Data Controller
Rankora ("we", "us", or "our") is the data controller responsible for your personal data. We are registered and operate the platform available at reviewshield.app.
Information We Collect
We collect information you provide directly, data generated by your use of our service, and data from third-party integrations.
Identity & Account Data
identity- Full name and email address
- Profile picture (if provided via OAuth)
- Password (stored hashed — we never store plain-text passwords)
- Account creation date and last login
Business & Location Data
business- Business name, address, and contact details
- Google Business Profile ID and location identifiers
- Connected Google accounts (OAuth tokens — encrypted at rest)
Review & Content Data
usage- Google reviews imported via the API (reviewer name, rating, text, date)
- AI-generated classifications and suggested responses
- Evidence files and notes you upload for review disputes
- Legal notices and petition documents you create
Billing Data
billing- Subscription plan and billing cycle
- Payment method details — processed by Stripe; we store only the last 4 digits and card brand
- Invoice history and payment status
Usage & Technical Data
usage- IP address, browser type, and operating system
- Pages visited, features used, and session duration
- Error logs and diagnostic data
- Cookie identifiers (see our Cookie Policy)
How We Use Your Information
We use the information we collect for the following purposes:
Provide & Operate the Service
Create and manage your account, process review data, generate AI insights, and deliver the core features of Rankora.
AI-Powered Analysis
Analyze your Google reviews to detect fake or policy-violating content, classify sentiment, and generate dispute evidence using our AI models.
Notifications & Alerts
Send you real-time alerts when new reviews are detected, disputes are resolved, or subscription actions are required.
Analytics & Improvements
Understand how users interact with the platform so we can improve performance, fix bugs, and build new features.
Communications
Send transactional emails (receipts, security alerts) and, with your consent, product updates and marketing communications.
Legal & Compliance
Comply with applicable laws, respond to legal requests, and enforce our Terms of Service.
Legal Basis for Processing
Where GDPR applies, we process your personal data on the following legal bases:
Contract
Processing necessary to deliver the service you signed up for, including account management, review processing, and billing.
Legitimate Interests
Fraud prevention, security monitoring, product improvement, and analytics — balanced against your privacy rights.
Consent
Marketing emails and non-essential cookies. You may withdraw consent at any time.
Legal Obligation
Processing required to comply with applicable laws or respond to lawful requests from authorities.
Information Sharing
We do not sell your personal data. We share data only in the following limited circumstances:
- Stripe— Payment processing and subscription management
- Google Cloud / APIs— Google Business Profile and Maps API integration
- OpenAI— AI review classification and response generation
- Resend— Transactional and notification email delivery
- PostHog— Product analytics and feature usage tracking
- Vercel— Application hosting and edge infrastructure
All sub-processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures.
Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the service. Upon account deletion:
- Account and profile data is deleted within 30 days.
- Review data and evidence files are deleted within 90 days.
- Billing records are retained for 7 years to comply with financial regulations.
- Anonymised, aggregated analytics data may be retained indefinitely.
Data Security
We implement industry-standard technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.
Encryption in Transit
All data is transmitted over TLS 1.2+ encrypted connections.
Encryption at Rest
Sensitive fields (OAuth tokens, payment references) are encrypted at rest using AES-256.
Access Control
Role-based access controls ensure only authorised personnel can access production data.
Security Monitoring
Continuous monitoring, intrusion detection, and regular security audits.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, please contact us at privacy@reviewshield.app. We will respond within 30 days.
Children's Privacy
Rankora is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@reviewshield.app and we will delete it promptly.
Policy Changes
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email and display a prominent notice on our platform. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:
If you are located in the EU/EEA and believe your data protection rights have not been respected, you have the right to lodge a complaint with your local supervisory authority.