This Privacy Policy explains how Stone Rank Kft. (“Sorank”, “we”, “our”, “us”) collects, uses, stores, and protects your personal data when you visit sorank.com, use the Sorank SaaS platform, or interact with our services.
It also outlines your rights under the GDPR and how to exercise them.

1. Who We Are

Data Controller: Stone Rank Kft.
Address: Honvéd utca 8, 1st floor, door 2, 1054 Budapest, Hungary
EUID: HUOCCSZ.01-09-448748
Tax number: 32904556-2-41
EU VAT: HU32904556
Privacy contact: support (at) sorank.com
Website: https://sorank.com

2. Scope

This policy applies to:

• the Sorank website (sorank.com)
• the Sorank SaaS platform and all related features
• any consulting or SEO services provided by Stone Rank Kft.

A separate Cookie Policy details the trackers we use and your consent options.

3. Data We Process

We may process the following categories of data:

Identity & Contact Data

Name, surname, email address, company details, billing address, country, VAT number (if applicable).

Account & Usage Data

Login information, account settings, feature usage, actions performed in-app, consumed credits, logs, user preferences.

Billing & Payment Data

Invoices, transaction history, payment references.
Note: Credit card information is processed exclusively by Stripe; we do not store card data.

Technical Data

IP address, browser type, device information, visited pages, error logs, technical cookies, and—where consent is given—analytics and marketing cookies.

Google OAuth Data

Basic profile information and, depending on activated features, read/write access to selected files.
Access is strictly limited to performing the feature requested, and is immediately revoked if you remove permissions from your Google Account.

4. Purposes & Legal Bases

We process your data for the following purposes:

Service Delivery

Account creation, SaaS features, customer support.
Legal basis: Performance of a contract.

Billing & Compliance

Invoicing, VAT rules, anti-fraud measures.
Legal basis: Legal obligation and legitimate interest.

Product Improvement

Diagnostics, aggregated analytics, feature optimisation.
Legal basis: Legitimate interest.

Communication

Account notifications, service emails, operational messages.
Legal basis: Performance of a contract.

Marketing (optional)

Newsletters and promotional content.
Legal basis: Consent.

Security

Logs, abuse prevention, system protection.
Legal basis: Legitimate interest.

5. Processors & Recipients

We use GDPR-compliant processors, including:

• Stripe (payments, fraud prevention)
• Számlázz.hu / Számlabridge (invoicing automation)
• Webflow (website hosting)
• Notion (internal CRM, projects)
• Google (OAuth features, Analytics with consent)
• Emailing, logging, and monitoring tools as required

All processors operate under data processing agreements.
Where data is transferred outside the EU, we apply Standard Contractual Clauses, encryption, and data minimisation.

6. International Transfers

Some providers operate from outside the EEA, particularly in the United States.
We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Encryption
• Minimised storage durations
• Restricted access

7. Data Retention

We retain data only as long as necessary:

• Account and contractual data: duration of the relationship + up to 3 years
• Invoices and accounting records: 8–10 years (legal requirement)
• Technical logs: up to 12 months
• Marketing data: until withdrawal of consent or 3 years of inactivity
• Google integration data: deleted within 30 days after access revocation

8. Cookies

We use:

• cookies strictly necessary for website functionality
• analytics and marketing cookies (only with your consent)

Details are provided in the Cookie Policy and via the consent banner.

9. Security Measures

We implement strong technical and organisational safeguards, including:

• TLS encryption
• encrypted storage by our providers (where supported)
• strict access control and least-privilege principles
• system monitoring and audit logs
• secure payment processing exclusively through Stripe (PCI DSS compliant)

10. Your GDPR Rights

You have the following rights:

• right of access
• right to rectification
• right to erasure (where legally applicable)
• right to restriction
• right to object (for legitimate interest processing)
• right to portability
• right to withdraw consent at any time

To exercise your rights: support (at) sorank.com
We may request proof of identity where necessary.

You may also lodge a complaint with your local supervisory authority or with the Hungarian National Authority for Data Protection.

11. B2C Specifics & Right of Withdrawal

For digital content delivered immediately after explicit consent, the withdrawal right may no longer apply once execution has begun.

Refund rules are described in the Terms of Sale.

12. Customer Accounts & Billing Requirements

To issue compliant invoices, we require:

• full billing address
• country of residence
• valid VAT number for EU businesses

Invoices are issued by Stone Rank Kft., Hungary.

13. Minors

Our services are not intended for individuals under 16.
If such data is collected inadvertently, it will be deleted upon identification.

14. Changes to This Policy

We may update this Policy due to legal, technical, or operational changes.
Significant updates may be displayed on the Site or communicated by email.

The “last updated” date reflects the most recent revision.

15. Contact

For privacy questions or GDPR rights:
support (at) sorank.com