Rank Sonar

Last updated: 2026-05-03

Privacy Policy

Rank Sonar (“we,” “us”) takes your privacy seriously. This page explains what data we collect, why, who we share it with, and what choices you have.

What we collect

Account information

When you create an account we collect your email, password (hashed via Supabase Auth), and the name of your workspace. If you connect via Apple Sign-In, we receive your name and a unique identifier from Apple, never your Apple ID password.

Workspace data

We store the apps you choose to track, the keywords you add, the competitors you select, the alert rules you configure, and the integrations you authorize (e.g. App Store Connect, Google Play Console, Slack). All of this is scoped to your workspace and isolated from other customers via Postgres Row-Level Security.

App store data

On your behalf we fetch publicly-available data from the Apple App Store and Google Play (rankings, ratings, reviews, metadata, screenshots). This data describes third-party apps and is not personal information about you.

Usage and device information

We capture standard product analytics events (page views, feature usage) via PostHog, and JavaScript exceptions via Sentry. Events are tied to your user ID. You can opt out of analytics in your account settings; opting out disables product-improvement telemetry but does not affect the service itself.

Payment information

Web subscriptions are processed by Stripe. Mobile in-app purchases are processed by Apple, Google, and RevenueCat. We never see or store your full card number. We retain only the last 4 digits, brand, and expiration for display purposes via Stripe's API.

Sub-processors

We use the following sub-processors to provide the service. Each is contractually bound to handle data per industry-standard data protection agreements.

  • Supabase — Postgres database, authentication, file storage. Hosted in the United States (us-east-1).
  • Vercel — application hosting, durable workflow execution, sandboxed code runtime. Hosted in the United States (iad1) by default.
  • Stripe — web subscription billing.
  • RevenueCat — mobile in-app purchase management.
  • Resend — transactional and digest email delivery.
  • Anthropic — Claude language models (called via the Vercel AI Gateway with zero data retention).
  • ScrapingBee — residential proxy infrastructure used for fetching public app store pages on your behalf. Receives only outbound URLs.
  • PostHog — product analytics and feature flags. Self-hostable alternative available on enterprise contracts.
  • Sentry — error monitoring. PII is scrubbed from headers and URL query strings before send.
  • Cloudflare — DNS and DDoS protection.

How we use your information

  • To provide and maintain the service (rank tracking, alerts, the Copilot, etc.).
  • To bill you and process payments.
  • To send transactional emails (account, billing, alerts you opted into).
  • To send a weekly digest if you have not opted out.
  • To improve the product (anonymized aggregate metrics).
  • To detect abuse, fraud, or security violations.

We do not sell your personal information. We do not share your workspace data with third parties for marketing purposes. We do not train AI models on your private data.

Cookies and similar technologies

We use a small number of cookies, all strictly necessary or analytics:

  • Authentication — to keep you signed in.
  • Workspace selection — to remember which workspace you last used.
  • Theme — to remember light/dark preference.
  • Analytics (PostHog) — first-party, opt-out available.

Your rights

Depending on your location you may have the following rights regarding your personal data:

  • Access — request a copy of the data we have about you.
  • Rectification — ask us to correct inaccurate data.
  • Deletion — ask us to delete your account and associated data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — opt out of certain processing (e.g. analytics), without affecting the service.

To exercise any of these rights, email privacy@ranksonar.io. We will respond within 30 days. Account deletion is also available self-serve from Settings → Profile → Delete account.

Data retention

We retain your workspace data for as long as your account is active. After cancellation we keep your data for 90 days in case you reactivate, then delete it permanently. App-store snapshots older than 90 days are routinely deleted to control storage costs. Audit logs (workflow runs, payment events) are retained for 1 year.

International transfers

Our infrastructure is hosted primarily in the United States. If you access the service from the EU, UK, or other jurisdictions with data-export restrictions, we rely on Standard Contractual Clauses with our sub-processors.

Children's privacy

Rank Sonar is not directed at children under 16. If we learn we have inadvertently collected information from a child, we will delete it.

Changes to this policy

We will post any changes to this page and update the “Last updated” date. For material changes we will notify account holders via email.

Contact

For privacy questions, email privacy@ranksonar.io. For other matters, see Contact.