Last updated: 24 March 2026
RankCart.io ("we", "us", "our") is operated by RR Sols Pty Ltd (ABN: 56 672 722 486). This Privacy Policy explains how we collect, use, and protect your information when you use our website and services at rankcart.io.
Account information: When you create an account, we collect your email address and name. We use Supabase for authentication and do not store passwords directly.
Store URLs: When you run an audit, we process the store URL you provide. We crawl publicly accessible pages only — we never access your store admin, customer data, or order information.
Audit results: We store the results of your SEO and AEO audits (including scores, Core Web Vitals metrics, identified issues, and recommendations) so you can view your history and track progress over time.
Payment information: Payments are processed securely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. Stripe handles all payment data in compliance with PCI DSS.
Usage data: We collect basic analytics such as pages visited, features used, and audit counts to improve our service.
Server logs and IP addresses: When you use our service, we automatically log your IP address, HTTP method, endpoint accessed, and response status code for security monitoring and abuse prevention purposes. These logs are stored in our database and are not shared with third parties.
Contact form submissions: If you contact us through our website, we collect your name, email address, subject, and message content. If you are logged in, we may also associate the submission with your account and most recent audit URL for support context.
Keyword and ranking data (Revenue Intelligence): If you use our Revenue Intelligence features, we collect and store your tracked keywords, search rankings, and related SERP (Search Engine Results Page) data. Aggregated and anonymised SERP data may be cached and shared across users to improve service performance and reduce costs — this cached data does not contain any personally identifiable information.
To provide and operate the RankCart.io service, including running SEO and AEO audits, generating reports, tracking keyword rankings, and managing your account.
To process payments and manage subscriptions via Stripe.
To send you service-related communications such as audit reports, weekly summaries (if enabled), and account notifications. See Section 4 (Email Communications) for full details on the types of emails we send.
To improve our product, fix bugs, and develop new features.
To monitor and prevent abuse, fraud, and security threats using server logs.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
Supabase: Authentication, database hosting, and email delivery for authentication-related messages (signup confirmation, password reset, magic links). Data is stored in secure, encrypted databases. Subject to Supabase's Privacy Policy (https://supabase.com/privacy).
Stripe: Payment processing, subscription management, and billing. Subject to Stripe's Privacy Policy (https://stripe.com/privacy).
Resend: Transactional email delivery for service communications including welcome emails, weekly reports, billing notifications, and support messages. We share your email address and name with Resend solely for the purpose of delivering these emails. Subject to Resend's Privacy Policy (https://resend.com/legal/privacy-policy).
Google PageSpeed Insights API: We send your store URL to Google's API to measure Core Web Vitals performance. No personal information is shared — only the store URL. Subject to Google's Privacy Policy (https://policies.google.com/privacy).
DataForSEO: We send store domain names, target keywords, and location/language preferences to DataForSEO's API for keyword ranking data and revenue intelligence analysis. No personal information (such as your email or name) is shared with DataForSEO. Subject to DataForSEO's Privacy Policy (https://dataforseo.com/privacy-policy).
Vercel: Application hosting and deployment. Subject to Vercel's Privacy Policy (https://vercel.com/legal/privacy-policy).
We only share the minimum data necessary with each third-party service to provide our functionality. We do not share your personal data with any third party for advertising or marketing purposes.
We are committed to responsible email practices and comply with the Australian Spam Act 2003, the CAN-SPAM Act (US), and applicable anti-spam laws in other jurisdictions.
We will never sell, rent, or share your email address with any third party for their marketing or promotional purposes.
We will never send you unsolicited commercial emails or spam. All emails we send fall into the following categories:
Transactional emails (sent automatically as part of the service): Welcome email upon account creation; subscription confirmation when you start a paid plan; payment failure notifications; plan change confirmations; cancellation confirmations; trial ending reminders (sent approximately 3 days before your trial expires). These emails are essential to the operation of your account and cannot be unsubscribed from while your account is active.
Optional service emails: Weekly SEO performance reports summarising your store's audit scores and top recommended fixes. Weekly reports are enabled by default when you subscribe to a paid plan. You can unsubscribe at any time by clicking the unsubscribe link in any weekly report email, or by contacting us at support@rankcart.io. We will honour all unsubscribe requests promptly.
We do not send any promotional, marketing, or advertising emails. We do not use your email for remarketing, retargeting, or any form of advertising.
All emails are sent from official RankCart.io domains only: hello@rankcart.io, reports@rankcart.io, and billing@rankcart.io.
Your account data and audit history are retained for as long as your account is active.
If you delete your account, we will remove your personal data within 30 days. Anonymised, aggregated data (such as platform-wide audit statistics) may be retained for analytics purposes.
Server logs (including IP addresses) are retained for a maximum of 90 days for security and abuse prevention, after which they are automatically purged.
Free plan users who have been inactive for 12 months may have their data archived or deleted after reasonable notice via email.
Cached SERP data (which does not contain personal information) may be retained for up to 7 days for performance purposes.
We use industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication via Supabase, and encrypted payment processing via Stripe.
API keys for Agency plan users are stored as SHA-256 hashes — we never store raw API keys after initial creation.
Row Level Security (RLS) is enforced on our database to ensure users can only access their own data.
While we take reasonable steps to protect your data, no method of electronic storage is 100% secure. In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.
Agency plan users may add and audit multiple store URLs on behalf of their clients. If you use RankCart.io to audit stores belonging to third parties, you represent and warrant that you have obtained all necessary authorisation from the store owner to perform such audits.
RankCart.io is not responsible for verifying your authorisation to audit third-party stores. You are solely responsible for ensuring compliance with any agreements between you and your clients.
Audit reports generated for client stores are accessible only to the account holder who performed the audit.
Access: You can view all your personal data from your dashboard at any time.
Correction: You can update your account information from your dashboard.
Deletion: You can request deletion of your account and all associated data by emailing support@rankcart.io. We will process deletion requests within 30 days.
Export: You can download your audit results as PDF reports from your dashboard.
Opt-out: You can opt out of weekly report emails at any time via the unsubscribe link or by contacting us.
If you are located in the EU, UK, or Australia, you may have additional rights under GDPR, UK GDPR, or the Australian Privacy Act 1988 respectively, including the right to lodge a complaint with a supervisory authority. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
Our service infrastructure is hosted globally through our third-party providers (Supabase, Vercel, Stripe, Resend). Your data may be processed and stored in countries other than your own, including the United States.
Where data is transferred internationally, we ensure appropriate safeguards are in place through our providers' compliance with applicable data protection frameworks.
We use essential cookies for authentication and session management. These are strictly necessary for the service to function.
We use a cookie to track free-tier audit usage to enforce plan limits. This cookie does not contain any personal information.
We do not use advertising, remarketing, or third-party tracking cookies.
For more details, see our Cookie Notice at /cookies.
RankCart.io is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@rankcart.io and we will promptly delete the information.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website at least 14 days before the changes take effect. Continued use of the service after changes constitutes acceptance of the updated policy.
We encourage you to review this Privacy Policy periodically.
If you have any questions, concerns, or complaints about this Privacy Policy, our data practices, or your data, contact us at: support@rankcart.io
RR Sols Pty Ltd, Australia. ABN: 56 672 722 486.
For privacy-specific enquiries, you may also write to our Privacy Officer at the email above.