Legal

Privacy Policy

Effective date: April 11, 2026

Last updated: April 11, 2026

Rankverse (“Rankverse”, “we”, “us”, or “our”) is committed to protecting the privacy of visitors to rankverse.ai and users of our services (the “Services”). This Privacy Policy explains what personal data we collect, how we use and disclose it, and the rights and choices available to you regarding your personal data.

This Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) of India, the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and — where applicable — the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”).

By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, please do not use the Services.

1. Who we are

Rankverse is an AI-powered SEO, AEO, and GEO (Generative Engine Optimisation) platform that helps businesses improve their visibility on traditional search engines and AI answer engines. For the purposes of the DPDP Act we act as a Data Fiduciary, under the GDPR we act as a Data Controller, and under the CCPA/CPRA as a Business, in respect of the personal data described below.

2. Information we collect

We collect the following categories of personal data:

2.1 Information you provide directly

  • Account data: name, email address, password (stored only as a salted hash), organisation name, role, website URL.
  • Billing data: billing name, billing address, GSTIN (if applicable), and payment instrument details. Card details are collected and stored directly by our PCI-DSS compliant payment processor (Stripe) and are not stored on our servers.
  • Communications: support requests, feedback, survey responses, and any other information you voluntarily share with us.

2.2 Information collected automatically

  • Usage data: pages viewed, features used, clicks, timestamps, and referring URLs.
  • Device and log data: IP address, browser type and version, operating system, device identifiers, and diagnostic logs.
  • Cookies and similar technologies: see Section 9 below.

2.3 Information collected from integrated third-party services

With your explicit authorisation (via OAuth), we may access data from third-party services you choose to connect, including:

  • Google Search Console: search performance data, indexing status, sitemaps, and site properties you authorise.
  • Google account (SSO): your name, email address, and profile picture, limited to theopenid email profile scope.
  • Your website: publicly available HTML, metadata, structured data, and backlink information that we crawl on your instruction.

2.4 Sensitive Personal Data

We do not knowingly collect passwords (we only store hashes), financial information other than what is processed by Stripe, health data, biometric data, sexual orientation data, or any other category deemed sensitive under the SPDI Rules or Article 9 of the GDPR.

3. How we use your information (purposes of processing)

We process personal data for the following purposes:

  • To create and administer your account and provide the Services you request.
  • To process subscription payments, invoices, taxes, and refunds.
  • To send transactional emails (account verification, password reset, billing notices, service alerts).
  • To generate AI-powered audits, content drafts, keyword suggestions, and reports at your request.
  • To provide customer support, respond to enquiries, and resolve disputes.
  • To monitor, secure, and improve the performance and reliability of the Services.
  • To prevent fraud, abuse, and violations of our Terms of Service.
  • To send marketing communications about features, offers, and updates — only where you have opted in, and with an easy unsubscribe option in every such message.
  • To comply with our legal obligations under applicable laws.

4. Legal basis for processing

Where the DPDP Act or the GDPR applies, we rely on the following legal bases:

  • Consent — for marketing communications, non-essential cookies, and connecting third-party integrations. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Performance of a contract — to deliver the Services you have subscribed to.
  • Legitimate interests — for security, fraud prevention, product analytics, and administrative communications (balanced against your rights).
  • Legal obligation — to comply with tax, accounting, and regulatory requirements.

5. Sharing and disclosure

We do not sell your personal data. We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Service providers (Data Processors): infrastructure, email delivery, payment processing, analytics, AI model providers, and customer support tools — bound by written contracts requiring confidentiality and compliant handling. Current key processors include:
    • MongoDB Atlas (database hosting)
    • Render (application hosting)
    • Stripe (payments)
    • Resend / Brevo (transactional email)
    • Groq, OpenAI-compatible providers (AI inference)
    • DataForSEO (SERP & keyword data)
    • Google LLC (Search Console API, SSO)
  • Professional advisors: lawyers, auditors, accountants, and insurers, when necessary to establish, exercise, or defend legal claims.
  • Authorities: government, regulatory, or law-enforcement bodies where disclosure is required by law or a valid legal process in India or another applicable jurisdiction.
  • Business transfers: in the context of a merger, acquisition, financing, or sale of assets, subject to the acquirer continuing to honour this Policy.

