Last updated: April 30, 2026
Ranqo ("we", "us", "our") operates the ranqo.ai website and app.ranqo.ai platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
When you create an account, we collect your name, email address, and password (stored in hashed form). If you sign up via a third-party provider (such as Google), we receive your name and email from that provider.
To provide our service, we collect brand names, website URLs, industry categories, competitor information, and tracking prompts you configure. This data is used exclusively to run visibility analyses and generate reports.
We automatically collect information about how you interact with the platform, including pages visited, features used, session duration, and actions taken. We use Vercel Analytics and Google Analytics 4 for aggregate usage statistics. Google Analytics is configured with Google Consent Mode v2 with advertising features denied by default; signed-in users are identified by an internal user ID, never by email.
We collect IP addresses, browser type, device information, and operating system to ensure security and optimize performance.
When we run tracking analyses, we cache responses from AI platforms (ChatGPT, Claude, Perplexity, Gemini, Grok) to generate your reports. These responses are attributed to their source platforms and stored to provide historical trend data.
If you choose to connect a Google Analytics 4 (GA4) property to a brand in Ranqo, we receive an OAuth refresh token from Google that grants us read-only access to that property under the analytics.readonly scope. We use this access only to query session counts filtered server-side to traffic arriving from AI platforms (chatgpt.com, perplexity.ai, claude.ai, gemini.google.com, grok.com, copilot.microsoft.com, deepseek.com, meta.ai). We do not read user-level event data, individual visitor profiles, or any traffic from non-AI sources. We never modify your GA4 data.
We store the following derived from your GA4 property: aggregated daily counts of sessions, engaged sessions, conversions, and revenue, broken down by AI platform; and the top 10 landing pages per platform per day. Your OAuth access and refresh tokens are encrypted at rest using AES-256-GCM with a key stored separately from the database. You can disconnect at any time from your dashboard, which immediately revokes our access at Google.
We do not sell your personal information. We share data only with service providers necessary to operate the platform:
We may also disclose information when required by law, in response to legal process, or to protect the rights, safety, or property of Ranqo, our users, or the public. In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention). Backups may retain data for an additional 90 days. Anonymized, aggregate data may be retained indefinitely.
Google Analytics integration: When you disconnect a GA4 property, we revoke our refresh token at Google immediately and delete the encrypted tokens from our database. Aggregated daily session snapshots already pulled are retained so that reconnecting the same property later resumes without a gap. To request deletion of these snapshots, email privacy@ranqo.ai and we will remove them within 30 days.
You can access, update, or delete your account information at any time through your account settings. You can unsubscribe from marketing emails using the link in any email.
If you are in the EEA, you have additional rights including the right to access, rectify, erase, restrict processing, data portability, and objection. Our legal basis for processing is contract performance (providing the service), legitimate interest (improving the service), and consent (marketing communications).
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise these rights, contact us at privacy@ranqo.ai.
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, password hashing (bcrypt), AES-256-GCM encryption for third-party OAuth refresh tokens (such as the Google Analytics integration), and restricted employee access to production data. No system is completely secure, and we cannot guarantee absolute security, but we continuously work to protect your data.
We use cookies for authentication, preferences, and analytics. For detailed information, see our Cookie Policy.
Ranqo is not intended for users under 16. We do not knowingly collect data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
Your data is processed and stored in the United States. If you access the service from outside the US, your data will be transferred to the US. For EEA users, we rely on Standard Contractual Clauses to ensure adequate protection.
We may update this policy from time to time. We will notify you of material changes by email or through a notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy-related questions or to exercise your rights, contact us at privacy@ranqo.ai.