Privacy Notice

Last updated: 20 April 2026

1. Who we are

RankActions is a product of E2E Integration, a company registered in England and Wales. We are the data controller responsible for your personal data.

If you have questions about this privacy notice or how we handle your data, please contact us:

• Email: hello@rankactions.com
• Data Protection Officer: sarah.webb@e2e-integration.co.uk
• Phone: 01244 261 379
• Website: e2e-integration.co.uk

2. What data we collect

We collect and process the following personal data depending on how you use RankActions:

• Account data: your name and email address when you sign up via Google OAuth or Clerk authentication.
• Google Search Console data: your website keywords, pages, clicks, impressions and rankings. This data is accessed via read-only Google API access that you grant explicitly. We do not modify your website or Google account in any way.
• Email signup data: your email address if you sign up via our landing page.
• Technical data: IP address, browser type, operating system and usage patterns collected automatically when you visit our website.
• Usage data: how you interact with the RankActions dashboard, including features used and actions generated.

3. How we use your data

We use your personal data for the following purposes:

• To provide and operate the RankActions service, including generating your weekly SEO action list.
• To authenticate you and manage your account.
• To communicate with you about your account, service updates and new features.
• To send marketing emails if you have opted in — you can unsubscribe at any time.
• To improve and develop our service based on usage patterns.
• To comply with legal obligations.

4. Legal basis for processing

We process your personal data on the following legal grounds under UK GDPR:

• Contract: processing necessary to provide you with the RankActions service you have signed up for.
• Consent: where you have given us explicit permission, such as opting in to marketing emails or granting Google OAuth access.
• Legitimate interests: to improve our service, ensure security and communicate service-related updates.
• Legal obligation: where we are required to process data to comply with the law.

5. Google API Services — Limited Use Disclosure

RankActions' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum scopes necessary to provide the service (read-only access to Search Console and Google Analytics).
• We do not use Google user data for advertising purposes.
• We do not sell Google user data to third parties.
• We do not use Google user data for purposes unrelated to the RankActions service.
• Human access to Google user data is limited to what is necessary for debugging, security or legal compliance.

6. How we store your data

Your data is stored securely using the following services:

• Cloudflare: hosting, CDN and KV storage for encrypted OAuth tokens.
• Supabase: user profiles and email signups, hosted in the EU (London region).
• Clerk: authentication and session management.

Your Google OAuth access token is encrypted and stored with a 30-day expiry. Refresh tokens are stored securely and can be revoked by you at any time by disconnecting your Google account.

7. Data sharing

We do not sell your personal data to any third party. We share data only with the following service providers who act as data processors on our behalf:

• Google: to authenticate you and retrieve your Search Console data.
• Cloudflare: hosting and infrastructure.
• Supabase: database storage.
• Clerk: authentication services.
• Anthropic: AI-powered fix suggestions and content generation (no personal data is sent — only anonymised keyword and page data).
• Stripe: payment processing (when applicable).

8. Data retention

We retain your personal data only for as long as necessary:

• Account data: retained for the duration of your account plus 12 months after deletion.
• Google OAuth tokens: access tokens expire after 1 hour; refresh tokens are stored until you disconnect or delete your account.
• Email signups: retained until you unsubscribe or request deletion.
• Usage data: retained in anonymised form for up to 24 months.

9. Your rights

Under UK GDPR, you have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data.
• Restriction: request that we limit how we process your data.
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email hello@rankactions.com or contact our Data Protection Officer at sarah.webb@e2e-integration.co.uk. We will respond within one calendar month.

10. Cookies

RankActions uses essential cookies required for authentication and session management. We also use Google Analytics to understand how visitors use our website. For more information on how Google Analytics processes data, visit Google's Privacy Policy.

11. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy notice of every website you visit.

12. Children

RankActions is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

13. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues: www.ico.org.uk.

14. Changes to this notice

We may update this privacy notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.