Privacy Policy

Introduction

RankPorto ("we", "us", or "our") is an SEO reporting SaaS platform that helps freelancers, agencies, and business owners track rankings, monitor website performance, and generate professional SEO reports — all in one place.

This Privacy Policy applies to all users of RankPorto's website and services, including those who connect Google accounts via OAuth. By using RankPorto, you agree to the practices described in this policy.

Information We Collect

We collect only the information necessary to provide you with a high-quality SEO reporting experience. Here is a breakdown of the data we may collect:

How We Use Your Data

All data we collect is used solely to operate, improve, and support our services. Specifically, we use your data to:

• Create and manage your RankPorto account and authenticate your identity
• Generate SEO reports, keyword ranking dashboards, and performance insights for your websites
• Connect to Google Search Console and Google Analytics 4 via OAuth to fetch your authorized data
• Send you important account notifications, billing receipts, and product updates
• Respond to your support requests and customer service inquiries
• Analyze aggregate, anonymized usage patterns to improve the platform's features and performance
• Detect, prevent, and address technical issues, bugs, and security threats
• Comply with legal obligations where required by law

Google User Data

RankPorto integrates with Google Search Console (GSC) and Google Analytics 4 (GA4) via Google OAuth 2.0. This section explains exactly how we handle data obtained from Google services.

Data Sharing

We do not sell, trade, or rent your personal data. We share your data only in the limited circumstances described below:

• Infrastructure Providers: We use trusted cloud hosting and database providers (such as AWS or similar) to store and process your data securely. These providers are contractually bound to protect your data and may not use it for their own purposes.
• Payment Processors: Billing information is processed by a secure, PCI-compliant payment provider (e.g., Stripe). We do not store full credit card details on our servers.
• Analytics Tools: We may use anonymized, aggregated usage data with internal analytics tools to understand how our platform is used. No personally identifiable information is shared.
• Legal Requirements: We may disclose data if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of RankPorto, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify users via email before any such transfer takes place.

• We do NOT sell your personal data to third parties
• We do NOT share your Google data with any unauthorized parties
• We do NOT share data with advertising networks or data brokers
• We do NOT allow third parties to access your data for their own marketing purposes

Data Security

Protecting your data is our top priority. We implement industry-standard security measures to safeguard your information against unauthorized access, alteration, disclosure, or destruction.

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security / HTTPS).
• Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using industry-standard encryption protocols.
• Password Security: Passwords are never stored in plain text. We use strong, one-way cryptographic hashing (bcrypt or equivalent).
• OAuth Token Security: Google OAuth access tokens are stored securely and encrypted. They are never exposed in logs or client-side code.
• Access Controls: Only authorized RankPorto team members with a legitimate business need can access user data, and all access is logged and audited.
• Regular Security Reviews: We conduct regular internal security reviews and vulnerability assessments of our platform.

Data Retention

We retain your data only for as long as necessary to provide our services and comply with legal obligations.

• Active Account Data: Your account information, project data, and SEO reports are retained for the duration of your active subscription or account, plus up to 30 days after account closure to allow for account recovery.
• Google OAuth Data: Data retrieved from Google services is retained only as long as you maintain an active connected integration. When you disconnect your Google account, associated cached data is deleted within 30 days.
• Billing Records: Billing and transaction records are retained for up to 7 years as required by financial and tax laws.
• Support Communications: Support tickets and correspondence are retained for up to 2 years to improve our service quality.
• Deleted Accounts: When you request account deletion, all personal data is permanently deleted within 30 days, except where we are legally required to retain certain records.

Your Rights

You have full control over your personal data. Depending on your location, you may have the following rights:

To exercise any of these rights, contact us at privacy@rankporto.com. We will respond to all requests within 30 days. If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.

Third-Party Services

RankPorto integrates with the following third-party services to deliver our core functionality. Each service has its own privacy policy that governs their data practices:

• Google Search Console API: Used to fetch search performance data (clicks, impressions, CTR, average position) for websites you authorize. Governed by Google's Privacy Policy.
• Google Analytics 4 API: Used to retrieve website traffic and engagement metrics for properties you connect. Governed by Google's Privacy Policy and Terms of Service.
• Google OAuth 2.0: Used to securely authenticate your Google account without RankPorto ever seeing your Google password.
• Payment Processor (e.g., Stripe): Used to securely process subscription payments. Your card details are handled directly by the payment processor and never stored on our servers.
• Email Service Provider: Used to send transactional emails (account confirmations, invoices, alerts). Email content is not used for marketing without your consent.
• Cloud Hosting Provider: Our infrastructure runs on a reputable cloud provider with SOC 2 compliance and data encryption at rest.

We do not control and are not responsible for the privacy practices of these third-party services. We encourage you to review their individual privacy policies.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please don't hesitate to reach out. We are committed to resolving privacy matters promptly and transparently.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data practices. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Send an email notification to all registered users at least 14 days before changes take effect
• Display a prominent notice within the RankPorto dashboard

Your continued use of RankPorto after any changes to this policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you have the right to close your account and request deletion of your data before the changes take effect.