RankFix

Privacy Policy

Last updated: March 8, 2026

1. Introduction

RankFix ("we", "us", "our"), available at https://rankfix.app, is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using RankFix, you agree to the practices described in this Policy.

2. Information We Collect

We collect the following categories of information:

  • Account data: Your name, email address, and password (stored as a bcrypt hash). If you register via Google OAuth, we receive your name and email from Google.
  • Google Search Console data: Keyword rankings, clicks, impressions, and page URLs for the properties you connect to RankFix.
  • Content data: Page content from your connected websites, analyzed solely to generate SEO recommendations.
  • Usage data: Pages analyzed, features used, analysis history, and interaction timestamps.
  • Technical data: IP address, browser type, operating system, and session information collected automatically when you use the Service.
  • Billing data: Subscription status and billing history. We do not store payment card numbers or bank details — all payment processing is handled by Paddle.

3. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the RankFix Service
  • Analyze your pages and generate AI-powered content recommendations
  • Send email alerts about ranking drops and significant changes (if enabled)
  • Send service-related notifications (account changes, billing, security)
  • Analyze aggregate, anonymized usage patterns to improve the product
  • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal data to third parties. Ever.

4. Legal Basis for Processing (EEA & UK)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the Service you signed up for
  • Legitimate interests: Improving the Service, preventing fraud, and maintaining security
  • Consent: Where you have explicitly agreed (e.g., connecting your Google Search Console)
  • Legal obligation: Where required by applicable law

5. Google Integration & OAuth

RankFix integrates with Google services in two ways:

  • Google Sign-In (OAuth): If you choose to sign in with Google, we receive only your name and email address. We do not access any other Google account data through this flow.
  • Google Search Console API: With your explicit authorization, we access your Search Console data (read-only) to provide ranking monitoring. Your OAuth tokens are stored encrypted using AES-256-CBC encryption. You can revoke this access at any time via myaccount.google.com/permissions.

RankFix's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Payment Processing

All payments are processed by Paddle, who acts as the Merchant of Record. Paddle handles all payment card data, billing, and tax compliance. We do not store or have access to your payment card numbers or bank account details. Paddle's handling of your data is governed by their own Privacy Policy.

7. Data Storage and Security

Your data is stored on secure servers with access restricted to authorized personnel only. We employ the following security measures:

  • Passwords hashed using bcrypt
  • Google OAuth tokens encrypted at rest (AES-256-CBC)
  • HTTPS enforced for all data transmission
  • CSRF protection on all state-changing operations
  • No payment card data stored on our systems

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data is permanently removed within 30 days. Analysis history and ranking data older than your plan's retention period is automatically purged on a rolling basis.

9. International Data Transfers

RankFix operates globally. If you are located in the EEA or UK, your data may be transferred to and processed in countries outside the EEA/UK. When such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data in accordance with applicable law.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request that we restrict processing of your data
  • Withdrawal of consent: Revoke Google Search Console access or any other consent at any time

California residents (CCPA): You have the right to know what personal information is collected, request deletion, and opt out of any sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at support@rankfix.app. We will respond within 30 days.

11. Cookies

We use the following categories of cookies:

  • Essential cookies: Session and authentication cookies, and CSRF tokens required for the Service to function. These cannot be disabled.
  • Analytics cookies: We use Google Analytics to understand how visitors interact with our website (pages visited, time on site, traffic sources). This data is aggregated and anonymized. Google Analytics sets cookies such as _ga and _gid. Google's handling of this data is governed by the Google Privacy Policy.

When you first visit the site, we will ask for your consent before setting any non-essential cookies. You can withdraw your consent or change your cookie preferences at any time via the cookie settings link in the footer. You can also opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by a prominent notice within the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

Questions or concerns about your privacy? Contact us at support@rankfix.app. We aim to respond to all privacy inquiries within 30 days.