Privacy Policy

Who operates this site

RankingLocal.ai is operated by Yellow Pencil, based in Markham, Ontario, Canada. For any privacy question or request, contact hello@rankinglocal.ai.

What we collect

• Account data — email address, name (optional), plan, and authentication identifiers (Google sign-in subject ID if you use OAuth).
• Business data you enter — business name, website, city, industry, competitor names, publishing preferences, marketing goals, and the free-text pain-point you share in onboarding.
• Monitoring data we generate — AI-engine scan results, coverage scores, query-level aggregates, competitor benchmarks, and recommended actions.
• Billing data — plan code, access state, trial windows, and a Stripe customer ID. Full payment card data is handled directly by Stripe and never touches our servers.
• Operational metadata — IP address, coarse geo (country / Cloudflare colo), user agent, HTTP method + path, status code, and request timestamp. Kept in request_access_log with a 30-day rolling retention.
• Audit events — logins, email sends, billing transitions, and admin actions. Used for security incident response and service debugging.

Why we collect it (legal basis)

• Contract performance — to provide the AI-visibility monitoring, reporting, and content-pipeline features you signed up for.
• Legitimate interests — preventing abuse (disposable-email blocks, rate limits), debugging, and product improvement.
• Consent — for lifecycle emails like the free-to-paid upgrade push, demo sample report, and retention alert. You can unsubscribe by replying "stop" or deleting your account.
• Legal obligation — retaining billing records for tax and accounting purposes as required by Canadian law.

How long we keep it

• Account + business data — for the life of your account. Deleted immediately when you click "Delete My Account" in the dashboard.
• Monitoring samples — 12 months of detailed samples; monthly aggregates retained longer for trend charts.
• Request access logs — 30-day rolling window (auto-pruned by cron).
• Billing records — 7 years, as required by Canadian tax law, even after account deletion. PII is stripped; only Stripe transaction references remain.
• Audit events — 24 months. After account deletion, an account_deleted audit row is kept with only your former user ID and a row-count summary (no email, no name, no business data).

Who we share it with (processors)

We don't sell personal information. We do use a small set of infrastructure vendors ("processors") who handle data on our behalf under strict agreements:

• Cloudflare — hosting, CDN, D1 database, R2 storage, Queues, KV. Data is stored in distributed edge locations with at-rest encryption.
• Stripe — billing + subscription management. Payment cards go directly to Stripe; we only receive transaction references.
• Google (Gmail API + OAuth) — for sending product emails (welcome, monthly report, lifecycle emails) and Google Business Profile integration if you connect your GBP.
• OpenAI, Anthropic, Perplexity, Google Gemini — query-generation and content-ranking LLM calls. We send scan queries and public business details; we never send your internal data (pain points, goals, competitor notes) to third-party LLMs.
• Resend / Gmail SMTP — transactional email delivery.

All processors are bound by data-processing agreements and use at-rest encryption.

International transfers

Our primary infrastructure runs on Cloudflare's global edge network, which means your data may be processed in Canada, the United States, the EU/UK, or Asia-Pacific depending on where the request originates. Cloudflare, Stripe, and Google all maintain SCCs (Standard Contractual Clauses) for EU/UK data transfers.

Your rights

Under GDPR (EU/UK), PIPEDA (Canada), and similar laws, you have these rights — most of which you can exercise directly from the dashboard without contacting us:

• Right to access — click "Download My Data" in the dashboard (Privacy & Data section) for a full JSON export of everything we hold about you. No ticket required.
• Right to erasure ("right to be forgotten") — click "Delete My Account" in the same section. Hard-deletes your user row, all business data, and every derived record immediately.
• Right to rectification — edit your profile, businesses, competitors, and marketing goals at any time through the dashboard.
• Right to data portability — the export in #1 is machine-readable JSON; you can import it into another tool.
• Right to object / restrict processing — email hello@rankinglocal.ai and we'll pause processing or remove specific records within 30 days.
• Right to withdraw consent — stop lifecycle emails by replying "unsubscribe" to any email or by deleting your account.
• Right to lodge a complaint — EU residents may contact their national data protection authority; Canadian residents may contact the Office of the Privacy Commissioner of Canada.

Cookies

We use a single first-party session cookie (rlcs) to keep you signed in to the customer dashboard. We don't use advertising cookies, analytics cookies, or third-party tracking pixels. No cookie banner is needed because nothing we set requires consent under GDPR — the session cookie is strictly necessary for the login flow.

Security

• OAuth refresh tokens, WordPress application passwords, and syndication API keys are encrypted at rest using AES-256-GCM with a server-side master key.
• Customer passwords are not stored — authentication is magic-link or Google OAuth only.
• All traffic is HTTPS with HSTS. Internal admin endpoints require an additional shared-secret header.
• Audit events record every access-state change, billing transition, and admin action for incident response.

Children

RankingLocal.ai is a B2B tool. It is not directed at children under 13 (or 16 in the EU/UK) and we do not knowingly collect data from minors. If you believe a minor has used the service, contact us and we'll delete their data.

Changes to this policy

We update this policy when we add new features or new processors. The "Last updated" date at the top always reflects the current version. For material changes (e.g. a new LLM processor, a new data category), we notify active customers by email at least 14 days before the change takes effect.