Privacy Policy

Last updated: June 26, 2026

Welcome to RankPilot. We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, process, and protect your information when you use our platform (the "Service"), including our integration with Google API Services.

RankPilot is operated by Ingrows, located in Gwalior, MP, India. We serve as both a data controller and a data processor under applicable data protection regulations. We design our systems to prioritize user privacy, data security, and compliance with search engine policies.

1. Corporate Identity & Contact Details

This Service is owned and operated by:

Ingrows
Dr Kurele house, Maaji Plaza, near Sai Apartment, Idgah, Kampoo
Gwalior, Madhya Pradesh 474001
Email: contact@ingrows.in
Website: ingrows.in

2. Information We Collect

We collect information in the following categories to provide a comprehensive local SEO dashboard, reporting capabilities, and automated tools:

  • Account & Registration Information: Your name, professional email address, organization/agency details, password hashes, and user settings.
  • Financial and Billing Data: Payment details, billing address, and transaction history. All payments are processed securely via Stripe. We do not store raw credit card numbers on our servers.
  • System Logs and Analytical Data: IP addresses, browser specifications, page view telemetry, search terms, and feature interaction metrics. This is used solely to maintain platform stability and detect fraud.
  • Connected Third-Party Integration Data: Metrics, location parameters, and text content pulled from your authorized Google accounts.

3. Google API User Data & OAuth Scopes Disclosure

To enable the dashboard monitoring, Geogrid local search ranking tracking, Organic traffic auditing, and AI review response tools, RankPilot requests connection to your Google Account. We strictly comply with the Google API Services User Data Policy, including the "Limited Use" requirements.

Specifically, RankPilot requests authorization for the following Google OAuth scopes:

OAuth Scope URI Specific Use Case within RankPilot
https://www.googleapis.com/auth/business.manage Google Business Profile (GBP) Management: Used to read locations, retrieve business reviews, post drafts or authorized review replies, and schedule real-time business profile updates at your request.
https://www.googleapis.com/auth/webmasters.readonly Google Search Console: Used to sync and display organic search impression counts, click volumes, and search query keywords directly in your workspace SEO audit reports.
https://www.googleapis.com/auth/analytics.readonly Google Analytics 4 (GA4): Used to fetch pageview analytics, user sessions, traffic sources, and conversion metrics to compile comprehensive local ranking reports.

Limited Use Commitment: RankPilot’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Crucially, Google API user data is used solely to populate your dashboard and trigger the actions explicitly requested by you. Google API data is NEVER sold, rented, leased, or transferred to third-party databases, advertising networks, data brokers, or external AI model trainers.

4. Token Storage and Cryptographic Security

To interact with the Google APIs, our backend stores access and refresh tokens returned during the OAuth consent screen. We treat these credentials with enterprise-grade security:

  • AES-256-GCM Encryption: Refresh tokens are encrypted at rest using Advanced Encryption Standard with Galois/Counter Mode (AES-256-GCM). This guarantees confidentiality and authenticity of the tokens.
  • Key Separation: Cryptographic keys are stored in secure environment variables segregated from the primary application database.
  • In-Transit Security: All data exchanged between RankPilot, your browser, and Google servers is encrypted using Secure Sockets Layer / Transport Layer Security (SSL/TLS 1.2 or higher).

5. How We Use Collected Data

We process your data for the following legitimate business interests:

  • To authenticate user sessions and manage your agency subscription plans.
  • To display local geogrid search rankings, location reviews, and organic query stats on your dashboard.
  • To suggest AI-generated replies to customer reviews (utilizing secure, private API calls that do not train public models on your data).
  • To generate and deliver automated or manual PDF reports under your agency’s white-label branding.
  • To diagnose bugs, optimize page loading speeds, and detect potential security exploits.

6. Sharing and Third-Party Subprocessors

We do not share your information except with reliable, audited service providers critical to delivering our SaaS platform:

  • Stripe: Payment processing and invoice management.
  • Gemini API / Google Cloud: Natural language generation for drafting responses to reviews. No customer data is retained by Google for model-training purposes.

7. Data Retention & Deletion

We retain your personal and API-derived data for as long as your account remains active. You possess the absolute right to have your data erased. You can disconnect your Google account to revoke tokens instantly from the platform or request full data expunction by following our Data Deletion Instructions.

8. Policy Revisions

We may update this Privacy Policy from time to time to align with legal mandates or API changes. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date at the top.