AI LocalRankAI LocalRank
Sign In

Privacy Policy

Last updated: March 8, 2026

This Privacy Policy explains how AI LocalRank SRL, CUI [YOUR_CUI_NUMBER], with registered address at [YOUR_FULL_STREET_ADDRESS], Bucharest, Romania (“AI LocalRank,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data when you use our website, platform, reports, and related services (collectively, the “Service”).

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Romanian data protection law (Law 190/2018), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable data protection legislation worldwide.

1. Data Controller

The data controller for your personal data is:

AI LocalRank SRL
CUI: [YOUR_CUI_NUMBER]
[YOUR_FULL_STREET_ADDRESS]
Bucharest, Romania
Email: privacy@ailocalrank.com

2. Personal Data We Collect

2.1 Data You Provide

  • Account data: name, email address, password (hashed), and authentication details when you create an account.
  • Business data: business name, website URL, address, phone number, and other business details you submit for analysis.
  • Payment data: billing information processed through Stripe. We do not store full payment card numbers.
  • Communications: any information you provide when contacting us for support or other inquiries.

2.2 Data Collected Automatically

  • Usage data: pages visited, features used, actions taken within the Service, timestamps, and session duration.
  • Device and technical data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Cookies and similar technologies: see Section 9 below.

2.3 Data from Third Parties

We may receive data from authentication providers (such as Google or GitHub) if you use third-party login, and from payment processors regarding the status of your transactions.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and legal bases under Article 6 GDPR:

  • Performance of contract (Art. 6(1)(b)): to create and manage your account, process payments, generate reports, deliver the Service, and provide customer support.
  • Legitimate interests (Art. 6(1)(f)): to improve and secure the Service, analyze usage patterns, prevent fraud and abuse, and communicate service-related updates. Our legitimate interests do not override your fundamental rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, anti-money laundering, and other legal requirements.
  • Consent (Art. 6(1)(a)): where required, for marketing communications and non-essential cookies. You may withdraw consent at any time.

4. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

  • Infrastructure providers: Vercel (hosting), Supabase (database and authentication), for the purpose of operating the Service.
  • Payment processors: Stripe, for processing payments securely.
  • AI model providers: OpenRouter and underlying model providers, for generating report outputs. We minimize personal data sent to these providers.
  • Analytics providers: for aggregated usage analytics to improve the Service.
  • Legal and regulatory authorities: when required by law, regulation, court order, or governmental request.

We do not sell, rent, or lease your personal data to third parties. We do not share your personal data for cross-context behavioral advertising.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are located (such as Vercel, Supabase, Stripe, and OpenRouter).

Where we transfer personal data outside the EEA to a country that does not benefit from an adequacy decision by the European Commission, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • binding corporate rules of the recipient, where applicable; or
  • other approved transfer mechanisms under Article 46 GDPR.

You may request a copy of the relevant safeguards by contacting us at privacy@ailocalrank.com.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account data: retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations.
  • Report data: retained for as long as your account is active and accessible from your dashboard.
  • Payment records: retained for the period required by Romanian tax and accounting law (generally 10 years).
  • Usage and analytics data: retained in aggregated or anonymized form for product improvement.

When personal data is no longer needed, we will securely delete or anonymize it.

7. Your Rights Under GDPR (EEA Residents)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): to request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): to request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): to request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Art. 18): to request that we limit the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): to object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. In Romania, this is the Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), www.dataprotection.ro.

To exercise any of these rights, please contact us at privacy@ailocalrank.com. We will respond within one (1) month, as required by Article 12(3) GDPR.

8. Your Rights Under US State Privacy Laws

8.1 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), provides you with specific rights regarding your personal information. This section describes your rights and explains how to exercise them.

Categories of personal information collected: In the preceding twelve (12) months, we may have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: name, email address, IP address, account ID.
  • Commercial information: purchase history, credits purchased, reports generated.
  • Internet or other electronic network activity: browsing history within the Service, interaction data, device information.
  • Professional or employment-related information: business name and role, where voluntarily provided.
  • Inferences: diagnostic scores and AI-generated analysis based on Input Data.

Sources: We collect personal information directly from you, automatically through your use of the Service, and from third-party authentication and payment providers.

Business purposes: We use personal information for the purposes described in Section 3 of this Privacy Policy.

Sale and sharing: We do not sell your personal information, and we have not sold personal information in the preceding twelve (12) months. We do not share personal information for cross-context behavioral advertising as defined under the CCPA.

Your California privacy rights:

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request that we delete the personal information we have collected about you, subject to legal exceptions.
  • Right to correct: You may request that we correct inaccurate personal information.
  • Right to opt out of sale/sharing: As we do not sell or share personal information for behavioral advertising, this right does not currently apply.
  • Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by the CCPA for purposes other than those permitted by law.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your California privacy rights, please contact us at privacy@ailocalrank.com. We will verify your identity before fulfilling your request. We will respond within forty-five (45) days of receiving a verifiable request, as required by the CCPA.

You may designate an authorized agent to make a request on your behalf. We may require the authorized agent to provide proof of written authorization and may verify your identity directly.

8.2 Residents of Other US States

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another US state with a comprehensive consumer privacy law, you may have similar rights regarding your personal data, including the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of certain processing activities.

To exercise any rights available to you under your state's privacy law, please contact us at privacy@ailocalrank.com. If your request is denied, you may have the right to appeal by contacting us at the same email address.

9. Cookies and Similar Technologies

We use cookies and similar technologies to operate, secure, and improve the Service.

  • Strictly necessary cookies: required for the Service to function (authentication, security, session management). These do not require consent.
  • Analytics cookies: used to understand how the Service is used, in aggregated form. Placed only with your consent.
  • Preference cookies: used to remember your settings and preferences. Placed only with your consent.

You can manage your cookie preferences through your browser settings or through the consent mechanism provided on our website. Disabling certain cookies may affect the functionality of the Service.

For more information, see the ePrivacy Directive (2002/58/EC) and its Romanian implementation (Law 506/2004).

10. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no universally accepted standard for how to interpret and respond to DNT signals, we do not currently respond to browser DNT signals. However, you can manage your tracking preferences through your browser settings and, where available, through our cookie consent mechanism.

California law requires us to disclose how we respond to DNT signals. As stated above, we do not currently respond to DNT signals but do provide you with the cookie and privacy controls described in this Privacy Policy.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, regular security reviews, and secure infrastructure provided by our service providers.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under the age of 16 (or the applicable minimum age in your jurisdiction). In the United States, we do not knowingly collect personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal data from a child below the applicable minimum age, we will take steps to delete such data promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last updated” date and, where appropriate, providing additional notice (such as email notification or an in-app notice).

We encourage you to review this Privacy Policy periodically.

14. Contact

For questions or requests regarding this Privacy Policy or your personal data, please contact:

AI LocalRank SRL
CUI: [YOUR_CUI_NUMBER]
[YOUR_FULL_STREET_ADDRESS]
Bucharest, Romania
Email: privacy@ailocalrank.com