Rankora
  • Features
  • Pricing
  • About
  • Blog
  • Contact
Sign InSign Up
Rankora

AI-powered review management to protect and grow your business reputation.

Product

  • Features
  • Pricing
  • Integrations
  • Changelog
  • Roadmap

Solutions

  • All Solutions
  • Restaurants
  • Hotels
  • Agencies
  • Clinics

Company

  • About
  • Blog
  • Careers
  • Press
  • Partners

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • GDPR
  • KVKK

Support

  • Contact
  • Documentation
  • Status
  • Resources
  • Accessibility

© 2026 Rankora. All rights reserved.

Made with ♥ for business owners worldwide

Legal

GDPR Privacy Notice

This notice has been prepared by Rankora in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) to inform data subjects about the processing of their personal data.

Last updated: May 14, 2026

On this page

  • Data Controller
  • Purposes & Legal Bases
  • Categories of Personal Data
  • International Transfers
  • Retention Periods
  • Your Rights (GDPR)
  • Automated Decision-Making
  • Contact & DPO

Data Controller

Rankora is the data controller responsible for the processing of your personal data when you use our website and services. As data controller, Rankora determines the purposes and means of processing personal data collected through the website and services.

Company NameRankora
Websitehttps://reviewshield.app
E-mailgdpr@reviewshield.app

Purposes of Processing & Legal Bases

We process your personal data for the following purposes, each based on a specific legal basis under GDPR Article 6:

Account Creation & Management

Contract (Art. 6(1)(b))

Creating and maintaining your user account, authenticating your identity, and providing access to our platform.

Google Reviews Management

Contract (Art. 6(1)(b))

Connecting your Google Business Profile, importing and managing reviews, and generating AI-powered responses on your behalf.

Billing & Payments

Contract (Art. 6(1)(b))

Processing subscription payments, issuing invoices, and managing billing information through our payment processor.

Customer Support

Contract (Art. 6(1)(b))

Responding to your support requests, resolving technical issues, and improving the quality of our services.

Security & Fraud Prevention

Legitimate Interest (Art. 6(1)(f))

Detecting and preventing unauthorized access, fraudulent activity, and other security threats to our platform.

Legal Obligations

Legal Obligation (Art. 6(1)(c))

Fulfilling obligations under applicable laws including tax legislation, e-commerce regulations, and anti-money laundering requirements.

Analytics & Service Improvement

Legitimate Interest (Art. 6(1)(f))

Analyzing usage patterns to improve the performance, functionality, and user experience of our platform.

Marketing Communications

Consent (Art. 6(1)(a))

Sending product updates, newsletters, and promotional communications where you have given your explicit consent.

Categories of Personal Data Processed

The following categories of personal data may be processed depending on your use of our services:

CategoryExamples
identity

Identity Data

Name, surname, username
contact

Contact Data

Email address, phone number (if provided)
account

Account & Authentication Data

Password (hashed), OAuth tokens, session identifiers
business

Business Data

Company name, Google Business Profile ID, review content
billing

Billing Data

Billing address, VAT number, payment method token (via Stripe — card details are never stored by us)
usage

Usage & Log Data

IP address, browser type, pages visited, feature usage, device identifiers
communication

Communication Data

Support tickets, email correspondence

International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure adequate protection through appropriate safeguards as listed below:

ProcessorPurposeLocationSafeguard
StripePayment processing and billing managementUnited StatesStandard Contractual Clauses (SCCs)
Google LLCGoogle Business Profile integration and OAuth authenticationUnited StatesStandard Contractual Clauses (SCCs)
VercelCloud infrastructure and application hostingUnited States / EUSCCs / EU data residency available
Neon / PostgreSQLDatabase hosting for application dataEU RegionData remains within EEA
OpenAIAI-generated review response suggestionsUnited StatesStandard Contractual Clauses (SCCs)
ResendTransactional and marketing email deliveryUnited StatesStandard Contractual Clauses (SCCs)

You can request a copy of the Standard Contractual Clauses we use by contacting us at gdpr@reviewshield.app.

Retention Periods

Personal data is retained only as long as necessary for the purpose for which it was collected, or as required by applicable law:

Data CategoryRetention Period
Account DataDuration of account + 3 years after account deletion
Billing & Invoice Data7 years (EU accounting regulations)
Usage & Log DataUp to 2 years
Support Communications3 years after ticket closure
Marketing Consent Records3 years after consent withdrawal
Google Review DataDuration of service subscription

At the end of the applicable retention period, personal data is securely deleted or anonymized. You may request early deletion of your data subject to legal retention requirements.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. You can exercise these rights free of charge by contacting us at gdpr@reviewshield.app. We will respond within 30 days.

1

Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data along with supplementary information.

2

Right to Rectification (Art. 16)

You have the right to request the correction of inaccurate personal data or the completion of incomplete data.

3

Right to Erasure (Art. 17)

You have the right to request the deletion of your personal data where there is no legitimate reason for us to continue processing it.

4

Right to Restriction (Art. 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances.

5

Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.

6

Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

7

Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

8

Right to Lodge a Complaint (Art. 77)

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you. Our AI features (such as review response suggestions) are assistive tools that require human review and action.

The AI-generated review responses we provide are suggestions only. You retain full control over what is published on your Google Business Profile.

Contact & Data Protection Officer

If you have any questions about this notice or wish to exercise your rights, please contact us through any of the following channels:

1

Email

Send your request or question directly to our data protection team.

gdpr@reviewshield.app
2

Online Form

Submit a data subject rights request through our contact form.

/contact
3

Supervisory Authority

You also have the right to lodge a complaint with your local data protection authority.

https://edpb.europa.eu/about-edpb/about-edpb/members_en

We aim to respond to all requests within 30 days. In complex cases we may extend this by a further two months, in which case we will notify you.