Privacy Policy

Last updated: May 4, 2026

1. Data controller

The data controller in the sense of GDPR is:

Omar Kumbarji
Louis-Ferdinand-Str. 9
50733 Köln
Germany
Phone: +49 152 24910414
Email: support@rankpulse.org

2. What data we process

• Account data: email address, hashed password (managed by Supabase Auth)
• Product data: Amazon ASINs and marketplaces you choose to track
• Push tokens: Firebase Cloud Messaging tokens (anonymous, only if push is enabled)
• Payment data: processed exclusively by Lemon Squeezy — we never see your full credit card or bank details
• Technical data: truncated IP address, app version, device type — for security and diagnostics only

3. Legal bases (GDPR)

• Contract performance (Art. 6(1)(b) GDPR) — to provide the service
• Legitimate interest (Art. 6(1)(f) GDPR) — security, debugging
• Consent (Art. 6(1)(a) GDPR) — push notifications

4. Sub-processors

To run the service we rely on the following providers:

• Supabase (database + authentication) — EU-region servers
• Cloudflare Workers (backend / API) — global edge network
• Lemon Squeezy (payments, Merchant of Record)
• Firebase Cloud Messaging (Google) — push notifications
• IONOS (transactional email)

5. International transfers

Some sub-processors (e.g. Cloudflare, Firebase) may process data outside the EU. Where this is the case we rely on the EU Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism.

6. Retention

Personal data is retained only as long as necessary for the contractual purpose or required by law. When you delete your account, all related data is removed within 30 days (with the exception of normal backup rotation).

7. Your rights

You have the right to:

• Access your data (Art. 15 GDPR)
• Correct inaccurate data (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Just send a quick email to support@rankpulse.org.

8. Cookies and tracking

This landing page does not use tracking cookies or analytics tools. The app itself uses only technically necessary session tokens for authentication.

9. Security

We use TLS for all connections, store passwords as bcrypt hashes (via Supabase), and use HMAC-signed webhooks when communicating with payment providers.

10. Changes

We may update this policy when our processing or the legal landscape changes. The current version is always available on this page.

Updated: May 4, 2026 · Questions: support@rankpulse.org