Privacy Policy

Filippo Pelloia, based in Italy.

Email: support@getrankly.app

As data controller, I am responsible for the collection and processing of your personal data in accordance with EU Regulation 2016/679 (GDPR).

We collect the following categories of data:

• Account data: email address, provided at registration via magic link.

• Usage data: URLs of analysed businesses, questionnaire answers, generated scores, IP address.

• Payment data: handled entirely by Stripe. We do not store credit card data.

• Browsing data: technical cookies and analytics data collected via Google Analytics.

We process your data for the following purposes:

• Service delivery (Art. 6.1.b GDPR — contract performance): account creation, analysis generation, report access.

• Billing and payment management (Art. 6.1.b GDPR): subscription processing via Stripe.

• Analytics and service improvement (Art. 6.1.f GDPR — legitimate interest): aggregate usage analysis via Google Analytics.

• Service communications (Art. 6.1.b GDPR): transactional emails containing report links.

• Account and analysis data: retained until account deletion or deletion request.

• Payment data: retained by Stripe per their policies (typically 7 years for tax obligations).

• Analytics data: anonymised and retained for 26 months by Google Analytics.

• Access logs (IP): retained for a maximum of 30 days.

Your data may be shared with the following service providers, each bound by appropriate data processing agreements:

• Supabase Inc. (database and authentication) — servers in Ireland, EU.

• Stripe Inc. (payments) — USA, with adequate safeguards via Standard Contractual Clauses (SCCs).

• Groq Inc. (AI analysis processing) — USA, with safeguards via SCCs.

• Google LLC (Analytics, Search Console) — USA, with safeguards via SCCs.

We do not sell or rent your data to third parties.

Some providers (Stripe, Groq, Google) have servers in the United States. Transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

Under GDPR, you have the right to:

• Access: obtain confirmation of processing and a copy of your data.

• Rectification: correct inaccurate or incomplete data.

• Erasure ("right to be forgotten"): request deletion of your data.

• Restriction: request suspension of processing.

• Portability: receive your data in a structured, machine-readable format.

• Objection: object to processing based on legitimate interest.

To exercise these rights, write to support@getrankly.app. We will respond within 30 days.

We use exclusively:

• Necessary technical cookies: for session and authentication management.

• Analytics cookies: Google Analytics, with anonymised IP, to understand service usage.

We do not use profiling or advertising tracking cookies.

We implement appropriate technical and organisational measures to protect your data: encrypted connections (HTTPS/TLS), passwordless authentication (magic link), role-based data access.

The service is intended for business owners. We do not knowingly collect data from individuals under 16. If you believe a minor has provided personal data, contact us at support@getrankly.app.

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante — www.garanteprivacy.it) if you believe the processing of your data violates the GDPR.

We reserve the right to update this policy in case of regulatory or service changes. Significant changes will be communicated by email to registered users. The updated version will always be available on this page.