Aura Ranking

Privacy Policy

Last updated: May 7, 2026

1. Overview

This Privacy Policy describes how Aura Ranking ("we", "us") collects, uses, and protects information when you use our service. We take your privacy seriously and are committed to being transparent about our data practices.

Aura Ranking acts as a data processor for client SEO data you manage on our platform — you are the data controller for that data and are responsible for its lawful handling. For your account data (name, email address, billing), Aura Ranking is the data controller.

2. Information We Collect

Account information

When you sign up, we collect your name, email address, and a hashed password (we never store plain-text passwords).

Client SEO data

Client domains, keywords, audit results, content pieces, and ranking data you create are stored in your account. This is your data — we do not access it for any purpose other than providing the service to you.

API keys and credentials

API keys you add (Gemini) and OAuth tokens (Google Search Console, Google Analytics) are stored encrypted using Supabase Vault (Transparent Column Encryption). We never store these in plain text and cannot read them.

Usage data

We collect basic usage metrics such as number of audits run, keywords tracked, and content projects created — used for plan limit enforcement and billing only.

Technical data

We log IP addresses and user agents for security purposes (detecting unauthorised access). These are not shared with third parties.

3. How We Use Your Information

  • To provide and improve the service
  • To enforce plan limits and process billing
  • To send transactional emails (account confirmation, password reset, invoices)
  • To detect and prevent fraud or abuse
  • To respond to your support requests

We do not use your client SEO data for any advertising or marketing purposes. We do not sell your data to any third party.

4. Data Controller vs. Data Processor

Under GDPR and similar laws, the distinction between controller and processor matters:

  • Your account data (name, email, billing info): Aura Ranking is the data controller and determines the purpose and means of processing.
  • Client SEO data (audits, keywords, content you create): You are the data controller. Aura Ranking is a data processor acting on your instructions.

If a person whose data you have stored requests access, correction, or deletion of their data, that is your obligation to fulfil. Contact us at support@auraranking.com if you need assistance extracting or deleting specific records.

5. Data Storage and Security

Your data is stored in a PostgreSQL database managed by Supabase with row-level security — each user can only access their own data. All data is encrypted at rest and in transit (HTTPS/TLS). API keys and credentials use Supabase Vault encryption. We perform regular backups. Our servers are hosted on Hetzner in Europe.

6. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — database, authentication, and encrypted secret storage
  • Hetzner — server hosting (data center in Europe)
  • Resend — transactional email delivery (confirmation, password reset)
  • PayPal — payment processing (we never store card details)

Third-party APIs you connect (Google Gemini, Google Search Console, Google Analytics) operate under their own privacy policies — please review those separately.

8. Cookies

We use a single session cookie (set by Supabase Auth) to keep you logged in. We do not use any advertising or analytics cookies. We do not use Google Analytics or any third-party tracking scripts on the app pages.

9. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR) — export all your audit data, keywords, and content at any time from the platform
  • Erasure (Art. 17 GDPR) — permanently delete your account and all associated data directly from Settings → Profile → Danger Zone
  • Rectification (Art. 16 GDPR) — update your profile information at any time
  • Portability (Art. 20 GDPR) — download your data via the platform
  • Restriction (Art. 18 GDPR) — request restriction of processing in certain circumstances
  • Objection (Art. 21 GDPR) — object to processing based on legitimate interests

For GDPR requests or any data-related questions, email us at support@auraranking.com and we will respond within 30 days. If you are an EU resident and believe we have violated your rights, you have the right to lodge a complaint with your national data protection authority (e.g., the German BfDI or Austrian DSB).

10. Data Retention

Active account data is retained for as long as your account exists. When you delete your account via Settings → Profile → Danger Zone, all personal data is permanently and immediately deleted. Payment records are retained for 7 years as required by law.

11. International Data Transfers

Our servers are hosted in Europe (Hetzner). Supabase may process data in the EU. If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions) in accordance with GDPR Chapter V.

12. Children's Privacy

Our service is not directed at anyone under 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy. Significant changes will be notified by email at least 14 days before taking effect.

14. Contact

For privacy questions or data requests: support@auraranking.com