6. International transfers

Rankverse is operated from India, but our Service Providers may process data outside India, including in the United States and the European Union. Where personal data is transferred outside the country in which it was collected, we put in place appropriate safeguards — such as Standard Contractual Clauses for GDPR transfers and compliance with any country-level restrictions notified under Section 16 of the DPDP Act.

7. Data retention

We retain personal data only for as long as is necessary for the purposes set out in this Policy, including the duration of your subscription and for a reasonable period thereafter to comply with legal, tax, and accounting obligations (ordinarily up to eight years under Indian tax law). When personal data is no longer required, we delete or irreversibly anonymise it. You may request earlier deletion at any time (see Section 8).

8. Your rights

8.1 Rights under the DPDP Act (India)

If you are a Data Principal under the DPDP Act, you have the right to:

  • Access a summary of your personal data and the processing activities we undertake on it.
  • Correct, complete, update, or erase your personal data.
  • Nominate another individual to exercise your rights in the event of your death or incapacity.
  • Grievance redressal through the Grievance Officer identified in Section 13 below.
  • Withdraw consent previously given, at any time.

8.2 Rights under the GDPR (EEA/UK residents)

  • Right of access, rectification, and erasure (“right to be forgotten”).
  • Right to restriction of processing and to object to processing.
  • Right to data portability.
  • Right to lodge a complaint with a supervisory authority in your Member State if you believe our processing infringes the GDPR.

8.3 Rights under the CCPA/CPRA (California residents)

  • Right to know what personal information is collected, used, shared, or sold.
  • Right to delete personal information held by us (with certain exceptions).
  • Right to correct inaccurate personal information.
  • Right to opt-out of the sale or sharing of personal information (we do not sell personal information).
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please email grievance@rankverse.ai. We will respond to verified requests within the timeframes required by applicable law. We may ask you to verify your identity before acting on your request.

9. Cookies and tracking technologies

We use cookies and similar technologies (such as local storage) for authentication, session management, preference storage, security, and analytics. You can configure your browser to refuse cookies or to alert you when cookies are being sent; however, some parts of the Services may not function properly without them. Where required by law, we request your consent before placing non-essential cookies.

10. Security

We implement reasonable security practices and procedures as required under the SPDI Rules and in line with internationally accepted standards such as ISO/IEC 27001 principles. These include encryption in transit (TLS 1.2+), encryption at rest for sensitive data, hashed-and-salted passwords, access controls, audit logging, and regular security reviews. However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

In the unlikely event of a personal data breach, we will notify the Data Protection Board of India and affected users in accordance with Section 8(6) of the DPDP Act and any other applicable law.

11. Children’s privacy

The Services are not intended for individuals under the age of eighteen (18). In accordance with Section 9 of the DPDP Act, we do not knowingly process personal data of children without verifiable consent of a parent or lawful guardian, and we do not undertake any tracking, behavioural monitoring, or targeted advertising directed at children. If you believe we have inadvertently collected personal data of a child, please contact us and we will take steps to delete it promptly.

12. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on the Services prior to the change taking effect. The “Effective date” at the top of this Policy indicates when it was last revised.

13. Grievance Officer and contact

In accordance with Section 5(9) of the DPDP Act and Rule 5(9) of the SPDI Rules read with Section 43A of the IT Act, the details of our Grievance Officer are as follows:

Grievance Officer

Rankverse

Email: grievance@rankverse.ai

General contact: contact@rankverse.ai

We will acknowledge complaints within 48 hours and resolve them within the timelines prescribed under the DPDP Act and the SPDI Rules (ordinarily within 30 days).

14. Governing law

This Privacy Policy is governed by the laws of the Republic of India. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts located in Bengaluru, Karnataka, India, subject to any mandatory consumer-protection rights available to you under the laws of your place of residence.

See also our Terms of Service.