Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data.

1. Controller Information

Name: Rankscale GmbH

Address: Kirchengasse 36/1, A-3433 Königstetten

Contact Email: info@rankscale.ai

If you have questions regarding this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

1.1 Data Protection Officer (DPO)

Rankscale GmbH has assessed its obligation to appoint a Data Protection Officer under Article 37 GDPR. While Rankscale operates an AI search monitoring platform, the service analyses the visibility of brands and products in AI-generated responses, it does not process personal data of end users or data subjects at scale. The data processed relates to brand terms, URLs, and search queries rather than to identifiable individuals. On this basis, the conditions for a mandatory DPO appointment are currently not met.

Responsibility for all data protection matters therefore lies with the managing director, Mathias Ptacek, who can be reached at info@rankscale.ai

2. Data Processing When You Use Our Service

You can browse our landing page without providing personal data. However, to use our web app or subscribe to our newsletter, certain data is required.

2.1 Data Processing to Enable Website Use (Connection Data)

When you access our Service, your browser transmits connection data to our server. This includes:

  • Your IP address
  • Date and time of the request
  • Referring URL
  • Browser type, version, and operating system
  • Device information

This data is processed to deliver and display the website correctly and ensure its stability and security. It is not used to identify you personally. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in operating a secure and functional website.

2.2 Account Registration and Use

To use the Rankscale web app, you must register for an account. We collect the following data:

  • Data Collected: Name, email address, company name, and payment information (processed by our payment provider).
  • Purpose: To create and manage your user account, provide our services, handle billing, and communicate with you about your account.
  • Legal Basis: The processing is necessary for the performance of a contract with you (Article 6(1)(b) GDPR).

2.3 Newsletter Subscription

  • Data Collected: Email address.
  • Purpose: To send you updates about our company, products, and services, or to provide free analysis reports you request.
  • Legal Basis: Your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time by clicking the "unsubscribe" link in any newsletter.

3. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure our Service functions correctly and to analyze user behavior.

3.1 Types of Cookies

  • Essential Cookies: These are necessary for the core functionality of our website (e.g., managing your session, authentication). The legal basis is our legitimate interest (Article 6(1)(f) GDPR).
  • Analytics & Marketing Cookies: These help us understand how you use our Service and personalize content. They are used only with your explicit consent (Article 6(1)(a) GDPR).

3.2 Managing Your Preferences

You can manage your cookie preferences at any time. Blocking certain cookies may impact the functionality of the Service.

4. Use of Third-Party Services

4.1 Google Cloud Platform (GCP) / Firebase

Our Service is hosted entirely on the Google Cloud Platform (GCP), with the primary data center in Iowa, USA (region us-central1). We use several services from Google Firebase, which operates as part of GCP, for core functionalities:

  • Firebase Hosting: To securely host and deliver the content of our website. When you visit our site, your browser connects to Firebase servers, which logs your IP address for security and operational purposes. The legal basis is our legitimate interest in the secure and efficient provision of our Service (Article 6(1)(f) GDPR).
  • Firebase Authentication: To manage user logins securely via email/password, magic link, or Google Sign-In. This processing is necessary to provide you with access to your account. The legal basis is the performance of a contract (Article 6(1)(b) GDPR).
  • Firestore (Database): To store user account data and application data necessary for the Service to function. The legal basis is the performance of a contract (Article 6(1)(b) GDPR).
  • Transfer Safeguard: EU Standard Contractual Clauses (SCCs) pursuant to the European Commission's decision of June 2021 (Article 46(2)(c) GDPR), supplemented by Google's certification under the EU-U.S. Data Privacy Framework. Google Cloud Platform is certified under ISO 27001, ISO 27017, ISO 27018, and is SOC 2 Type II audited.

4.2 Google Analytics

With your consent, we use Google Analytics to analyze website usage. Google uses cookies to collect pseudonymous data. Your IP address is typically anonymized within the EU/EEA before being sent to Google servers in the USA.

  • Purpose: To analyze user behavior, measure performance, and optimize our Service.
  • Legal Basis: Your consent (Article 6(1)(a) GDPR).
  • Transfer Safeguard: EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses (SCCs).

4.3 Twilio / SendGrid

We use SendGrid (a Twilio company) for transactional email delivery.

  • Data Processed: Email address, message metadata.
  • Purpose: To send account-related communications such as registration confirmations, password resets, and service notifications.
  • Legal Basis: Performance of a contract (Article 6(1)(b) GDPR) and legitimate interest (Article 6(1)(f) GDPR).
  • Transfer Safeguard: EU Standard Contractual Clauses (SCCs).

4.4 Stripe

We use Stripe to process payments and manage billing.

  • Data Processed: Payment information (e.g., credit card details, billing address), name, email address.
  • Purpose: To handle subscriptions, process payments, and manage invoicing. Rankscale does not store full payment details on its own servers.
  • Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).
  • Transfer Safeguard: EU Standard Contractual Clauses (SCCs).

4.5 PostHog

We use PostHog for product analytics to understand how users interact with the Rankscale application.

  • Data Processed: Pseudonymous usage data, session information, IP address.
  • Purpose: To analyse product usage patterns and improve the user experience.
  • Legal Basis: Your consent (Article 6(1)(a) GDPR).
  • Transfer Safeguard: EU Standard Contractual Clauses (SCCs).

5. Data Transfer to Third Countries

When using third-party services like Google, Stripe, Twilio/SendGrid, and PostHog, personal data may be transferred to and processed on servers in the United States. The USA is not considered by the European Commission to have a level of data protection equivalent to the EU. To ensure the protection of your data, we rely on appropriate safeguards. For transfers to Google, this is primarily the EU-U.S. Data Privacy Framework, to which Google is certified, and the EU Standard Contractual Clauses (SCCs).

6. Data Retention

We store your personal data only as long as necessary for the purposes for which it was collected, or as required by statutory retention obligations.

  • Account Data: Retained for the duration of your contract with us and thereafter as required by law (e.g., for accounting purposes).
  • Newsletter Data: Retained until you unsubscribe.
  • Connection Data: Stored for a short period for security analysis and then deleted or anonymized.

7. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • The right to access your data (Article 15 GDPR).
  • The right to rectification of inaccurate data (Article 16 GDPR).
  • The right to erasure ("right to be forgotten") of your data (Article 17 GDPR).
  • The right to restriction of processing (Article 18 GDPR).
  • The right to data portability (Article 20 GDPR).
  • The right to withdraw consent at any time (Article 7(3) GDPR).
  • The right to lodge a complaint with a supervisory authority (in Austria, the Datenschutzbehörde) (Article 77 GDPR).

8. Right to Object

Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on legitimate interests (Article 6(1)(f) GDPR). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. However, no data transmission over the internet can be guaranteed to be 100% secure.

10. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices or for legal reasons. The latest version will always be available on our website.

Last Updated: 23.03.2026

By using our Service, you acknowledge that you have read and understood this Privacy Policy.