Privacy Policy

This Privacy Policy ("Policy") explains how xGenie LLC, doing business as Rankey ("Rankey," "we," "our," or "us"), collects, uses, discloses, retains, and protects information when you access or use rankey.net, the Rankey application, related websites, APIs, hosted pages, analytics, workflows, and support services (collectively, the "Services").

This Policy applies to website visitors, account holders, workspace users, customers, prospective customers, and other people who interact with Rankey. It is incorporated into our Terms of Service.

Rankey is designed for business use. If you use the Services on behalf of an organization, that organization may control information submitted to the Services and may have its own privacy obligations to users, employees, contractors, customers, website visitors, and other individuals.

This Policy does not replace the privacy policy of any customer website, publishing destination, or third-party service that Rankey analyzes, connects to, or publishes to at your direction. Those third parties remain responsible for their own privacy practices.

For account registration, billing, product analytics, marketing, website operation, support, security, and business administration, Rankey generally acts as an independent controller or business under applicable privacy laws.

For Customer Content that you submit to a workspace, such as website data, prompts, keywords, domains, competitors, pSEO page data, publishing destinations, webhook secrets, and generated outputs, Rankey may act as a processor, service provider, or subprocessor on behalf of the customer that controls the workspace.

If you need a data processing addendum or subprocessor information for your organization, contact [email protected].

Account and profile information. We may collect your name, email address, avatar, login provider information, workspace name, role, preferences, language, authentication events, and related account settings.

Customer Content and workspace information. We may process domains, URLs, websites, sitemaps, prompts, keywords, competitors, reports, GEO analysis results, pSEO base paths, page sets, CSV or page data, templates, generated drafts, article titles, publishing destinations, API endpoints, webhook secrets, DNS configuration details, custom hostnames, Cloudflare validation records, and other materials you submit, configure, or generate through the Services.

Website and AI analysis information. When you ask Rankey to analyze a website, brand, competitor, or search experience, we may collect or generate page text, metadata, crawl results, model responses, citations, evidence, scores, recommendations, screenshots or derived page data, and diagnostic information needed to complete the analysis.

Billing information. Paid subscriptions are processed by third-party payment processors such as Stripe. We may receive billing contact details, subscription status, plan, invoice data, payment status, tax information, and limited payment method details. We do not intentionally store full payment card numbers.

Support and communications. We may collect messages, tickets, chat history, email communications, feedback, survey responses, and related metadata when you contact us or use support features.

Device, usage, and technical information. We may collect IP address, browser type, device identifiers, operating system, pages viewed, referring pages, timestamps, feature usage, logs, error reports, performance data, security events, and cookie or similar technology identifiers.

Marketing and analytics information. We may collect email preferences, campaign interactions, attribution data, website analytics, and event data through tools such as Google Analytics, Google Tag Manager, and similar technologies.

Sensitive information. The Services are not designed for protected health information, payment card data, government identifiers, biometric information, precise geolocation, children data, or other sensitive regulated data. You should not submit sensitive information unless Rankey has expressly agreed in writing that the Services may process that category of data.

Public web and AI response information. To provide GEO and pSEO features, we may collect or generate information from public webpages, search results, AI model responses, citations, snippets, metadata, sitemaps, robots files, DNS records, SSL records, and similar public or technical sources.

Integration credentials and secrets. If you configure APIs, webhooks, publishing targets, OAuth connections, DNS providers, or content management destinations, we may process credentials, tokens, secrets, endpoint URLs, and validation records needed to operate those integrations.

We collect information directly from you when you create an account, configure a workspace, run an analysis, connect a domain, upload or generate content, create a publishing destination, contact support, subscribe, or otherwise use the Services.

We collect information automatically when you access the Services, including through cookies, logs, analytics tools, security tools, and application telemetry.

We may receive information from third-party services, including authentication providers, payment processors, AI model providers, website crawling providers, DNS and hosting providers, analytics providers, support tools, and publishing destinations you connect.

At your direction, we may collect publicly available website information, search result information, competitor information, and page content from public sources to provide GEO, pSEO, content, and diagnostic features.

We use information to provide, operate, maintain, secure, and improve the Services, including authentication, workspace management, GEO analysis, competitor comparison, AI visibility reports, pSEO project preparation, content generation, content publishing, custom hostname validation, usage tracking, and support.

We use information to process subscriptions, credits, invoices, renewals, taxes, refunds, disputes, fraud prevention, and billing support.

