rankboo.st
BlogPricingAutomate My SEO

Privacy policy

This policy explains how rankboo.st handles personal data when you use our website and product.

Last updated: 11 June 2026

1. Data controller

rankboo.st is operated by ScalePlant Group (opens in new tab)("we", "us"), also reachable at scaleplant.com (opens in new tab). We act as the data controller for personal data processed through the AI SEO autopilot service at https://rankboo.st/.

2. Scope

This policy applies to visitors of our marketing site, registered users, billing customers, and developers using our APIs or integrations. It does not cover third-party websites you connect or publish to — those are governed by their own policies.

3. Data we collect

Account and identity

  • Name, email address, and authentication identifiers
  • Google account ID when you sign in with Google OAuth
  • Password hash when you register with email and password
  • Email verification and session metadata

Billing

  • Stripe customer and subscription identifiers
  • Plan, billing period, and invoice status (payment card data is handled by Stripe)

Website and content

  • Website URLs, crawl inventories, brand settings, and keyword selections
  • Generated drafts, published posts, media references, and planner schedules
  • Integration configuration for WordPress, Shopify, webhooks, and API credentials

Technical and usage

  • IP address, browser type, device information, and request logs
  • API usage, cron activity, error reports, and security events
  • Analytics data from Google Analytics and Microsoft Clarity on marketing pages

Communications

  • Support messages and account-related emails we send or receive

4. How we use data

We use personal data to:

  • Provide, operate, and secure the service
  • Authenticate users and manage sessions
  • Process subscriptions and communicate about your account
  • Generate, validate, schedule, and publish content according to your instructions
  • Monitor usage, prevent abuse, and improve product performance
  • Comply with legal obligations and respond to lawful requests
  • Send service emails such as verification, billing, and security notices

5. Legal bases (EEA/UK)

Where GDPR or UK GDPR applies, we rely on:

  • Contract — to provide the service you signed up for
  • Legitimate interests — security, fraud prevention, product improvement, and limited analytics, balanced against your rights
  • Consent — where required for non-essential cookies or optional marketing communications
  • Legal obligation — tax, accounting, and regulatory requirements

6. Processors and sub-processors

We use trusted providers that process data on our instructions and under appropriate safeguards, including:

  • Stripe — subscription billing and payment processing
  • Resend — transactional email delivery
  • Anthropic — article writing and content generation
  • OpenAI — image generation for blog posts
  • DataForSEO — keyword research and SEO data
  • Google — OAuth sign-in and Google Analytics
  • Microsoft Clarity — session analytics on marketing pages
  • Cloudflare R2 (or local storage in development) — media storage
  • Hosting providers — application and database infrastructure

Integration credentials and secrets are encrypted at rest using an application encryption key.

7. Retention

We retain account, billing, and content records while your subscription is active and for a reasonable period afterwards for legal, tax, security, and dispute purposes. You may export generated content from the dashboard. You may request deletion subject to applicable exceptions — for example, where we must retain billing records by law.

8. Security

We apply technical and organisational measures including encrypted integration secrets, access controls, secure session handling, and infrastructure hardening. No method of transmission or storage is completely secure; please use strong passwords and protect API keys.

9. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, object to, or port your personal data, and to withdraw consent where processing is consent-based. You may also lodge a complaint with your local supervisory authority.

California residents may have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of certain sharing — contact us to exercise these rights.

10. International transfers

Data may be processed in countries outside your own, including where our sub-processors operate. Where required, we use appropriate transfer mechanisms such as Standard Contractual Clauses or adequacy decisions.

11. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookies policy.

12. Contact and complaints

To exercise your privacy rights or ask questions about this policy, contact ScalePlant Group (opens in new tab) via scaleplant.com (opens in new tab). See also our Terms and conditions.