Privacy Policy

Data controller

Ignacio Martinez Barrio

Tax ID (NIF)

ES02259286L

Registered address

c/ Marta Mata, 4; 08640 Olesa de Montserrat, Barcelona, Spain

Contact email

info@rankledger.app

Privacy / data-protection email

privacy@rankledger.app

Given the nature and scale of the processing, no Data Protection Officer is currently required. For privacy questions please contact us at privacy@rankledger.app.

We only collect data that is necessary for the purposes described below:

• Waitlist and newsletter: email address, language preference, date and time of registration.
• Demo request (full form): name, email, company/marketplace, role and any optional comments you provide.
• User account (when the platform becomes available): identifier, email, hashed password, billing data, usage preferences and related technical logs.
• Technical data: IP address, session identifier, device and browser characteristics, and data derived from cookies (see Cookie Policy).

We do not process special categories of data (article 9 GDPR) nor data from minors under 14. If you are under 14, do not send us personal data without consent from your parent or legal guardian.

• Manage your waitlist registration and send you the confirmation email.
• Keep you informed about the launch, news and product-related content where you have given explicit consent (newsletter).
• Handle demo requests and answer any enquiries you send us.
• Operate the platform once it is available, deliver the contracted service and provide customer support.
• Comply with legal obligations (tax, accounting, defence of claims).
• Maintain the security of the site: prevent fraud, abuse, automated attacks and diagnose incidents.

• Consent (art. 6.1.a GDPR): for newsletters, marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Performance of a contract or pre-contractual measures (art. 6.1.b GDPR): to manage your account, demo requests and provide the service when you subscribe to RankLedger.
• Legal obligation (art. 6.1.c GDPR): tax, accounting and data- protection obligations.
• Legitimate interest (art. 6.1.f GDPR): keep the site secure and prevent fraudulent use. We have run the corresponding balancing test and concluded that your rights are not significantly affected.

To deliver the service we rely on technology providers that act as data processors. We have signed the contractual agreements required by article 28 GDPR with each of them:

• Supabase (authentication and auxiliary database) — EU.
• Vercel (frontend hosting and CDN) — United States / global infrastructure.
• Railway (backend hosting and main database) — United States.
• Resend (transactional email such as the waitlist confirmation) — United States.
• Sender (newsletter and marketing automations when you have consented) — Lithuania (EU).
• Cloudflare Turnstile (anti-bot protection on forms) — United States.
• Stripe (payment processing when you subscribe to a paid plan) — Ireland / United States.

We do not sell or rent your data. Data may be disclosed to public authorities where required by law.

Some providers above are located outside the European Economic Area. In those cases transfers are covered by the Standard Contractual Clauses approved by the European Commission, or by other valid mechanisms set out in Chapter V of the GDPR, with the additional safeguards required in each case.

• Waitlist data is kept while your subscription is active and, after you unsubscribe, for the legal period needed to demonstrate compliance (up to 5 years for actions derived from commercial communications).
• Account data is kept for the duration of the contractual relationship and, afterwards, blocked during the applicable legal limitation periods.
• Demo-request data is kept for up to 2 years from the last interaction, unless the relationship turns into an active account.
• Security logs and technical records are kept for a maximum of 12 months.

As a data subject you may exercise the following rights at any time:

• Access: confirm whether we process your data and obtain a copy.
• Rectification: correct inaccurate or incomplete data.
• Erasure (right to be forgotten): request deletion of your data when no longer needed.
• Object to processing based on legitimate interest.
• Restrict processing in the cases provided by law.
• Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Withdraw the consent previously given, without affecting the lawfulness of prior processing.

To exercise them, write to privacy@rankledger.app stating which right you wish to exercise and, where appropriate, attaching a copy of a document confirming your identity. We will respond within one month (extendable to two months for particularly complex requests).

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) if you believe the processing does not comply with the regulations.

We apply reasonable technical and organisational measures to protect your data against unauthorised access, alteration, loss or accidental destruction. These include encryption in transit (HTTPS/TLS), role-based access control, mandatory multi-factor authentication for administrators, periodic backups and access monitoring.

RankLedger applies AI-based scoring to products and market opportunities. These scores do not constitute automated decisions producing legal effects on the user within the meaning of article 22 GDPR: they are decision-support tools. The user remains responsible for any action taken on their basis.

We may update this Privacy Policy to reflect legal changes or changes in our services. When changes are material, we will notify you by email or through a prominent notice on the site before they take effect.