Privacy Policy

Last updated: April 6, 2026

Effective April 6, 2026

AI Rankia ("AI Rankia", "we", "us", or "our") operates the AI Rankia platform available at airankia.com and its subdomains, including the SaaS dashboard, REST API (api.airankia.com), and MCP server (mcp.airankia.com). This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

By using AI Rankia, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

1. Who We Are

AI Rankia is a Generative Engine Optimization (GEO) and Answer Engine Optimization (AEO) platform that monitors how brands appear in responses generated by AI search models including ChatGPT, Perplexity, Gemini, Google AI Mode, Claude, Grok, and others. We help businesses understand their AI search visibility, track citations, and analyze competitive positioning across AI-generated results.

For questions about this policy, contact us at [email protected].

2. Information We Collect

Account Information

  • Name and email address when you register
  • Password (stored as a secure hash — we never store plaintext passwords)
  • Billing information (processed by our payment provider — we do not store card numbers)
  • Organization or company name (optional)

Brand and Prompt Data

  • Brand profiles you create: name, website, industry, country, competitor lists, brand descriptions, social media links
  • Monitored prompts (queries) you configure for tracking
  • Target countries and languages for AI search monitoring

AI Model Response Data

When your prompts are sent to AI search models, we collect and store:

  • The full text responses returned by each AI model
  • Citations and URLs referenced in AI responses
  • Brand mentions, rankings, and visibility scores extracted from responses
  • Fan-out search queries generated internally by AI models
  • Shopping and local results where applicable

Important: Your prompts and brand data are used solely to generate AI search visibility reports for you. We do not use your data to train AI models, and we do not sell your brand or prompt data to third parties.

Usage and Technical Data

  • API requests and MCP tool calls (method, timestamp, response time — not full payloads)
  • Credit usage and billing events
  • Authentication events (login, logout, token issuance)
  • Error logs (anonymized where possible)
  • Browser type, operating system, and IP address (for security and fraud prevention)

Cookies and Analytics

  • Session cookies for authentication
  • Analytics cookies to understand how visitors use our marketing site (airankia.com)
  • You can disable non-essential cookies via your browser settings

3. How We Use Your Information

  • Providing the service: Running AI visibility queries, generating reports, tracking brand performance over time
  • Account management: Authentication, billing, subscription management, customer support
  • Product improvement: Understanding aggregate usage patterns to improve features (never using individual prompt content)
  • Security: Detecting and preventing fraud, abuse, and unauthorized access
  • Legal compliance: Meeting obligations under applicable law
  • Communications: Sending service updates, billing notifications, and (with your consent) product news

4. AI Model Integrations

To provide AI search visibility data, we send your configured prompts to third-party AI search platforms. This involves transmitting the query text (not your account details or brand profile) to:

  • OpenAI (ChatGPT / GPT-5 Search)
  • Google (Gemini Search, Google AI Mode, Google AI Overview)
  • Perplexity AI (Perplexity Sonar)
  • Anthropic (Claude Search)
  • xAI (Grok)
  • Additional models as added to the platform

Each of these providers has their own privacy policy governing how they process queries. We recommend reviewing their policies. We do not share your account information, brand profiles, or personal data with these providers — only the query text is transmitted.

5. MCP Server and API Access

AI Rankia provides a Model Context Protocol (MCP) server at mcp.airankia.com and a REST API at api.airankia.com. When you or an AI agent (such as Claude, ChatGPT, or Cursor) connects via MCP or API:

  • Access is authenticated via your personal API key or OAuth 2.1 token
  • All API calls are logged with timestamp, endpoint, and HTTP status (not full request/response bodies)
  • You are responsible for keeping your API key confidential
  • You can revoke API keys at any time from your account settings
  • MCP tool calls can read and write brand data, prompts, and run AI visibility queries on your behalf

When connecting AI Rankia to third-party AI assistants (ChatGPT, Claude, Cursor, etc.) via MCP, those platforms will be able to access your workspace data as permitted by your API key scope. Please review the privacy policies of those platforms.

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only in the following limited circumstances:

  • Service providers: Infrastructure providers (cloud hosting, database, authentication) who process data on our behalf under data processing agreements
  • Payment processors: For billing purposes only; we do not store payment card data
  • AI model providers: Query text only, as described in Section 4
  • Legal requirements: If required by law, court order, or to protect the rights and safety of our users
  • Business transfers: In connection with a merger, acquisition, or sale of assets — you will be notified in advance

7. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account closure upon request.
  • Brand and prompt data: Retained while your account is active. You can delete individual brands and prompts at any time from the dashboard or via API.
  • AI model responses and visibility data: Retained indefinitely to provide historical trend analysis. You can delete all data for a specific prompt via the dashboard.
  • Billing records: Retained for 7 years as required by financial regulations.
  • Security and access logs: Retained for 90 days.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated personal data
  • Portability: Request an export of your data in a machine-readable format
  • Objection: Object to processing of your data for marketing purposes
  • Restriction: Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, email [email protected]. We will respond within 30 days. For account deletion, you can also use the account settings page directly.

9. GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the service you subscribed to
  • Legitimate interests: Security, fraud prevention, product improvement
  • Legal obligation: Compliance with applicable law
  • Consent: Marketing communications (you can withdraw at any time)

You have the right to lodge a complaint with your local data protection authority.

10. CCPA (California Users)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected and how it is used
  • The right to delete personal information
  • The right to opt out of the sale of personal information — we do not sell personal information
  • The right to non-discrimination for exercising privacy rights

11. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted via TLS 1.2+
  • Data at rest is encrypted in our database infrastructure
  • Authentication uses secure token-based systems (Supabase Auth)
  • API keys are hashed and never stored in plaintext
  • Access to production systems is restricted to authorized personnel only
  • We conduct regular security reviews

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to [email protected].

12. International Data Transfers

AI Rankia operates globally. Your data may be stored and processed in the European Union or United States depending on infrastructure location. When transferring data from the EEA to other regions, we use appropriate safeguards including Standard Contractual Clauses (SCCs) where required.

13. Children's Privacy

AI Rankia is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice in the dashboard at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For any privacy-related questions, data requests, or concerns: