Privacy Policy
Last Updated Aug 15, 2025
1. INTRODUCTION AND SCOPE
1.1. This Privacy Policy describes how RankEasy Technologies LLC (“RankEasy,” “we,” “us,” or “our”) collects, uses, retains, discloses, and transfers personal data in connection with the provision of the Services, including the website at RankEasy.ai and related subdomains, applications, APIs, and tools designed to deliver CMS Connector Automation capabilities.
1.2. This Policy is intended to meet the transparency obligations set out in widely applicable privacy frameworks, including the GDPR (EU/EEA), the CCPA/CPRA (California, United States), the Federal Trade Commission Act and related guidance, COPPA and CAN‑SPAM, and the PIPL, CSL, and DSL (PRC). References to these laws are summarized and not exhaustive; the controlling text is the statute or regulation itself.
1.3. Where provisions differ between jurisdictions, we apply the higher standard of protection unless otherwise required by local law. Users located in the EEA/UK and Mainland China should pay particular attention to sections concerning cross‑border transfers, data subject rights, and consent for cookies and profiling.
1.4. The Services primarily enable CMS Connector Automation, comprising automated keyword discovery, content generation, content scoring, technical on‑page checks, and analytics. These activities involve Processing of Personal Data as defined herein, including online identifiers, account credentials, and engagement telemetry.
1.5. By accessing or using the Services, you acknowledge this Policy. Where consent is required (e.g., non‑essential cookies, marketing, cross‑border transfers), we will request it in a clear and granular manner. You may withdraw consent at any time, although certain features may become unavailable.
2. CONTROLLER / PROCESSOR ROLES
2.1. For Personal Data we collect directly from individuals through account creation, billing, and support, we act as a Controller (GDPR) and a Personal Information Processor (PIPL). For Service Data that customers upload or connect for processing within CMS Connector Automation, we act as a Processor (GDPR) and an Entrusted Party (PIPL), processing strictly on documented instructions.
2.2. We provide a Data Processing Agreement upon request to govern Controller‑Processor and Personal Information Processor‑Entrusted Party relationships, including confidentiality, subprocessing, cross‑border transfers, security measures, assistance with rights requests, and termination‑of‑processing obligations.
2.3. When we act as a Processor/Entrusted Party, customers are responsible for providing privacy notices to data subjects and for obtaining necessary consents. We will assist, to a reasonable extent, in fulfilling access, correction, deletion, and portability requests by referring them to the appropriate Controller.
3. LEGAL BASES AND PURPOSES OF PROCESSING
3.1. We process Personal Data on the following legal bases: (a) contract performance (to provide the Services and fulfill our obligations); (b) legitimate interests (to secure and improve the Services, measure performance, prevent fraud, and develop CMS Connector Automation features); (c) consent (for marketing communications, non‑essential cookies, some cross‑border transfers, and certain profiling); and (d) legal obligations (to comply with applicable laws and regulatory requests).
3.2. Our purposes include: (a) account creation and administration; (b) subscription management and payment processing; (c) customer support and service communications; (d) provision of CMS Connector Automation, including content drafting, scoring, and analytics; (e) product research and improvement; (f) security and fraud prevention; (g) compliance with legal duties; and (h) marketing, with appropriate choices and controls.
3.3. When required by law, we conduct a legitimate interests assessment balancing our interests against the rights and freedoms of individuals, and implement safeguards such as pseudonymization, minimization, and opt‑out capabilities.
4. CATEGORIES OF PERSONAL DATA
4.1. Provided by you: identifiers (name, email, username), authentication credentials, company affiliation, billing details, and CMS Connector Automation inputs such as URLs and keyword sets.
4.2. Collected automatically: IP address, device and browser metadata, log files, approximate geolocation, cookie and SDK identifiers, and interaction telemetry (page views, clicks, time on page, feature events).
4.3. From third parties: data from integrated platforms (e.g., WordPress, Shopify, analytics suites) and publicly available signals used to enhance CMS Connector Automation outputs.
4.4. We do not intentionally collect special‑category data (e.g., health, biometric templates) or children’s data. If such data is introduced via Service Data, the customer remains responsible for lawful collection and for instructing us to delete it.
5. DATA MINIMIZATION AND RETENTION
5.1. We collect only the data necessary to deliver and support the Services. We design features using privacy‑by‑default principles.
5.2. Retention schedules: (a) account and billing data — life of the account plus six months; (b) telemetry — rolling twenty‑four months, after which aggregated analytics may be retained; (c) support records — twenty‑four months following ticket closure; (d) backups — per disaster recovery cycles with cryptographic safeguards.
5.3. Upon account closure or verified deletion request, we delete or irrevocably anonymize Personal Data subject to legal retention requirements (e.g., tax, fraud prevention, dispute resolution).
