Privacy Policy

This Privacy Policy describes how Sky Vista Consulting ("we," "us," or "our") collects, uses, and shares personal information when you use Rankrop™ (the "Service"). By using the Service, you agree to the practices described here.

1. Information we collect

1.1 Information you provide directly

• Account information. Name, email, password (stored hashed), workspace name.
• Billing information. Processed by Stripe — we do not see or store full card numbers. We retain the last 4 digits and brand for display purposes.
• Client data. Information you add about your clients: business names, domains, NAP details, GSC properties, etc.
• Content. Briefs, reports, drafts, comments, tasks, and other content you create.
• Communications. Support requests, feedback, survey responses.

1.2 Information we collect automatically

• Usage data. Which features you use, when, and how often. Used to improve the Service.
• Device data. Browser type, OS, IP address, screen size — for compatibility and security.
• Cookies. Session cookies for authentication. Cookies set by us are essential for the Service to function.

1.3 Information from integrations

When you connect Google Search Console, Google Analytics, Google Business Profile, Ahrefs, SEMrush, or other integrations, we access only the data needed to power the corresponding features. OAuth tokens are encrypted at rest. We do not share data between integrations except as needed to display features inside the Service.

2. How we use information

• To provide, maintain, and improve the Service
• To process payments and manage subscriptions (via Stripe)
• To send service-related communications (account, billing, security)
• To respond to support requests
• To monitor usage and prevent abuse
• To comply with legal obligations
• To send product updates and marketing communications (opt-out anytime)

3. AI processing

Some features call third-party AI providers (Anthropic Claude, etc.). When you use these features, the relevant content (e.g., a content brief prompt) is sent to the provider under their terms.

We do not use Your Content to train AI models. Our AI providers' standard enterprise terms also prohibit training on customer data. Each AI call is one-shot — prompts and responses aren't stored beyond what's needed to display them back to you in the Service.

4. How we share information

We do not sell personal information. We share data only as follows:

• Service providers. Cloud hosting (Laravel Forge / AWS), email delivery (SendGrid / Postmark), payment processing (Stripe), error monitoring (Sentry), AI providers (Anthropic), search-data providers (SerpAPI). Each operates under contractual data-protection commitments.
• Workspace members. Data inside a workspace is visible to all members of that workspace. You control who you invite.
• Legal requirements. Where required by law, subpoena, or court order — we challenge overbroad requests where possible.
• Business transfers. If we're acquired or merge, your data may transfer to the successor under terms at least as protective as this policy.

We do not share data between separate workspaces. Multi-tenancy is enforced at the database level — every row is tagged with a workspace ID and Eloquent global scopes prevent cross-workspace queries.

5. Data retention

Active accounts: data retained for the life of the account.

Cancelled accounts: workspace data retained for 30 days (read-only) after cancellation, then permanently deleted. You can export data via CSV during this window. Request immediate deletion at support@skyvistaconsulting.com.

Audit logs and billing records are retained for 7 years for legal and tax purposes.

6. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (subject to legal retention requirements)
• Export your data in a portable format (CSV)
• Object to certain processing
• Withdraw consent for marketing communications
• Lodge a complaint with a supervisory authority (EU/UK users)

To exercise these rights, email privacy@skyvistaconsulting.com.

7. Security

We follow industry-standard practices to protect your data:

• TLS encryption for all data in transit
• Encryption at rest for sensitive fields (API keys, OAuth tokens, 2FA secrets, recovery codes)
• Per-workspace data isolation enforced at the database query level
• Two-factor authentication (TOTP) available for all accounts
• Regular security audits and dependency updates

See our Security page for more detail.

8. International transfers

The Service is hosted in the United States. If you access it from outside the US, your data will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) for cross-border transfers.

9. Children's privacy

The Service is not intended for users under 18. We do not knowingly collect personal information from children.

10. Cookies & tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers on the application side of the Service. Our marketing pages may use minimal analytics (page views) and we do not run ad-targeting pixels.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and in-app banner at least 30 days before taking effect.

12. Contact

Questions about this policy or your data?

• Email: hello@skyvistaconsulting.com
• Phone: +1 702-763-2606
• Data Subject Access Requests: hello@skyvistaconsulting.com
• EU/UK representative: see our DPA for details

---

Sky Vista Consulting
Las Vegas, Nevada, USA
hello@skyvistaconsulting.com · +1 702-763-2606