RankPilot AI Back to site
Legal

Privacy Policy

Last updated February 9, 2026

RankPilot AI ("we", "us") respects your privacy. This policy explains what we collect, why, and your choices.

1. Data we collect

  • Account data — email, display name, password hash (or Google profile picture if you use Google sign-in).
  • Workspace data — domains, descriptions, content plans, blog drafts, audit results, keywords, backlinks, social channel credentials (encrypted at rest), schedules.
  • Usage data — feature events, API calls, approximate token counts (used to operate the platform and prevent abuse).
  • Technical data — IP address, browser, device type, log timestamps.

2. How we use it

  • To operate, secure and improve the service.
  • To run AI features you trigger (analyses, drafts, image generation, LLM visibility checks).
  • To send transactional emails (security alerts, schedule run failures, account changes).
  • To detect and prevent abuse / fraud.

3. AI processing

When you use AI features, your prompts and project context are forwarded to our AI providers (currently OpenAI and Google) via the Emergent Universal LLM Key. We never sell your data to AI vendors and we don't use your content to train models. Provider terms apply: see OpenAI and Google's API privacy commitments.

4. Sharing

We do not sell your data. We share it only with:

  • Sub-processors needed to run the service (cloud hosting, AI model providers, email delivery, payment processing).
  • Authorities when legally compelled.
  • An acquirer in the event of a merger / acquisition (you'll be notified beforehand).

5. Storage & security

Data lives in MongoDB databases on secure cloud infrastructure. Passwords are hashed with bcrypt. Social-channel tokens are masked in API responses and never logged in plaintext. Connections use TLS in transit.

6. Your rights

  • Access & export — view your data via the dashboard at any time.
  • Correct — update profile and project info from Account settings.
  • Delete — wipe your account + all linked data permanently from Account → Danger zone.
  • Object / restrict — email privacy@rankpilot.ai and we'll process within 30 days.

7. Cookies

We use essential cookies only: access_token, refresh_token, and session_token (for Google sign-in). All are httpOnly and used solely to keep you logged in. We do not run third-party advertising trackers.

8. Children

RankPilot AI is not directed at children under 16. If you believe we hold data on a minor, contact us and we'll erase it.

9. Changes

We'll post material changes here and email account holders at least 14 days before they take effect.

10. Contact

Questions? privacy@rankpilot.ai