העדפות
הפרטיות חשובה לנו, ולכן יש לך אפשרות להשבית סוגים מסוימים של אחסון שייתכן שאינם נחוצים לתפקוד הבסיסי של האתר. חסימת קטגוריות עלולה להשפיע על חווית השימוש שלך באתר. מידע נוסף
הפרטיות חשובה לנו, ולכן יש לך אפשרות להשבית סוגים מסוימים של אחסון שייתכן שאינם נחוצים לתפקוד הבסיסי של האתר. חסימת קטגוריות עלולה להשפיע על חווית השימוש שלך באתר. מידע נוסף
This Privacy Policy explains how Stone Rank Kft. ("Sorank", "we", "our", "us") collects, uses, shares, and protects personal data when you visit sorank.com, use the Sorank SaaS platform, use the Sorank browser extension, or connect your Google Account through OAuth. It also describes your rights under the GDPR and how to exercise them.
Publishing company: Stone Rank Kft.
Legal form: Hungarian Limited Liability Company
Registered office: Honvéd utca 8, 1st floor, door 2, 1054 Budapest, Hungary
Company registration number: 01-09-448748
Registered capital (törzstőke): 3 000 000 HUF
EUID: HUOCCSZ.01-09-448748
Tax number: 32904556-2-41
EU VAT number: HU32904556
Publishing director: Thibault Besson Magdelain
Managing director (ügyvezető): Thibault Besson Magdelain
Privacy Officer: Thibault Besson Magdelain, support (at) sorank.com
Contact and support email: support (at) sorank.com
Phone (WhatsApp only): +18647271587
Website: https://sorank.com
This Policy applies to:
A separate Cookie Policy describes cookies and consent options.
Name, email, company information, billing details, VAT number.
Login activity, settings, feature usage, consumed credits, logs, internal analytics.
Invoices, transactions, payment references. We never store credit card details. Payments are handled by Stripe.
IP address, browser, device identifiers, visited pages, error logs, cookies.
When you choose to connect your Google account to Sorank, we only access the information required to provide the specific features you activate. We never access Gmail content, private messages, documents, or any data unrelated to the integration you request.
We may retrieve your primary Google email address, your public Google profile information (such as your name and profile picture), and the identification information required to authenticate your account through Google's sign-in system. This is used only to create or connect your Sorank account and to display your profile information inside the application.
For features related to Google Search Console, we may access your validated site data. This includes reading your site's search performance, queries, pages, coverage, and indexing information. This access is read-only: we never modify your Search Console settings, submit sitemaps, or change your site on your behalf.
For integrations involving Google Analytics partner features, Sorank may access settings necessary to connect your account and enable partner functionality. This access is used only to support configuration or synchronisation actions requested by the user.
Sorank may also run technical permission checks to ensure that your Google account has the correct access level for the features you want to use.
Some advanced features of the Sorank SaaS platform require access to read your Google Analytics data. This may include traffic metrics, acquisition metrics, engagement information, and similar analytics data used to generate SEO or GEO performance reports. This Google Analytics access applies to the Sorank SaaS platform only; the Sorank browser extension and the Sorank MCP connector never access Google Analytics and connect to Google Search Console in read-only mode only.
In some cases, we may also read user-permission information inside your Google Analytics account to confirm that Sorank can operate the integration correctly. These permissions are consulted only for verification purposes and never altered.
We use the data obtained through Google OAuth only to deliver the functionalities you explicitly enable, including:
Sorank does not:
The core feature of the Sorank browser extension is to analyse a web page you choose and give you SEO and GEO (AI-search) recommendations. When you run an audit, the extension reads that page's content locally in your browser (such as titles, meta tags, headings, images, links and text) to compute its scores. All analysis happens locally in your browser; the extension does not collect, store, or transmit the content of the pages you browse, and only the page you actively audit is shown in the report.
To complete the audit, the extension queries a small number of external services using only the address of the page or domain being audited, never your personal data:
These services receive only the public URL or domain you are auditing. The audit result is stored locally on your device so it can be displayed in the report and exported (PDF, JSON or CSV) when you ask for it.
Separately from the SaaS platform, the Sorank browser extension lets you connect Google Search Console to keep a long-term history of your site's search performance, beyond the 16-month window Google itself provides.
