Eleven Google ranking signals tracked automaticallyBuilt around UK postcodes and high streetsLive Google Maps Places data — no scrapingMeasurable visibility lifts within 30 daysPlain-English fixes, not 200-item checklistsHonest competitor comparison across your local packDesigned by a UK team for UK businessesEleven Google ranking signals tracked automaticallyBuilt around UK postcodes and high streetsLive Google Maps Places data — no scrapingMeasurable visibility lifts within 30 daysPlain-English fixes, not 200-item checklistsHonest competitor comparison across your local packDesigned by a UK team for UK businesses
Rank Meter
Privacy

Privacy Policy

How Rank Meter collects, uses and protects your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Last updated 8 May 2026.

1. Who we are

Rank Meter is operated from the United Kingdom. We act as a data controller for the personal data described in this policy. If you have any questions about how your data is handled, contact us at hello@rankmeter.co.uk.

2. The data we collect

We only collect data that is necessary to deliver the service.

  • Free scan input — the business name and UK town you type into the search box, plus the IP address used to call our scan API.
  • Account data (paid customers) — email address, hashed password, business name, billing details, the saved projects you create, and our service-task history for your account.
  • Google Business Profile (optional) — if you choose to connect your GBP via Google's OAuth, we store a refresh token, the Google account email you used, and your Google account ID. We never see your Google password.
  • Audit log — timestamps of significant actions on your account (sign-up, sign-in, password reset, plan changes, GBP connection) for security and dispute-resolution purposes.
  • Cookies — a single HttpOnly session cookie after sign-in. See our cookie notice.

3. Why we collect it (lawful bases)

  • Performance of a contract — to deliver the scans, reports, and SEO services you have signed up for.
  • Legitimate interests — to keep the service secure, prevent abuse, and improve the product. You can object at any time.
  • Consent — for optional integrations such as the Google Business Profile OAuth connection, which you can revoke at any time.
  • Legal obligation — to retain financial records (invoices) for the period required by HMRC.

4. Who we share data with

We do not sell your data. We share it only with the processors below, each bound by a written data-processing agreement:

  • Stripe — payment processing. Stripe holds your card data directly; we only receive a customer ID and subscription status.
  • Resend — transactional email delivery (welcome, password reset, weekly digest).
  • Google — Maps Places API, Geocoding, PageSpeed Insights, and (if you connect) the Business Profile API.
  • Cloudflare — CAPTCHA verification on sign-up to block automated abuse.
  • Our hosting provider — to run the application servers and database.

Some of these providers operate outside the UK. Where data is transferred outside the UK, we rely on the UK's adequacy decisions or Standard Contractual Clauses with appropriate supplementary measures.

5. How long we keep it

  • Free-scan input — not stored beyond the scan response.
  • Account & project data — kept while your account is active and for 30 days after closure, then deleted.
  • Invoices & payment records — six years (HMRC requirement).
  • Audit logs — twelve months from creation.

6. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request erasure ("right to be forgotten");
  • restrict or object to processing;
  • request portability of the data you provided;
  • withdraw consent for any processing based on consent;
  • complain to the Information Commissioner's Office (ICO).

Email hello@rankmeter.co.uk with the subject line "GDPR request" and we will respond within 30 days.

7. Security

Passwords are hashed with bcrypt (cost 12). Session cookies are HttpOnly + SameSite=Lax + Secure in production. Sensitive Google OAuth tokens are stored encrypted at rest. We do not log card numbers or full tokens. If you suspect any account compromise, email hello@rankmeter.co.uk immediately.

8. Children

Rank Meter is a B2B service intended for UK business owners. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.

9. Changes to this policy

If we make material changes we will email account holders at least 14 days before the change takes effect. The current version is always available at this URL with a "Last updated" date.

10. Contact

Questions, requests or complaints — email hello@rankmeter.co.uk.