We use information to communicate with you about account activity, product updates, security notices, billing, support requests, onboarding, service announcements, and marketing messages where permitted by law. You may opt out of marketing emails, but we may still send transactional or service messages.

We use information to monitor, detect, prevent, and investigate fraud, spam, abuse, security incidents, unauthorized access, violations of our Terms, illegal activity, and technical failures.

We may use aggregated, de-identified, or anonymized information to analyze usage, improve the Services, develop new features, benchmark system performance, and prepare business reports. We do not attempt to re-identify de-identified data except as permitted by law and needed to test safeguards.

We use information to generate or maintain operational artifacts such as pSEO routes, page sets, content queues, publishing logs, webhook delivery records, domain readiness checks, sitemap entries, usage accounting, and audit records.

We may use limited customer contact information, company name, plan information, and product activity to provide onboarding, lifecycle communications, customer success, account reviews, and product education where permitted by law.

Rankey uses AI systems and third-party model providers to produce reports, summaries, recommendations, drafts, pSEO templates, metadata, and other outputs. To provide these features, we may send relevant Customer Content and context to providers such as OpenAI, Google Gemini, Anthropic Claude, Perplexity, Firecrawl, and similar vendors.

AI outputs may be inaccurate or incomplete. Rankey does not use Customer Content to make legal decisions about individuals and does not make automated decisions that produce legal or similarly significant effects about you without human involvement.

We do not use Customer Content to train Rankey-owned foundation models. Where available, we configure third-party providers to restrict secondary use of Customer Content, such as provider model training, but those providers operate under their own terms, policies, and technical controls.

When you direct Rankey to analyze or publish to a website, we may crawl pages, read metadata, verify DNS or SSL status, call APIs, send webhook requests, and store derived diagnostics needed to complete the requested workflow.

When Rankey collects AI responses, citations, and search-like results to measure brand visibility, we do not intentionally collect or expose the identity of members of the public who may have asked similar questions on consumer AI platforms.

We may use AI models to classify topics, extract entities, compare evidence, summarize reports, identify content gaps, draft content, generate templates, and assist support or product workflows. These uses are designed to support the Services and not to make legal or similarly significant decisions about individuals.

If the General Data Protection Regulation or UK GDPR applies, our legal bases may include performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights and security.

Our legitimate interests include providing and improving the Services, securing accounts and infrastructure, preventing abuse, understanding product usage, communicating with customers, enforcing our terms, and operating our business in a reasonable and privacy-conscious manner.

Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect processing that occurred before withdrawal and may limit our ability to provide certain features.

Service providers and subprocessors. We disclose information to vendors that help us provide the Services, such as hosting, database, authentication, AI models, website crawling, storage, CDN, DNS, payment processing, analytics, customer support, email delivery, error monitoring, security, and infrastructure providers.

Workspace users and administrators. Information in a workspace may be visible to the workspace owner, administrators, authorized users, and other people with permissions in that workspace.

Publishing destinations and integrations. When you configure a destination, we may send content, metadata, URLs, webhook secrets, authentication information, and related instructions to that destination or integration at your direction.

Billing and payment. We disclose payment and subscription information to payment processors, tax providers, banks, card networks, and professional advisors as needed to process payments, prevent fraud, comply with law, and manage financial records.

Legal, safety, and rights protection. We may disclose information if we believe disclosure is required by law, legal process, government request, or to protect the rights, safety, security, property, or integrity of Rankey, customers, users, third parties, or the public.

Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality and privacy protections.

Professional advisors. We may disclose information to lawyers, accountants, auditors, insurers, security consultants, and other professional advisors when reasonably necessary for business, legal, compliance, security, or financial purposes.

Key providers may include Supabase for authentication and database services, Cloudflare for CDN, DNS, Workers, storage, security, and custom hostname workflows, Stripe for payment processing, OpenAI, Google, Anthropic, Perplexity, and Firecrawl for AI and website analysis features, Mailgun or SMTP providers for email, Chatwoot for support, and Google Analytics or Google Tag Manager for analytics.

We may add, remove, or replace providers as the Services evolve. We choose providers based on operational need, security, availability, product quality, and business requirements.

Where Rankey acts as a processor or service provider for Customer Content, provider commitments may be further described in a data processing addendum, order form, security documentation, or subprocessor list made available to customers upon request.

We use cookies, local storage, pixels, scripts, and similar technologies to operate the Services, remember preferences, authenticate users, secure accounts, measure performance, understand product usage, and support analytics and marketing.

