Privacy Policy
Last updated: July 2026
This policy explains what information RankingsTracker (operated by Elevation Labs Consulting) collects, how we use it, and the choices you have. We collect the minimum we need to run the Service, and we don't sell your data.
1. Information we collect
- Account information: your name, username, email address, and hashed password (we never store passwords in plain text).
- Workspace data: the clients, keywords, locations, scan results, reports, and Business Profile content you create or connect in the Service.
- API credentials: the DataForSEO and AI provider keys you add, stored encrypted at rest and used only to perform your account's operations.
- Billing information: handled by Stripe. We store your plan and subscription status; your card details never touch our servers.
- Usage & log data: standard server logs (IP address, browser type, pages requested) used for security, rate limiting, and troubleshooting.
2. How we use information
- To operate the Service: run scans, track rankings, generate reports, and send transactional email (invites, password resets, notifications).
- To secure the Service: prevent abuse, enforce rate limits, and investigate suspicious activity.
- To bill subscriptions through Stripe.
- We do not sell personal information or use your workspace data for advertising, and no customer can see another customer's data.
3. Third-party processors
We share data only with the processors needed to run the Service:
- DataForSEO: receives the keywords and locations you track (via your own key) to retrieve ranking data.
- Google: Maps rendering and, if you connect it, Business Profile management via Google's APIs.
- Stripe: payment processing and subscription management.
- SendGrid: transactional email delivery.
- Your AI provider (optional): review text you choose to draft a reply for is sent to the provider using your own key.
- Infrastructure providers that host our servers and databases.
4. Google user data
If you connect a Google account, RankingsTracker uses Google's Business Profile APIs
(via the business.manage scope) to provide the features you request. This
section describes exactly how that data is handled.
- What we access: the list of Business Profile accounts and locations your Google account manages, profile performance insights, posts, and reviews for the locations you choose to import.
- How we use it: only to display insights, publish posts you create, and draft and publish review replies you approve, inside your own RankingsTracker account. We do not use Google user data for advertising, profiling, or model training, and no data is used for any purpose beyond providing these features.
- How we store it: OAuth tokens are stored encrypted at rest and are scoped to your account only. Imported profile data is isolated per customer; no other customer can see it.
- Sharing: we do not sell, transfer, or disclose Google user data to third parties, except as required to operate the Service (our hosting infrastructure) or to comply with applicable law. Humans do not read this data except with your explicit permission for support purposes.
- Revoking access: you can disconnect Google at any time in the app (GBP → Connected Accounts) or at myaccount.google.com/permissions. On disconnection or account deletion we delete the stored tokens.
RankingsTracker's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Cookies
We use only essential cookies: a session cookie to keep you signed in and a security token to protect forms. We do not use advertising or cross-site tracking cookies.
6. Data retention & deletion
- Workspace data is retained while your account is active.
- If you cancel, your data remains available for export for a reasonable period, then is deleted from active systems and, on schedule, from backups.
- You can request deletion of your account and data at any time at support@rankingstracker.com.
7. Security
All traffic is encrypted with TLS. Stored API keys are encrypted at rest, passwords are hashed, accounts are isolated from one another, and access is protected by rate limiting and security headers. No system is perfectly secure, but we treat your data as confidential and design accordingly.
8. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Contact us and we'll honor them promptly.
9. Changes to this policy
If we make material changes, we'll notify you by email or in the app before they take effect.