When you connect Search Console in the extension, you grant read-only access through Google's OAuth consent screen (scopes: openid, email and webmasters.readonly). To retrieve and store your data, your read-only Google access token is sent over an encrypted connection to our backend hosted in the European Union (Supabase), which uses it solely to call the Google Search Console API on your behalf; the token is not used for any other purpose. At your explicit request, we then store and retain the resulting performance data so we can show you its evolution over time. Specifically, we store clicks, impressions, click-through rate and average position, broken down by day, by query and by page, together with the email address of the connected Google account (obtained via the openid and email scopes), which is used solely to attach the history to you. We never modify your Google account or your site.
Building this history is the core purpose of the extension. Therefore, unlike the SaaS OAuth integration described above, this history is retained for as long as you use the extension and is not deleted automatically thirty days after you disconnect, so your history remains available if you reconnect. You can request its deletion at any time (see "Data retention and deletion" below and Section 10).
This data is hosted in the European Union (Supabase) and is never sold, rented, shared for advertising, or used to build unrelated profiles. Legal basis: your consent (GDPR art. 6(1)(a)), which you can withdraw at any time.
If you disconnect Sorank from your Google Account, all tokens and any cached Google data used for the SaaS integrations are deleted within thirty days. We do not retain Google OAuth data beyond what is necessary to operate the service you activated.
The one deliberate exception is the long-term Search Console history of the Sorank browser extension described above: because keeping that history is the feature you requested, it is retained until you ask us to delete it. To request deletion, email support (at) sorank.com from, or stating, the email address linked to your Google account; we process the request within 7 business days.
We process data for:
Account creation, platform features, customer support. Legal basis: Contract performance.
Invoices, taxes, fraud prevention. Legal basis: Legal obligation and legitimate interest.
Diagnostics, aggregated analytics. Legal basis: Legitimate interest.
Service emails, transactional notifications. Legal basis: Contract performance.
Newsletters, non-essential updates. Legal basis: Consent.
Anti-abuse monitoring, logs, access control. Legal basis: Legitimate interest.
Storing and presenting your Search Console performance data over time. Legal basis: Consent.
We never sell, rent, or trade Google user data or personal data.
We may share limited data with GDPR-compliant processors that support the operation of Sorank. These processors act only under our instructions:
Each processor signs a Data Processing Agreement and cannot use the data for independent purposes.
We may disclose data only if legally required, for example to:
We do not disclose Google OAuth data to third parties unless legally obliged.
Google OAuth data is:
Access remains strictly scoped to the feature you activate. If you revoke access, all OAuth tokens and related cached data for the SaaS integrations are deleted within 30 days; the browser extension's long-term Search Console history is kept until you request deletion (see Section 3 and Section 7).
In the course of providing our services, your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). These transfers are carried out in compliance with Articles 44 to 49 of the GDPR and are protected by appropriate safeguards as detailed below.
Stripe, Inc. (United States): Payment processing. Transfer mechanism: Standard Contractual Clauses (SCCs) combined with technical security measures including encryption and tokenisation of payment data.
Webflow, Inc. (United States): Website hosting and content delivery. Transfer mechanism: Standard Contractual Clauses (SCCs) combined with TLS encryption in transit.
Google LLC (United States): Website analytics via Google Analytics. Transfer mechanism: EU-US Data Privacy Framework (DPF) certification.
Anthropic PBC (United States): AI-powered features. Transfer mechanism: Standard Contractual Clauses (SCCs) combined with encryption in transit and at rest.
The browser extension's long-term Search Console history is stored in the European Union (Supabase EU region) and is therefore not subject to an international transfer.
You may obtain a copy of the relevant Standard Contractual Clauses by contacting us at support (at) sorank.com.
We regularly review the data protection practices of our sub-processors to ensure that appropriate safeguards remain in place. Where necessary, we implement supplementary technical and organisational measures in accordance with the recommendations of the European Data Protection Board (EDPB).
We use:
See Cookie Policy.
Sorank applies strong organisational and technical protections:
You may exercise:
Request: support (at) sorank.com
To delete the Search Console history stored by the browser extension, email support (at) sorank.com with the email address linked to your Google account; we handle the request within 7 business days.
We may verify identity before processing a request. You may also contact your national privacy authority or the Hungarian NAIH.
Digital services provided after explicit consent may reduce or remove the withdrawal right. Refund conditions are defined in our Terms of Sale.
To issue compliant invoices, we require:
Invoices are issued by Stone Rank Kft., Hungary.
Sorank is not intended for individuals under 16. We delete such data when discovered.
We may update this Policy due to legal, technical, or operational changes. Important updates may be displayed on our Site or emailed to users.
.webp){kind=small}
.webp){kind=small}
.svg)
.svg)