You can control cookies through browser settings and other tools made available in the Services. Blocking cookies may affect authentication, security, preferences, billing, analytics, or other product features.

Some analytics or marketing technologies may be considered a "sale" or "sharing" of personal information under certain privacy laws even when no money is exchanged. Rankey does not sell personal information for money. You may contact [email protected] to ask about available privacy controls.

Some browsers or extensions may send Do Not Track or Global Privacy Control signals. We respond to legally required opt-out preference signals where applicable and technically feasible, but not every browser signal is standardized for every jurisdiction or service context.

We retain information for as long as reasonably necessary to provide the Services, maintain accounts and workspaces, process billing, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, secure the Services, and maintain business records.

Customer Content may remain in active systems while the relevant workspace, project, report, integration, or publishing workflow remains active. Deleted information may remain in backups, logs, archives, or security systems for a limited period before deletion according to our retention practices.

We may retain aggregated, de-identified, or anonymized data indefinitely where it no longer identifies a person or customer workspace.

If you close an account, cancel a subscription, disconnect an integration, delete a project, or remove a publishing target, we may retain related records for a limited period for backup, billing, dispute resolution, security, abuse prevention, legal compliance, and audit purposes.

We use commercially reasonable technical, administrative, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, encryption in transit, credential protection, logging, monitoring, backups, and vendor security review.

No system can be guaranteed to be fully secure. You are responsible for protecting your account credentials, API keys, webhook secrets, DNS accounts, publishing destinations, devices, and networks. If you believe your account or workspace has been compromised, contact [email protected] promptly.

If we determine that a security incident requires notice under applicable law or a written customer agreement, we will provide notice through email, the Services, or another legally permitted method.

Rankey and its providers may process and store information in the United States and other countries where we or our providers operate. These countries may have privacy laws different from those in your jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, and provider commitments designed to protect personal information.

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or other controls over personal information.

To exercise privacy rights, contact [email protected]. We may need to verify your identity and authority before completing a request. If your request concerns information controlled by a Rankey customer, we may direct you to that customer or process the request according to that customer instructions.

You may also update certain account information, delete certain content, disconnect integrations, manage billing, or close your account through the Services where those controls are available.

You may designate an authorized agent to submit certain requests where applicable law permits. We may require proof of authorization and may ask you to verify your identity directly.

If you are located in the EEA, United Kingdom, Switzerland, or another jurisdiction with a data protection authority, you may have the right to lodge a complaint with that authority. We encourage you to contact us first so we can try to address the issue.

This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies. In the preceding twelve months, we may have collected identifiers, commercial information, internet or network activity, geolocation inferred from IP address, professional or business information, audio or electronic communications you submit to support, and inferences drawn from use of the Services.

We collect and use these categories for the purposes described in this Policy, including providing the Services, billing, security, analytics, support, communications, product improvement, legal compliance, and business operations.

We disclose these categories to the categories of recipients described in this Policy, including service providers, workspace users, payment processors, AI and infrastructure providers, analytics providers, support providers, professional advisors, and legal authorities where required.

We do not sell personal information for money and do not knowingly sell or share personal information of individuals under 16. Some analytics or marketing technologies may be considered "sharing" under California law. You may contact [email protected] to exercise rights to know, access, correct, delete, opt out of sale or sharing where applicable, limit use of sensitive personal information where applicable, and non-discrimination for exercising privacy rights.

Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and other states with applicable privacy laws may have rights to access, correct, delete, obtain a copy of, or opt out of certain processing of personal information.

Where applicable, you may appeal our decision on a privacy request by replying to our response or contacting [email protected] with the word "appeal" in the subject line. We will review appeals as required by applicable law.

We do not knowingly process sensitive personal information for purposes that require an opt-in consent unless we have obtained that consent or another lawful basis applies.

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided personal information to Rankey, contact [email protected] and we will take appropriate steps.

The Services may link to, analyze, crawl, publish to, or integrate with third-party websites and services. This Policy does not govern third-party privacy practices. You should review the privacy policies and terms of those third parties.

We may update this Policy from time to time. We will post the updated Policy and update the "Last Updated" date. If changes are material, we may provide additional notice through the Services or by email where appropriate.

Your continued use of the Services after an updated Policy becomes effective means you acknowledge the updated Policy.

Questions, requests, or complaints about this Policy or our privacy practices may be sent to [email protected].