Privacy Policy

Theme Press Pty Ltd is an Australian company operating under the trading name Ranki. We provide AI-powered SEO, content marketing, and digital marketing automation services to Australian small and medium-sized businesses through the platform at ranki.com.au and app.ranki.com.au.

Our registered address is Sydney, New South Wales, Australia. For all privacy matters, contact our Privacy Officer at privacy@ranki.com.au.

Account and Business Information

• ▸Full name and business name
• ▸Email address - used for account access, service communications, and billing
• ▸Business website URL and domain
• ▸Business niche/industry and geographic location (used exclusively for SEO targeting)
• ▸Phone number (optional; collected only during onboarding calls)

Third-Party Platform Credentials and Tokens

• ▸Google OAuth tokens - read-only access to Google Analytics 4 and Google Search Console data. We do not modify, write to, or delete any data in your Google properties.
• ▸WordPress application credentials (username and application password) - encrypted at rest using AES-256, used exclusively to publish blog content and update SEO metadata (Rank Math fields) on your site. We never modify post body content or URL slugs.
• ▸Facebook and Instagram API access tokens - used solely to post content on your behalf
• ▸LinkedIn API tokens - used solely to post content on your behalf
• ▸YouTube API tokens - used to upload AI avatar videos to your channel

Website and SEO Data

• ▸SEO audit data from your website: page titles, meta descriptions, heading structure, internal links, HTTP status codes, word counts
• ▸Google Search Console data: keyword impressions, clicks, and average position
• ▸Google Analytics data: sessions, pageviews, and traffic source summaries
• ▸Keyword ranking data for your domain and specified competitor domains
• ▸AI-generated content published to your WordPress site (stored for reporting and refresh purposes)

Payment Information

All payment processing is handled exclusively by Stripe, Inc. Ranki does not collect, store, or have access to your credit card number, CVV, or banking details. We receive only a Stripe Customer ID and subscription status confirmation.

Prospect Analysis Data (Admin Tool Only)

When our team analyses a prospective client's publicly available website data prior to a sales meeting, that data is stored internally for proposal preparation only and is not used for any other purpose.

Technical and Usage Data

• ▸Server log data: IP address, browser type, pages visited, timestamps - retained for 90 days
• ▸Authentication events and session tokens
• ▸Application error logs (no personal content is captured in logs)

We use personal information strictly for the following purposes:

• ▸Providing and delivering the Ranki service, including AI content creation, publishing to your website, and posting to social platforms
• ▸Daily keyword rank tracking and generation of monthly SEO reports
• ▸AI search visibility monitoring across ChatGPT, Perplexity, and Google AI Overview
• ▸Website SEO audits and automated technical fixes
• ▸Billing and subscription management through Stripe
• ▸Service communications including onboarding, reports, alerts, and invoices
• ▸Product improvement using only aggregated, de-identified data - we do not use your individual business content to train AI models
• ▸Complying with applicable Australian laws and regulations

We do not sell, rent, lease, or trade your personal information to any third party for marketing or any other commercial purpose. We do not use your data for purposes beyond those stated without your explicit written consent.

To deliver the Ranki service, we share limited data with the following sub-processors. Each is bound by contractual data processing obligations and is prohibited from using your data for any purpose other than providing services to us:

• ▸Supabase Inc. (USA) - database and authentication. SOC 2 Type II certified. Data may be stored on servers located in the United States.
• ▸Stripe, Inc. (USA) - payment processing. PCI DSS Level 1 certified. We share only your email address and billing information required to create a subscription.
• ▸Anthropic, PBC (USA) - AI content generation via Claude API. Prompts include your business name, niche, location, and target keywords. Anthropic's API terms of service prohibit training AI models on API inputs.
• ▸HeyGen Inc. (USA) - AI avatar video generation. We share post titles and video scripts. No biometric data is shared.
• ▸ElevenLabs, Inc. (USA) - AI voice synthesis for video voiceovers. We share text scripts only.
• ▸DataForSEO LLC - keyword research and website crawl data. We share your domain and target keywords.
• ▸Resend Inc. (USA) - transactional email delivery. We share recipient email addresses and email content.
• ▸Pexels GmbH (Germany) - stock image and video library. We share text search queries related to your content topics.
• ▸Google LLC (USA) - Analytics, Search Console, and YouTube APIs. Subject to Google's Privacy Policy.
• ▸Meta Platforms Inc. (USA) - Facebook and Instagram API. Subject to Meta's Data Policy.
• ▸Microsoft Corporation (USA) - LinkedIn API. Subject to LinkedIn's Privacy Policy.
• ▸Railway Corporation (USA) - backend infrastructure and compute hosting.
• ▸Vercel Inc. (USA) - frontend hosting and global CDN.

