Ranklit.ioBack to homepage

Privacy Policy

This English version is a translation provided for your convenience. The legally binding version is the German original.

Last updated: April 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Ranklit.io
Email: info@ranklit.io
Website: https://ranklit.io

2. Overview of data processing

As a matter of principle, we collect and process the personal data of our users only insofar as this is necessary to provide a functional platform as well as our content and services. Processing is carried out on the basis of the GDPR, in particular Art. 6(1) GDPR.

3. Hosting and servers

Our platform is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All data is stored and processed exclusively in German data centers.

When you access our website, the hosting provider automatically collects information in so-called server log files:

  • IP address of the requesting computer (anonymized)
  • Date and time of access
  • Name and URL of the page accessed
  • Amount of data transferred
  • Browser type and version
  • Operating system used
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our website).

4. SSL/TLS encryption

For security reasons, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://". When SSL or TLS encryption is enabled, the data that you transmit to us cannot be read by third parties.

5. Registration and user account

Registration is required in order to use our platform. In doing so, we collect the following data:

  • Email address
  • Name (optional)
  • Company (optional)
  • Password (stored exclusively as a salted hash)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Your account data is stored for as long as your account exists. You can have your account deleted at any time.

6. Payment processing via Stripe

For the processing of payments, we use the service Stripe(Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA). When you upgrade to a paid plan, you will be redirected to Stripe's payment page.

Stripe processes payment data (e.g. credit card number, expiry date) directly. We ourselves have no access to complete payment data. We only receive a confirmation of the payment status as well as a customer ID for allocation.

Stripe is certified under PCI DSS Level 1. Data processing by Stripe is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) and on the basis of the EU standard contractual clauses for data transfer to the USA.

Stripe's privacy policy: https://stripe.com/de/privacy

7. Email delivery via Resend

For the delivery of transactional emails (e.g. registration confirmation, password reset, payment confirmations) we use the service Resend(Resend, Inc., USA).

In doing so, your email address and the email content are transmitted to Resend. Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest).

8. Use of AI services

For the GEO and AEO analyses, our platform uses various AI APIs:

  • Anthropic (Claude) — Anthropic, PBC, San Francisco, USA
  • OpenAI (ChatGPT) — OpenAI, Inc., San Francisco, USA
  • Google (Gemini) — Google LLC, Mountain View, USA
  • Perplexity — Perplexity AI, Inc., San Francisco, USA

When scans are carried out, no personal data is transmitted to these services. Only domain names and industry-related search terms are sent for analysis.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in the provision of the core functionality).

9. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device. We distinguish between:

a) Necessary cookies

These cookies are technically required for the operation of the platform (e.g. session cookies, authentication, CSRF protection). They are set without consent.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

b) Analytics cookies

Analytics cookies help us understand and improve the use of the platform. They are set only with your consent.

Legal basis: Art. 6(1)(a) GDPR (consent).

c) Marketing cookies

We use marketing cookies for Google Ads conversion tracking in order to measure the success of our advertisements (cookies: _gcl_au, _gcl_aw). They are set only with your consent. Without consent, no marketing cookies are stored via Google Consent Mode v2 and no identifying data is transmitted to Google.

Legal basis: Art. 6(1)(a) GDPR (consent).

You can change or withdraw your consent at any time with effect for the future — on your first visit via the cookie banner at the bottom of the screen and afterwards at any time via the link "Cookie settings" in the footer of every page.

10. Google Analytics & Google Ads

We use Google Analytics 4 (GA4), a web analytics service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyze the use of our website. The information generated by cookies about your use of this website is generally transmitted to a Google server and stored there.

We have configured the following data protection measures:

  • IP anonymization: Your IP address is truncated before transmission to Google (anonymize_ip).
  • Consent-based: Google Analytics is only loaded after you have consented to the use of analytics cookies.
  • No cross-site tracking: We do not use cross-device tracking.

Google Analytics Measurement ID: G-3ZEB171SH3

You can prevent collection by Google Analytics by:

Legal basis: Art. 6(1)(a) GDPR (consent). The data transfer to the USA is carried out on the basis of the EU standard contractual clauses.

Google's privacy policy: https://policies.google.com/privacy

Google Ads (conversion tracking)

In addition, we use Google Ads with conversion tracking (provider: Google Ireland Limited) to measure whether clicks on our ads lead to actions on our website — such as a registration. For this purpose, a conversion event is triggered on the confirmation page after registration.

  • Consent-based: Google Ads only sets cookies and transmits identifying data after your consent to marketing cookies. By default, data storage is set to "denied" via the Google Consent Mode v2; without consent, no marketing cookies are stored.
  • Cookies: _gcl_au, _gcl_aw (Google Ads).
  • Google Ads conversion ID: AW-1002979310

You can withdraw your consent at any time with effect for the future via the link "Cookie settings" in the footer.

Legal basis: Art. 6(1)(a) GDPR (consent). The data transfer to the USA is carried out on the basis of the EU standard contractual clauses.

11. Your rights as a data subject

Under the GDPR, you have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR) — You can request information about your stored data.
  • Right to rectification (Art. 16 GDPR) — You can request the rectification of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — You can request the erasure of your data ("right to be forgotten").
  • Restriction of processing (Art. 18 GDPR) — You can request the restriction of the processing of your data.
  • Data portability (Art. 20 GDPR) — You can request to receive your data in a machine-readable format.
  • Right to object (Art. 21 GDPR) — You can object to the processing of your data at any time.
  • Withdrawal of consent (Art. 7(3) GDPR) — You can withdraw a consent given at any time with effect for the future.

To exercise your rights, please contact: info@ranklit.io

12. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

13. Data security

We use technical and organizational security measures to protect your data against manipulation, loss, destruction and access by unauthorized persons. These include, among others:

  • SSL/TLS encryption of all data transmissions
  • Passwords are stored exclusively as salted hashes
  • Regular security updates of the server infrastructure
  • Rate limiting and SSRF protection at the API level
  • CSRF protection and secure HTTP headers
  • Hosting exclusively in German data centers (Hetzner)

14. Retention period

Personal data is only stored for as long as it is necessary for the respective purpose of processing:

  • Account data: Until the account is deleted by the user
  • Scan results: Until the associated domain or account is deleted
  • Payment data: In accordance with commercial and tax law retention periods (generally 10 years)
  • Server log files: A maximum of 30 days
  • Cookie consents: 12 months

15. Changes to this privacy policy

We reserve the right to adapt this privacy policy in order to keep it always in line with current legal requirements or to implement changes to our services. The new privacy policy then applies to your next visit.