Preferences
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information
This Privacy Policy explains how Stone Rank Kft. ("Sorank", "we", "our", "us") collects, uses, shares, and protects personal data when you visit sorank.com, use the Sorank SaaS platform, or connect your Google Account through OAuth.
It also describes your rights under the GDPR and how to exercise them.
Publishing company: Stone Rank Kft.Legal form: Hungarian Limited Liability CompanyRegistered office: Honvéd utca 8, 1st floor, door 2, 1054 Budapest, HungaryCompany registration number: 01-09-448748Registered capital (törzstőke): 3 000 000 HUFEUID: HUOCCSZ.01-09-448748Tax number: 32904556-2-41EU VAT number: HU32904556
Publishing director: Thibault Besson MagdelainManaging director (ügyvezető): Thibault Besson MagdelainPrivacy Officer: Thibault Besson Magdelain, support (at) sorank.com
Contact and support email: support (at) sorank.comPhone (WhatsApp only): +18647271587Website: https://sorank.com
This Policy applies to:
• The Sorank website
• The Sorank SaaS platform and features
• SEO and consulting services provided by Stone Rank Kft.
• Google OAuth connections made by users
A separate Cookie Policy describes cookies and consent options.
Name, email, company information, billing details, VAT number.
Login activity, settings, feature usage, consumed credits, logs, internal analytics.
Invoices, transactions, payment references.We never store credit card details. Payments are handled by Stripe.
IP address, browser, device identifiers, visited pages, error logs, cookies.
When you choose to connect your Google account to Sorank, we only access the information required to provide the specific features you activate. We never access Gmail content, private messages, documents, or any data unrelated to the integration you request.
Non-sensitive information we may access
We may retrieve your primary Google email address, your public Google profile information (such as your name and profile picture), and the identification information required to authenticate your account through Google's sign-in system.
This is used only to create or connect your Sorank account and to display your profile information inside the application.
For features related to Google Search Console, we may access your validated site data. This includes reading your site's search performance, queries, pages, coverage, and indexing information. When you enable features that require it, the integration may also allow us to perform limited actions on Search Console properties you own or manage, such as submitting sitemaps or verifying settings.
For integrations involving Google Analytics partner features, Sorank may access settings necessary to connect your account and enable partner functionality. This access is used only to support configuration or synchronisation actions requested by the user.
Sorank may also run technical permission checks to ensure that your Google account has the correct access level for the features you want to use.
Sensitive information we may access
Some advanced features require access to read your Google Analytics data. This may include traffic metrics, acquisition metrics, engagement information, and similar analytics data used to generate SEO or GEO performance reports.
In some cases, we may also read user-permission information inside your Google Analytics account to confirm that Sorank can operate the integration correctly. These permissions are consulted only for verification purposes and never altered.
How we use Google OAuth data
We use the data obtained through Google OAuth only to deliver the functionalities you explicitly enable, including:
• Connecting your Sorank account using Google login• Generating SEO and GEO performance reports• Analysing Search Console data to provide insights• Synchronising Analytics data for audit or reporting features• Verifying permissions to ensure integrations function correctly• Performing technical actions you request inside Search Console or Analytics
Sorank does not:
• Sell or rent Google user data• Use Google user data for advertising or marketing• Share Google user data with third parties except strictly necessary service providers operating under data processing agreements• Use Google user data to build unrelated profiles• Combine Google data with external datasets for any purpose that is not directly related to the service• Store or access Google data beyond what is required to provide the feature you activated
Data retention and deletion
If you disconnect Sorank from your Google Account, all tokens and any cached Google data used for integrations are deleted within thirty days.
We do not retain Google OAuth data beyond what is strictly necessary to operate the service.
We process data for:
Account creation, platform features, customer support.Legal basis: Contract performance.
Invoices, taxes, fraud prevention.Legal basis: Legal obligation and legitimate interest.
Diagnostics, aggregated analytics.Legal basis: Legitimate interest.
Service emails, transactional notifications.Legal basis: Contract performance.
Newsletters, non-essential updates.Legal basis: Consent.
Anti-abuse monitoring, logs, access control.Legal basis: Legitimate interest.
We never sell, rent, or trade Google user data or personal data.
We may share limited data with GDPR-compliant processors that support the operation of Sorank. These processors act only under our instructions:
• Stripe (payments and fraud prevention)• Számlázz.hu / Számlabridge (invoice generation)• Webflow (website hosting)• Google (OAuth authentication)• Email service providers (transactional emails)• Logging and monitoring tools (server diagnostics)
Each processor signs a Data Processing Agreement and cannot use the data for independent purposes.
We may disclose data only if legally required, for example to:
• Hungarian tax authorities• Courts or regulators• EU supervisory authorities
We do not disclose Google OAuth data to third parties unless legally obliged.
Google OAuth data is:
• Never shared with external parties• Never transferred to advertisers• Never used to build profiles unrelated to Sorank's features• Never used for marketing
Access remains strictly scoped to the feature you activate.
If you revoke access, all OAuth tokens and related cached data are deleted within 30 days.
In the course of providing our services, your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). These transfers are carried out in compliance with Articles 44 to 49 of the GDPR and are protected by appropriate safeguards as detailed below.
Stripe, Inc. (United States): Payment processing. Transfer mechanism: Standard Contractual Clauses (SCCs) combined with technical security measures including encryption and tokenisation of payment data.
Webflow, Inc. (United States): Website hosting and content delivery. Transfer mechanism: Standard Contractual Clauses (SCCs) combined with TLS encryption in transit.
Google LLC (United States): Website analytics via Google Analytics. Transfer mechanism: EU-US Data Privacy Framework (DPF) certification.
Anthropic PBC (United States): AI-powered features. Transfer mechanism: Standard Contractual Clauses (SCCs) combined with encryption in transit and at rest.
You may obtain a copy of the relevant Standard Contractual Clauses by contacting us at: support (at) sorank.com
We regularly review the data protection practices of our sub-processors to ensure that appropriate safeguards remain in place. Where necessary, we implement supplementary technical and organisational measures in accordance with the recommendations of the European Data Protection Board (EDPB).
• Account and contractual data: duration of the relationship + 3 years• Accounting documents: 8 to 10 years (legal requirement)• Technical logs: up to 12 months• Marketing data: until withdrawal of consent or 3 years of inactivity• Google OAuth data: deleted within 30 days after access revocation
We use:
• Essential cookies• Optional analytics and marketing cookies (only with prior consent)
See Cookie Policy.
Sorank applies strong organisational and technical protections:
• TLS encryption• Encrypted storage by supported providers• Least-privilege access rules• Continuous monitoring• PCI DSS-compliant payment processing with Stripe
You may exercise:
• Right of access• Rectification• Erasure• Restriction• Objection• Portability• Withdrawal of consent
Request: support (at) sorank.com
We may verify identity before processing a request.
You may also contact your national privacy authority or the Hungarian NAIH.
Digital services provided after explicit consent may reduce or remove the withdrawal right.
Refund conditions are defined in our Terms of Sale.
To issue compliant invoices, we require:
• Billing address• Country of residence• VAT number for EU businesses
Invoices are issued by Stone Rank Kft., Hungary.
Sorank is not intended for individuals under 16.
We delete such data when discovered.
We may update this Policy due to legal, technical, or operational changes.
Important updates may be displayed on our Site or emailed to users.
.svg)
.svg)
