Privacy Policy

1. Who We Are

Ranqo ("we", "us", or "our") is an SEO automation tool for Shopify merchants. We help store owners optimize product listings and generate SEO content using AI and Google Search Console data.

This Privacy Policy explains what personal data we collect, how we use it, and your rights under applicable data protection laws including the EU General Data Protection Regulation (GDPR) and Switzerland's Federal Act on Data Protection (revFADP).

Data controller:
Pro.Di.Gio GmbH
Mailand-Strasse 31, 4053 Basel, Switzerland
UID: CHE 431.421.931
Operating as: Ranqo
support@ranqo.app

2. What Data We Collect

2.1 Account Data

When you register for a Ranqo account, we collect:

• Full name and email address
• Password (stored as a one-way bcrypt hash – never in plain text)
• Account creation timestamp

2.2 Shopify Store Data

When you connect your Shopify store, we collect and store:

• Your Shopify store domain (e.g. my-store.myshopify.com)
• A Shopify API access token to read and update your products and blog content
• Store name and currency
• Product titles, SEO titles, and meta descriptions (to optimize them)

2.3 Google Search Console Data

If you connect Google Search Console, we collect:

• OAuth access token and refresh token for the Google API
• Keyword performance data: search terms, click counts, impressions, CTR, and average position
• Your GSC property URL

We use this data exclusively to generate SEO optimizations and blog content for your store.

2.4 Payment Data

Subscription billing is handled entirely through the Shopify Billing API. Ranqo does not collect, see, or store any credit card or payment information. All charges appear directly on your Shopify invoice. We store:

• Your Shopify subscription ID and current plan name
• Subscription status (active, pending, cancelled)

All payment processing is handled exclusively by Shopify in accordance with their security standards.

2.5 Usage & Technical Data

• Run logs (which optimizations were performed, timestamps)
• Error messages for debugging
• Server-side logs (IP address, request method, HTTP status) retained for up to 30 days

3. How We Use Your Data

• Service delivery: Optimizing your product SEO titles and descriptions
• Content generation: Creating blog articles based on your keyword data
• Account management: Authentication, subscription billing, plan enforcement
• Service improvement: Monitoring performance, fixing bugs, improving features
• Legal compliance: Responding to GDPR data requests and regulatory obligations

We process your data based on the following legal bases under GDPR Art. 6:

• Contract performance (Art. 6(1)(b)) – to provide the service you subscribed to
• Legitimate interests (Art. 6(1)(f)) – for security, fraud prevention, and service improvement
• Legal obligation (Art. 6(1)(c)) – for compliance with Shopify's GDPR mandatory webhooks

4. AI Processing

Ranqo uses the Anthropic Claude API to generate SEO content. When content is generated, your product data (titles, descriptions) and keyword data may be sent to Anthropic's API servers for processing.

Anthropic processes this data in accordance with their privacy policy and does not use it to train AI models (as per their API usage policy). Your data is processed transiently and not retained by Anthropic.

For more information, see Anthropic's Privacy Policy.

5. Data Sharing & Third Parties

We share data only with the following third-party services, strictly necessary for operation:

• Shopify – to read and write your store data via their API
• Google – to access Search Console performance data via OAuth
• Anthropic – to generate AI-powered SEO content
• Shopify (Billing API) – subscription billing is handled directly through Shopify. No credit card data is shared with or stored by Ranqo.
• Railway – cloud hosting provider for our backend and PostgreSQL database (servers located in the EU/US)

We do not sell, rent, or share your data with any advertising networks or data brokers.

6. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Shop data: Deleted automatically when you uninstall the app (via Shopify's shop/redact webhook, processed within 48 hours).
• Keyword and run history: Retained for up to 24 months to provide trend analysis, then deleted.
• GDPR compliance logs: Retained for 5 years as required for legal compliance.
• Server logs: Deleted after 30 days.

7. Your Rights (GDPR)

If you are located in the EU, EEA, or Switzerland, you have the following rights:

• Right of access – Request a copy of the personal data we hold about you
• Right to rectification – Correct inaccurate or incomplete data
• Right to erasure – Request deletion of your data ("right to be forgotten")
• Right to data portability – Receive your data in a machine-readable format
• Right to restriction – Request we limit the processing of your data
• Right to object – Object to processing based on legitimate interests
• Right to withdraw consent – Where processing is based on consent

To exercise any of these rights, email us at support@ranqo.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Security

We take security seriously and implement the following measures:

• Passwords are hashed using bcrypt (cost factor 10+) – never stored in plain text
• All API communication is encrypted via TLS/HTTPS
• Shopify webhook requests are verified using HMAC-SHA256 signatures
• Authentication tokens (JWT) are signed and expire automatically
• Database access is restricted to our backend servers only

9. Cookies

Ranqo uses minimal cookies for session management only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we use only strictly necessary cookies.

10. Children's Privacy

Ranqo is a business tool intended for adults (18+). We do not knowingly collect data from anyone under 18 years of age. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.