Privacy Policy

OmniRank ("we", "us", or "our") operates the website omnirank.net and the OmniRank platform (collectively the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and your rights as a data subject under the General Data Protection Regulation (GDPR) and applicable data protection law.

By accessing or using the Service you acknowledge that you have read and understood this policy. If you disagree with any part of this policy, please stop using the Service and contact us at hello@omnirank.net.

OmniRank is the data controller for personal data processed through the Service. Contact us at:
Email: hello@omnirank.net

We use your personal data for the following purposes and on the following legal bases under GDPR:

You may withdraw consent for marketing emails at any time by clicking "Unsubscribe" in any email or by updating your notification preferences in the dashboard.

We share personal data with the following categories of recipients. All sub-processors are bound by data processing agreements:

We retain your personal data for as long as your account is active or as needed to provide the Service, subject to the following schedules:

• Active accounts: All data retained while your account is open.
• Account deletion: When you request deletion, a 7-day cooling-off period applies. After the 7 days, all your data is purged from our database via cascade deletes. Your email address is replaced with an anonymised token for accounting and legal records.
• Unverified websites: Websites added but not verified are auto-archived after 8 days and permanently deleted after 30 days.
• Audit reports: Retained for 12 months per plan limits. Older reports are automatically purged.
• Payment records: Invoice and billing records are retained for 7 years to comply with tax and accounting obligations.
• Server logs: IP address logs are retained for 30 days for security purposes, then deleted.
• Contact form submissions: Retained for 12 months, then deleted unless an ongoing support relationship exists.

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): You may request that we delete your personal data. Exceptions apply where we are required to retain data by law.
• Right to data portability: You may request an export of your data in a machine-readable format. Use the "Download my data" button in Dashboard → Settings to generate a ZIP export at any time.
• Right to object: You may object to processing of your data where we rely on legitimate interests as our legal basis.
• Right to restrict processing: You may ask us to restrict processing of your data in certain circumstances.
• Right to withdraw consent: Where we rely on consent (e.g., marketing emails), you can withdraw consent at any time.

To exercise any of these rights, email us at hello@omnirank.netwith the subject line "Data Request — [Your Right]". We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or the relevant supervisory authority in your EEA country).

OmniRank's primary infrastructure is hosted in the EU. Some sub-processors (listed in Section 5) may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

We implement industry-standard technical and organisational measures to protect your personal data, including TLS encryption in transit, AES-256 encryption at rest, bcrypt password hashing, multi-factor authentication options, role-based access control, and regular security reviews. Despite these measures, no system is completely secure. If you discover a security vulnerability, please disclose it responsibly to hello@omnirank.net.

We use the following categories of cookies:

• Strictly necessary cookies: Session cookies required for authentication and basic site functionality (e.g., Supabase auth token). These cannot be disabled.
• Analytics cookies (PostHog): Help us understand how users interact with the platform. Can be opted out via our cookie banner or by setting posthog_opt_out=true in your browser.
• Payment cookies (Stripe): Stripe sets cookies during the checkout process for fraud prevention. These are subject to Stripe's privacy policy.
• reCAPTCHA (Google): Used on public forms to prevent spam. Google sets cookies as part of the reCAPTCHA v3 verification. Subject to Google's privacy policy.

For full details on managing cookies, see our Cookie Policy.

The Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@omnirank.net and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a notice on the dashboard. The "Last updated" date at the top of this page reflects when the policy was last revised. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

For data-related requests, questions, or complaints regarding this Privacy Policy, contact us at:
hello@omnirank.net
Subject line: "Privacy enquiry"