Last updated: June 15, 2026
Privacy Policy
This Privacy Policy explains what personal data AskRank (operated by Supafast, "we", "us", "our") collects when you use askairank.com and the AskRank service, why we collect it, and what rights you have over your data.
1. Who we are
AskRank is a SaaS product built and operated by Supafast. For GDPR purposes, Supafast acts as the data controller for personal data collected through the AskRank service.
Contact: privacy@askairank.com
2. Data we collect
We collect the following categories of personal data:
Account data
Email address, password hash (stored by our authentication provider GoTrue), and account creation timestamp. Required to provide the service.
Brand and configuration data
Your brand domain, brand name, competitor domains, and the prompt library you configure. This is the core content you provide to use the service.
Tracking and polling data
Prompts submitted to AI models on your behalf, raw AI responses, mention detection results, sentiment scores, and citation URLs. Stored in time-series format with a 90-day hot retention window.
Analytics data (with consent)
Page views, session duration, feature interactions, and browser/device type, collected via PostHog (self-hosted). We collect analytics data only after you explicitly accept cookies via the cookie banner. You may withdraw consent at any time.
Payment data
Subscription status, plan tier, and billing history. Payment card details are processed and stored by Stripe - we never store raw card numbers.
Technical and log data
IP address, request timestamps, error logs (collected via Sentry), and Telegram chat ID if you configure Telegram alerts.
3. Why we collect it and legal basis
Service delivery (contractual necessity): account authentication, prompt polling, mention analysis, dashboard data, and alerts.
Billing and payments (contractual necessity): subscription management, invoicing, and Stripe checkout flows.
Product analytics (consent): usage patterns to improve the product. Only collected after you opt in via the cookie banner.
Security and fraud prevention (legitimate interest): error tracking, rate limiting, and abuse detection.
Legal compliance (legal obligation): tax records, financial reporting, and responding to lawful data requests.
4. Third-party processors
We share data with the following processors under data processing agreements (or equivalent contractual protections):
| Processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing, subscriptions | USA (SCCs) |
| PostHog | Product analytics (self-hosted, consent-gated) | EU server |
| Postmark | Transactional email delivery | USA (SCCs) |
| OpenAI | AI prompt responses (brand visibility polling) | USA (SCCs) |
| Anthropic | AI entity extraction and sentiment analysis | USA (SCCs) |
| Google (Gemini) | AI prompt responses (supplemental polling) | USA (SCCs) |
| Perplexity | AI citation source extraction | USA (SCCs) |
| Sentry | Error tracking and monitoring | USA (SCCs) |
SCCs = EU Standard Contractual Clauses as the transfer mechanism for US-based processors.
We do not sell your personal data to third parties.
5. Data retention
Account data: retained for the lifetime of your account, plus 30 days after deletion to support recovery requests.
Polling and mention data: 90 days hot storage (full access), 1 year warm storage (aggregated), archived to encrypted S3 after 1 year, purged after 3 years.
Analytics data (PostHog): 12 months, then purged automatically.
Billing records: 7 years as required by financial regulations.
6. Your rights under GDPR
If you are located in the European Economic Area (EEA) or the UK, you have the following rights:
Right of access: request a copy of the personal data we hold about you.
Right to rectification: request correction of inaccurate data.
Right to erasure:request deletion of your account and associated data ("right to be forgotten"). We will process erasure requests within 30 days.
Right to data portability: request an export of your data in machine-readable format (CSV).
Right to restrict processing: request that we limit how we use your data while a dispute is resolved.
Right to withdraw consent: withdraw analytics consent at any time via the cookie settings in the banner (bottom of every page), without affecting the lawfulness of prior processing.
Right to lodge a complaint: with your national data protection authority if you believe we have mishandled your data.
To exercise any of these rights, email us at privacy@askairank.com. We may need to verify your identity before processing the request.
7. Cookies
We use essential session cookies required for authentication and a small number of analytics cookies (PostHog) that are activated only with your consent. For full details see our Cookie Policy.
8. Security
We use industry-standard security practices: TLS in transit, encryption at rest for sensitive fields, row-level security on our database, and scoped API credentials per service. We perform regular security reviews and monitor for anomalies. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.
9. Children's privacy
AskRank is intended for business users aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us at privacy@askairank.com and we will delete it promptly.
10. Changes to this policy
We may update this policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. The "Last updated" date at the top of this page reflects the latest revision.
11. Contact
For any privacy-related questions or requests, contact us at privacy@askairank.com. We aim to respond within 5 business days.