Where personal information is transferred to a country outside Australia, we take reasonable steps to ensure it receives protection consistent with the Australian Privacy Principles, including relying on Standard Contractual Clauses and adequacy decisions where applicable.

Content published to your website and social media accounts is generated by artificial intelligence (Anthropic Claude). By using the Ranki service, you acknowledge that:

• ▸AI-generated content is reviewed for quality but may contain factual inaccuracies. You retain responsibility for the accuracy of content published under your brand and should notify us promptly of any required corrections.
• ▸Ranki makes no copyright claim over AI-generated content published to your platforms. You own the content published to your website and social channels.
• ▸AI-generated content is for general marketing purposes and must not be construed as professional legal, medical, financial, engineering, or other regulated professional advice.
• ▸Content generated for your business uses your business name, location, niche, and target keywords as inputs, but is not trained on your personal communications or private data.

We implement industry-standard technical and organisational security measures, including:

• ▸AES-256 encryption for stored credentials, tokens, and sensitive data at rest
• ▸TLS 1.3 encryption for all data transmitted between your browser, our servers, and sub-processors
• ▸Row-level security (RLS) policies enforced at the database level - no client can access another client's data
• ▸API credentials and secrets stored exclusively as environment variables, never in source code or version control
• ▸Role-based access controls - only authorised Ranki personnel with a legitimate business need can access client data
• ▸Regular security dependency audits and automated vulnerability scanning

Despite these measures, no system can guarantee absolute security. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme as soon as practicable, and no later than 30 days after becoming aware of the breach.

• ▸Account and business data: retained for the duration of your active subscription plus 7 years to meet Australian tax and record-keeping obligations under the Income Tax Assessment Act 1997 and Corporations Act 2001.
• ▸Published content: retained while your subscription is active. Upon cancellation, you may request a full data export within 30 days.
• ▸OAuth tokens (Google, Meta, LinkedIn, YouTube): deleted within 30 days of subscription cancellation or active token revocation by you.
• ▸WordPress credentials: deleted within 7 days of subscription cancellation.
• ▸Log and technical data: automatically purged after 90 days.
• ▸Prospect analysis data: retained for 12 months from the date of analysis, then deleted.
• ▸Billing records: retained for 7 years in accordance with Australian tax law.

You have the following rights regarding your personal information:

• ▸Access (APP 12): Request a copy of the personal information we hold about you.
• ▸Correction (APP 13): Request correction of inaccurate, out-of-date, or incomplete information.
• ▸Deletion: Request deletion of your personal information, subject to our legal retention obligations.
• ▸Withdrawal of consent: Withdraw consent for specific uses of your data, noting this may prevent us from delivering parts of the service.
• ▸Opt-out of direct marketing: Unsubscribe from non-essential marketing communications at any time.
• ▸Complaint: Lodge a complaint with the OAIC if you believe we have breached the Privacy Act.

To exercise any of these rights, email privacy@ranki.com.au. We will acknowledge your request within 5 business days and respond in full within 30 days. If we are unable to provide access or make a correction, we will explain why in writing.

Our platform uses the following cookies:

• ▸Strictly necessary cookies: Supabase session tokens required for authentication. These cannot be disabled without breaking the service.
• ▸Preference cookies: Theme settings (dark/light mode). Stored locally in your browser.

We do not use third-party advertising cookies, cross-site tracking pixels, or behavioural profiling cookies on our customer dashboard (app.ranki.com.au). The marketing website (ranki.com.au) may use anonymised analytics to improve performance.

The Ranki service is designed exclusively for business use by persons aged 18 and over. We do not knowingly collect personal information from minors. If we become aware that a person under 18 has provided personal information without verifiable parental consent, we will promptly delete that information and terminate the associated account.

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• ▸Notify you by email at least 14 days before the change takes effect
• ▸Update the effective date at the top of this page
• ▸Where required by law, seek your renewed consent

Continued use of the Ranki service after the effective date of any update constitutes acceptance of the revised Privacy Policy. If you do not accept the changes, you may cancel your subscription before the effective date.

For any privacy-related enquiry, access request, or complaint:

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• ▸Website: www.oaic.gov.au/privacy/privacy-complaints
• ▸Phone: 1300 363 992
• ▸Post: GPO Box 5218, Sydney NSW 2001