How Rankomata collects, uses, and protects your data. Last updated January 2026.
When you create an account, we collect your email address and password (stored as a secure hash). We do not collect your name, phone number, or address unless you voluntarily provide them via the contact form.
When you connect a WordPress site, we access post titles, content, meta fields, categories, tags, and plugin information via the WordPress REST API. We use scoped API tokens with the minimum permissions required. We never store your WordPress admin password.
We collect anonymized usage analytics including pages visited, features used, optimization counts, and error logs to improve the platform. This data is not linked to personally identifiable information.
Payments are processed entirely by Stripe. We never see or store your full credit card number. We only receive a confirmation of your subscription status and billing period.
Your WordPress site data is used exclusively to provide SEO optimization, internal linking, schema markup, taxonomy management, and other features you activate. Data is processed in real-time and cached only as needed for performance.
We use your email address to send transactional emails (password resets, billing receipts, optimization reports). We do not send marketing emails unless you explicitly opt in.
Aggregated, anonymized usage patterns help us prioritize features and fix bugs. We never use your actual content for training AI models or share it with third parties.
All data in transit is encrypted with TLS 1.3. Data at rest is encrypted using AES-256. API tokens are stored using one-way encryption and never exposed in client-side code.
Our platform runs on Supabase and Cloudflare infrastructure with SOC 2 compliance, automated backups, and multi-region redundancy. Access to production systems is limited to authorized personnel with multi-factor authentication.
In the event of a data breach, we will notify affected users within 72 hours via email and provide guidance on protective steps.
You can view all data we hold about you from your account dashboard. You can export your optimization history and site data at any time in standard formats.
You can delete your account and all associated data at any time. Upon deletion, all personal data, site connections, and optimization history are permanently removed within 30 days.
You can update your email address and account details from your profile settings. If you need to correct other data, contact [email protected].
Under GDPR and similar regulations, you have the right to receive your data in a structured, machine-readable format. Contact us to request a data export.
Database hosting, authentication, and serverless functions. Supabase processes data under their privacy policy and maintains SOC 2 compliance.
Payment processing. Stripe is PCI DSS Level 1 certified. We never access or store your full payment card details.
AI-powered optimization suggestions. Content snippets are sent to OpenAI for processing and are not used by OpenAI to train their models (per our enterprise data processing agreement).
CDN, DDoS protection, and edge caching. Cloudflare may process IP addresses and request headers as part of their security services.
We use session cookies for authentication and preferences. These are required for the application to function and cannot be disabled.
We use privacy-respecting analytics that do not track individual users across sites. We do not use Google Analytics, Facebook Pixel, or any advertising trackers.
We do not sell your data to advertisers. We do not display third-party ads. We do not participate in any ad exchange or data broker network.
We may update this privacy policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. Continued use of Rankomata after changes become effective constitutes acceptance of the revised policy.
For privacy-related questions or to exercise your data rights, email us at [email protected]. For general support, visit our .