Privacy Policy

This Privacy Policy explains how Stone Rank Kft. (“Sorank”, “we”, “our”, “us”) collects, uses, shares, and protects personal data when you visit sorank.com, use the Sorank SaaS platform, or connect your Google Account through OAuth.
It also describes your rights under the GDPR and how to exercise them.

1. Who We Are

Data Controller
Stone Rank Kft.
Honvéd utca 8, 1st floor, door 2, 1054 Budapest, Hungary
EUID: HUOCCSZ.01-09-448748
Tax number: 32904556-2-41
EU VAT: HU32904556
Privacy contact: support@sorank.com
Website: https://sorank.com

2. Scope

This Policy applies to:

the Sorank website
the Sorank SaaS platform and features
SEO and consulting services provided by Stone Rank Kft.
Google OAuth connections made by users

A separate Cookie Policy describes cookies and consent options.

3. Data We Process

Identity & Contact Data

Name, email, company information, billing details, VAT number.

Account & Usage Data

Billing & Payment Data

Invoices, transactions, payment references.
We never store credit card details. Payments are handled by Stripe.

Technical Data

IP address, browser, device identifiers, visited pages, error logs, cookies.

Google OAuth Data

When you choose to connect your Google account to Sorank, we only access the information required to provide the specific features you activate. We never access Gmail content, private messages, documents, or any data unrelated to the integration you request.

Non-sensitive information we may access

We may retrieve your primary Google email address, your public Google profile information (such as your name and profile picture), and the identification information required to authenticate your account through Google’s sign-in system.
This is used only to create or connect your Sorank account and to display your profile information inside the application.

For features related to Google Search Console, we may access your validated site data. This includes reading your site’s search performance, queries, pages, coverage, and indexing information. When you enable features that require it, the integration may also allow us to perform limited actions on Search Console properties you own or manage, such as submitting sitemaps or verifying settings.

For integrations involving Google Analytics partner features, Sorank may access settings necessary to connect your account and enable partner functionality. This access is used only to support configuration or synchronisation actions requested by the user.
Sorank may also run technical permission checks to ensure that your Google account has the correct access level for the features you want to use.

Sensitive information we may access

Some advanced features require access to read your Google Analytics data. This may include traffic metrics, acquisition metrics, engagement information, and similar analytics data used to generate SEO or GEO performance reports.
In some cases, we may also read user-permission information inside your Google Analytics account to confirm that Sorank can operate the integration correctly. These permissions are consulted only for verification purposes and never altered.

How we use Google OAuth data

We use the data obtained through Google OAuth only to deliver the functionalities you explicitly enable, including:

connecting your Sorank account using Google login
generating SEO and GEO performance reports
analysing Search Console data to provide insights
synchronising Analytics data for audit or reporting features
verifying permissions to ensure integrations function correctly
performing technical actions you request inside Search Console or Analytics

Sorank does not:

sell or rent Google user data
use Google user data for advertising or marketing
share Google user data with third parties except strictly necessary service providers operating under data processing agreements
use Google user data to build unrelated profiles
combine Google data with external datasets for any purpose that is not directly related to the service
store or access Google data beyond what is required to provide the feature you activated

Data retention and deletion

If you disconnect Sorank from your Google Account, all tokens and any cached Google data used for integrations are deleted within thirty days.
We do not retain Google OAuth data beyond what is strictly necessary to operate the service.

‍

4. Purposes & Legal Bases

We process data for:

Service Delivery

Account creation, platform features, customer support.
Legal basis: Contract performance.

Billing & Compliance

Invoices, taxes, fraud prevention.
Legal basis: Legal obligation and legitimate interest.

Product Improvement

Diagnostics, aggregated analytics.
Legal basis: Legitimate interest.

Communication

Service emails, transactional notifications.
Legal basis: Contract performance.

Marketing (optional)

Newsletters, non-essential updates.
Legal basis: Consent.

Security

Anti-abuse monitoring, logs, access control.
Legal basis: Legitimate interest.

5. Sharing, Disclosure, and Transfer of Data (Required by Google)

5.1 No selling or commercial sharing

We never sell, rent, or trade Google user data or personal data.

5.2 With whom we share data

We may share limited data with GDPR-compliant processors that support the operation of Sorank. These processors act only under our instructions:

Stripe (payments and fraud prevention)
Számlázz.hu / Számlabridge (invoice generation)
Webflow (website hosting)
Google (OAuth authentication)
Email service providers (transactional emails)
Logging and monitoring tools (server diagnostics)

Each processor signs a Data Processing Agreement and cannot use the data for independent purposes.

5.3 Disclosure to third parties

We may disclose data only if legally required, for example to:

Hungarian tax authorities
courts or regulators
EU supervisory authorities

We do not disclose Google OAuth data to third parties unless legally obliged.

5.4 Google OAuth data sharing

Google OAuth data is:

never shared with external parties
never transferred to advertisers
never used to build profiles unrelated to Sorank’s features
never used for marketing

Access remains strictly scoped to the feature you activate.

If you revoke access, all OAuth tokens and related cached data are deleted within 30 days.

6. International Transfers

Some providers are located outside the EEA.
We rely on:

Standard Contractual Clauses
encryption
strict access restrictions
minimised retention

7. Data Retention

Account and contractual data: duration of the relationship + 3 years
Accounting documents: 8–10 years (legal requirement)
Technical logs: up to 12 months
Marketing data: until withdrawal of consent or 3 years of inactivity
Google OAuth data: deleted within 30 days after access revocation

8. Cookies

We use:

essential cookies
optional analytics and marketing cookies (only with prior consent)

See Cookie Policy.

9. Security Measures

Sorank applies strong organisational and technical protections:

TLS encryption
encrypted storage by supported providers
least-privilege access rules
continuous monitoring
PCI DSS-compliant payment processing with Stripe

10. Your GDPR Rights

You may exercise:

right of access
rectification
erasure
restriction
objection
portability
withdrawal of consent

Request: support@sorank.com
We may verify identity before processing a request.

You may also contact your national privacy authority or the Hungarian NAIH.

11. Withdrawal Right for Consumers

Digital services provided after explicit consent may reduce or remove the withdrawal right.
Refund conditions are defined in our Terms of Sale.

12. Billing Requirements

To issue compliant invoices, we require:

billing address
country of residence
VAT number for EU businesses

Invoices are issued by Stone Rank Kft., Hungary.

13. Minors

Sorank is not intended for individuals under 16.
We delete such data when discovered.

14. Changes to This Policy

We may update this Policy due to legal, technical, or operational changes.
Important updates may be displayed on our Site or emailed to users.

‍