption in transit, access controls, audit trails). We’ll notify you and/or authorities of personal-data breaches as required. (Audit and DPA hooks available for enterprise.)

10) Children

Not for under-18s; we do not knowingly collect children’s data.

11) Changes

We’ll post updates here and notify of material changes in advance where required.

12) Contact

Data Controller: Rankfor.AI Sp. z o.o., ul. Skarbowców 23B, 53-025 Wrocław, Poland
Privacy: dpo@rankfor.ai • Legal & Support: contact@rankfor.ai