RankAgent AIBack to Home

GDPR Compliance

General Data Protection Regulation (EU) 2016/679

Last updated: October 7, 2025

Our Commitment to GDPR Compliance

RankAgent AI, Inc. ("we," "us," or "our") is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This document outlines how we comply with GDPR requirements and explains your rights under this regulation.

The GDPR is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the organization is located.

Important: While RankAgent AI is based in the United States, we process data of EU/EEA residents and are committed to GDPR compliance for all such processing activities.

Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on one or more of the following legal grounds:

Consent (Article 6(1)(a))

You have given clear consent for us to process your personal data for specific purposes, such as:

  • Marketing communications and newsletters
  • Non-essential cookies and tracking
  • Sharing data with third-party partners
  • Optional profile features and analytics

You can withdraw your consent at any time through your account settings or by contacting us.

Contractual Necessity (Article 6(1)(b))

Processing is necessary to fulfill our contract with you or to take steps at your request before entering into a contract:

  • Creating and managing your account
  • Providing our AI-powered analytics services
  • Processing payments and subscriptions
  • Delivering requested services and features
  • Communicating about your account

Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations:

  • Tax and accounting requirements
  • Responding to lawful requests from authorities
  • Compliance with anti-money laundering laws
  • Maintaining records as required by law

Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests or those of a third party, except where overridden by your rights:

  • Fraud prevention and security
  • Network and information security
  • Internal administrative purposes
  • Improving our services
  • Direct marketing (where consent is not required)

We balance our legitimate interests against your rights and will not process your data if your rights override our interests.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15)

You have the right to request confirmation of whether we process your personal data and, if so, to access that data. We will provide:

  • A copy of your personal data
  • Information about the processing purposes
  • Categories of data processed
  • Recipients of your data
  • Retention periods
  • Your rights to rectification, erasure, or restriction

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings, or contact us for assistance.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with legal obligations

Note: This right is not absolute. We may retain certain data where legally required or for legitimate purposes.

Right to Restriction of Processing (Article 18)

You can request restriction of processing when:

  • You contest the accuracy of data (restriction during verification)
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data, but you need it for legal claims
  • You object to processing pending verification of our legitimate grounds

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON) and to transmit that data to another controller.

This right applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

Right to Object (Article 21)

You have the right to object to processing based on:

  • Legitimate interests (Article 6(1)(f))
  • Performance of a task in the public interest
  • Direct marketing (we will stop immediately upon request)
  • Scientific, historical, or statistical research

We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

You can withdraw consent through:

  • Account settings
  • Unsubscribe links in emails
  • Cookie consent manager
  • Contacting us directly

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of:

  • Your habitual residence
  • Your place of work
  • The place of the alleged infringement

However, we encourage you to contact us first so we can address your concerns directly.

Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Our AI Processing: While we use AI for analytics and insights, final decisions affecting your rights are reviewed by humans. You can request human review of any automated decision.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Option 1: Account Settings

Log in to your account and navigate to Settings → Privacy & Data to:

  • Download your data (data portability)
  • Update your information (rectification)
  • Manage consent preferences
  • Delete your account (erasure)

Option 2: Email Request

Send an email to [email protected] with:

  • Subject line: "GDPR Request - [Your Right]"
  • Your full name and email address
  • Description of your request
  • Proof of identity (if required)

Response Time: We will respond to your request within one month (extendable by two more months if complex).

Option 3: Data Protection Officer

Contact our Data Protection Officer (DPO) directly:

Email: [email protected]

Address: [DPO Address - To be provided]

Identity Verification: For security purposes, we may request additional information to verify your identity before processing certain requests, particularly for access, deletion, or portability requests.

International Data Transfers

As RankAgent AI is based in the United States, we transfer and process data outside the EU/EEA. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs)

We use the European Commission's Standard Contractual Clauses (SCCs) for data transfers to third countries, as approved under GDPR Article 46(2)(c).

Data Privacy Framework

Where applicable, we rely on the EU-U.S. Data Privacy Framework for transfers to certified organizations in the United States.

Security Measures

All international data transfers are protected with:

  • End-to-end encryption
  • Secure transfer protocols (TLS 1.3)
  • Access controls and authentication
  • Regular security audits
  • Contractual data protection obligations

Data Protection Principles (Article 5)

We adhere to the following GDPR data protection principles:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and transparently, providing clear information about our processing activities.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary for the processing purposes.

Accuracy

We ensure data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay.

Storage Limitation

We retain data only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality

We process data securely, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Accountability

We are responsible for and can demonstrate compliance with all GDPR principles through documentation and policies.

Data Breach Notification (Articles 33-34)

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the supervisory authority within 72 hours of becoming aware of the breach (Article 33)
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk (Article 34)
  • Document all breaches, including facts, effects, and remedial action taken

Our notification will include:

  • Nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact details for our Data Protection Officer

Children's Privacy (Article 8)

Our services are not directed to children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children without parental consent.

If we become aware that we have collected personal data from a child under the applicable age without parental consent, we will take steps to delete that information promptly.

Parents or guardians who believe their child has provided us with personal data without consent should contact us at [email protected]

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Account Data: Retained while your account is active plus 90 days after account deletion (for recovery purposes)
Analytics Data: Retained for up to 24 months for service improvement
Financial Records: Retained for 7 years to comply with tax and accounting regulations
Legal Records: Retained for as long as necessary to defend or pursue legal claims
Marketing Data: Retained until you unsubscribe or withdraw consent

Contact Our Data Protection Officer

For questions about this GDPR compliance statement, to exercise your rights, or to raise concerns about data protection:

General Inquiries

Email: [email protected]

Support: [email protected]

Data Protection Officer

Email: [email protected]

Address: [DPO Address - To be provided]

EU Representative

In accordance with GDPR Article 27, we have appointed an EU representative:

[EU Representative Name - To be appointed]

[EU Representative Address]

Email: [email protected]

Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities can be found at edpb.europa.eu

Related Documents

Privacy Policy

Comprehensive information about how we collect and use your data.

Cookie Policy

Details about our use of cookies and similar technologies.

Terms of Service

Terms and conditions for using our platform and services.