Privacy Policy
Last updated: November 13, 2024
This Privacy Policy explains in detail how Rankio, accessible at https://rankio.io, handles your personal information. We’ve built our platform with privacy and security at its core, implementing strict protocols and advanced security measures to protect every piece of data you share with us. Our commitment extends beyond basic compliance – we aim to set high standards for data protection in the SEO tools industry.
Technical Infrastructure and Security Framework
Our security infrastructure implements multiple layers of protection through carefully configured security headers and protocols. The Content Security Policy (CSP) forms the foundation of our security model, carefully controlling which resources can load and execute within our application. We maintain a strict whitelist of trusted sources, including essential service providers like Stripe for payment processing and Google reCAPTCHA for security verification. This granular control extends to every resource type, from scripts and styles to images and fonts, ensuring that only legitimate, verified resources can interact with our application.
Security extends beyond basic protections at Rankio. Our application implements advanced HTTP security headers that work together to create a comprehensive security shield. The X-Content-Type-Options header prevents potential MIME-type confusion attacks, while our X-Frame-Options configuration protects against clickjacking attempts by preventing our pages from being embedded in unauthorized frames. We’ve implemented these measures alongside robust XSS protection mechanisms and a strict referrer policy that controls how much information is passed between sites when users follow links.
Data Collection and Processing
When you use Rankio, our systems collect and process several types of information through various mechanisms. Our server-side analytics track usage patterns and performance metrics, helping us understand how users interact with our platform. This data collection process is carefully designed to balance our need for operational insights with our commitment to user privacy. Server logs record technical information about your sessions, including timestamp data, request types, and response codes, which help us maintain system security and optimize performance.
Authentication at Rankio utilizes secure HTTP-only cookies with the ‘sb-auth-token’ identifier. These cookies are configured with the SameSite attribute set to ‘lax’, striking a balance between security and functionality. In production environments, all cookies are marked as secure and HTTP-only, preventing unauthorized JavaScript access and protecting against cross-site scripting attacks. This cookie configuration ensures that your authentication state remains secure while providing a seamless user experience.
External Service Integration and Data Handling
Our platform integrates with several carefully selected third-party services to provide comprehensive functionality. Stripe handles all payment processing, operating under strict PCI DSS compliance to ensure your financial information remains secure. When you make a payment, your card data is sent directly to Stripe through their secure elements, never touching our servers. This separation of concerns ensures that sensitive financial data is handled only by specialized, certified systems.
Database operations are managed through Supabase, our database provider, which implements robust security measures including encryption at rest and in transit. User authentication flows through Supabase’s secure authentication system, which handles password hashing, session management, and secure token storage. Each database query is carefully constructed to prevent injection attacks, and access controls ensure that users can only access their own data.
Analytics and Performance Monitoring System
Our analytics implementation through Vercel provides valuable insights into platform performance while respecting user privacy. We collect anonymized data about page load times, navigation patterns, and error rates. This information helps us identify and resolve performance bottlenecks, improve user experience, and maintain system stability. The analytics system operates without collecting personally identifiable information, focusing instead on aggregate patterns and technical metrics.
Performance monitoring extends to every aspect of our application. Our monitoring systems track server response times, database query performance, and API endpoint efficiency. This comprehensive monitoring allows us to proactively identify and address potential issues before they impact user experience. All monitoring data is stored securely and retained only as long as necessary for operational purposes.
Data Storage Architecture and Protection
Our data storage architecture implements multiple layers of protection and redundancy. The standalone output configuration ensures that each component of our system operates independently, reducing potential security vulnerabilities. Database backups are performed regularly and stored securely, with encryption applied both at rest and during transmission. Access to stored data is strictly controlled through role-based access controls and audit logging.
The build process includes multiple security checks and optimizations. Every code deployment undergoes automated security scanning, checking for known vulnerabilities in dependencies and potential security issues in our custom code. Bundle analysis ensures that we’re not inadvertently exposing sensitive information or including unnecessary code that could increase the attack surface.
User Rights and Data Control
We provide comprehensive controls over your personal information. You maintain the right to access, modify, or delete your data at any time. When you request a data export, we compile your information in a machine-readable format, including your account details, analysis history, and saved preferences. This export process is automated but includes manual verification to ensure accuracy and completeness.
Data deletion requests are handled with particular care. When you delete your account, we initiate a comprehensive removal process that ensures your data is completely purged from our active systems. This process includes removing your personal information, analysis history, and associated data from our databases. Backup data is retained for a limited period as required for system integrity but is automatically purged according to our retention schedule.
Data Retention and Management
Our data retention policies balance operational requirements with privacy concerns. Active account data remains in our systems until account deletion is requested. Analytics data is retained for 90 days, providing sufficient historical context for system optimization while respecting privacy concerns. System logs, which contain technical information about platform operation, are retained for seven days before being automatically purged.
Payment data retention follows legal requirements for financial record-keeping. While we maintain transaction records as required by law, we do not store complete payment card details. Instead, we utilize Stripe’s secure token system for recurring payments, ensuring that sensitive financial information is handled only by our payment processor.
Continuous Security Monitoring and Protection
Our security systems operate continuously, monitoring for potential threats and suspicious activities. Intrusion detection systems analyze network traffic patterns, identifying and blocking potential attacks in real-time. Regular security audits examine our systems for potential vulnerabilities, and automated scanning tools continuously check for new security issues that might arise from system updates or changes in the threat landscape.
Access controls strictly limit system access to authorized personnel, with different access levels based on role and responsibility. All system access is logged and monitored, with automatic alerts for unusual access patterns or potential security violations. Regular security training ensures that our team maintains high security awareness and follows best practices for data protection.
Communication and Updates
We maintain transparent communication about our privacy practices and any changes that might affect our users. Significant updates to this privacy policy are announced through multiple channels, including email notifications, website announcements, and dashboard alerts. These announcements include detailed explanations of any changes and their potential impact on user privacy.
Contact and Support
For any privacy-related questions, concerns, or requests, our dedicated privacy team is available through multiple channels. The fastest way to reach us is via email at contact@rankio.io. We aim to respond to all privacy-related inquiries within 24 hours during business days, providing detailed, actionable responses to your concerns.
Policy Updates and Version Control
This privacy policy was last updated on November 13, 2024. All updates are tracked through our version control system, allowing us to maintain a clear history of changes and ensuring transparency in our privacy practices. By continuing to use Rankio’s services after any updates to this policy, you acknowledge and accept the updated terms.