6. DISCLOSURE TO THIRD PARTIES
6.1. Service providers: hosting, payment processing, analytics, customer support, email delivery, logging, monitoring, and security vendors. Each provider is bound by confidentiality and security obligations and may process Personal Data only to deliver contracted services.
6.2. Business transfers: we may disclose Personal Data in connection with mergers, acquisitions, restructurings, or asset sales, subject to continued protection and notice.
6.3. Legal disclosures: we may disclose Personal Data to competent authorities where required by law, pursuant to lawful process, or to protect vital interests, rights, or property, consistent with applicable standards in relevant jurisdictions.
7. INTERNATIONAL DATA TRANSFERS
7.1. EEA/UK: We rely on Standard Contractual Clauses and supplementary measures. We conduct transfer impact assessments and apply encryption and access controls to mitigate risks associated with foreign government access.
7.2. China: Where applicable, we use the PIPL standard contract filing process, security assessment, or certification pathways. We support data localization when mandated by sectoral rules or contractual commitments. Cross‑border access by support personnel is tightly controlled and logged.
7.3. Transparency: Upon request, we provide high‑level details of transfer safeguards, subject to security and confidentiality constraints.
8. SECURITY MEASURES
8.1. We maintain an information security program proportionate to risk, integrating administrative, technical, and physical controls. Minimum safeguards include TLS 1.3 in transit, AES‑256 at rest, MFA for privileged access, network segmentation, vulnerability management with defined SLAs, and secure software development lifecycle practices.
8.2. We log access to Personal Data, monitor for anomalous behavior, and conduct periodic penetration testing. Encryption keys are managed in an HSM‑backed KMS with separation of duties.
8.3. Incident response: We maintain a documented plan aligned to industry standards; material incidents are notified to authorities and affected individuals as required by law.
9. AUTOMATED PROCESSING AND PROFILING
9.1. The Services employ automated processing to generate and score content, cluster keywords, and provide optimization recommendations. We do not make decisions producing legal or similarly significant effects without appropriate human review.
9.2. Individuals may request information about the logic involved in automated processing, the significance and envisaged consequences, and a description of safeguards. Where feasible, we provide meaningful summaries without disclosing trade secrets or security information.
10. YOUR PRIVACY RIGHTS
10.1. EEA/UK (GDPR): rights of access, rectification, erasure, restriction, portability, and objection; rights concerning automated decision‑making; the right to lodge complaints with a supervisory authority.
10.2. U.S. (CCPA/CPRA and similar state laws): rights to know/access categories and specific pieces, to delete, to correct, to opt‑out of sale/share/targeted advertising, to limit use of sensitive personal information, and freedom from discrimination.
10.3. China (PIPL): rights to be informed, to decide and limit processing, to access and copy, to correct and supplement, to delete, to request explanation of processing rules for automated decision‑making, and to withdraw consent.
10.4. Requests and verification: Submit requests via our designated channels; we will verify your identity commensurate with the sensitivity of the data and respond within statutory timelines.
11. MARKETING, COMMUNICATIONS, AND PREFERENCES
11.1. With consent where required, we send informational and promotional communications relating to the Services and CMS Connector Automation. You may opt‑out at any time via email links or account settings.
11.2. Service communications (e.g., transactional notifications, security alerts) are necessary for the Services and are not subject to marketing opt‑out.
12. COOKIES AND SIMILAR TECHNOLOGIES
12.1. We use cookies, SDKs, and pixels for essential functionality, preferences, analytics, marketing, and security. In EEA/UK, we seek opt‑in consent for non‑essential cookies; in U.S. states with applicable laws, we honor browser‑level opt‑out signals such as GPC where recognized.
12.2. A cookie catalogue is provided in Annex F along with retention and legal bases.
13. CHILDREN’S DATA
13.1. The Services are intended for business users. We do not knowingly collect data from children under 13 (U.S.) or under 14 (China). If we learn we have collected such data, we will delete it and take reasonable steps to notify guardians when required.
14. THIRD‑PARTY LINKS
14.1. The Services may contain links to third‑party sites. We are not responsible for their privacy practices; review their notices before providing personal data.
15. CHANGES TO THIS POLICY
15.1. We may update this Policy. Material changes will be notified via email or prominent notices. Continued use of the Services after the effective date constitutes acceptance.
16. CONTACT INFORMATION
16.1. RankEasy Technologies LLC, 123 Innovation Drive, Sheridan, WY 82801, USA. Email: info@RankEasy.ai.
16.2. For EEA/UK or China representatives (if appointed), contact details will be published on our website when applicable.
17. DISCLAIMERS
17.1. This Policy provides information and is not legal advice. In case of conflict between this Policy and binding contracts (e.g., DPA), the contract controls for the governed processing.
