1. Data controller and scope
Vitaleo Naturals SL, trading as Distiq, is the data controller for the processing described here. Rankvia is a product of Distiq, not a separate controller or legal entity.
This policy covers rankvia.ai, Rankvia flows on app.distiq.ai, account and Google authentication, Free Preview and paid-plan handoffs, the Rankvia dashboard, integrations, billing, and support communications.
Vitaleo Naturals SLC/ Perú, 186 bis, 08020 Barcelona, Spain
info@distiq.ai
2. Data we process
- Account and authentication data: name, email, account IDs, workspace membership, login and session data, and Google profile data used for sign-in.
- Website and Business Profile data: submitted URLs, public website content, business identity, products, offers, audience, positioning, competitors, language, market, and confirmed profile details.
- Analysis and Content Calendar data: crawled public pages, metadata, structure, summaries, search opportunities, target queries, page plans, schedules, status, and user decisions.
- Generated content: prompts and instructions, briefs, drafts, page content, metadata, FAQs, links, images, edits, and publication preferences.
- Google Search Console data: authorized properties, queries, pages, clicks, impressions, CTR, position, dates, and connection status.
- Contact and support data: name, email, company or website, reason, subject, message, support history, and limited technical context.
- Billing data: selected website and plan, subscription and invoice status, provider IDs, tax details, payment status, and transaction metadata. Stripe processes payment-card data.
- Analytics and security data: interactions, page views, campaign attribution, browser and device information, approximate location, IP-derived security signals, logs, consent choices, and error reports.
Public website content can contain personal data. You must have authority to submit a website for analysis and should not submit secrets or highly sensitive personal data through forms, prompts, or content workflows.
3. Purposes and legal bases
- Contract: to create accounts, analyze authorized websites, provide Business Profiles and Content Calendars, generate pages, operate integrations, and manage subscriptions.
- Legitimate interests: to answer inquiries, secure the service, prevent abuse, diagnose failures, maintain reliability, and improve Rankvia in ways proportionate to user expectations.
- Consent: for non-essential analytics storage, optional integrations, and marketing communications where consent is required.
- Legal obligation: for tax, accounting, fraud-prevention, consumer, regulatory, and lawful-request obligations.
4. AI, search data, and connected services
Rankvia sends information reasonably needed for a requested feature to AI providers to analyze websites and generate profiles, opportunities, recommendations, briefs, and page content. It may also use search-data providers to measure demand and understand search results. AI output can be inaccurate and must be reviewed before use or publication.
When you connect Google Search Console, you authorize the processing of the selected property and performance data. You can disconnect it in the application, although doing so may limit data-informed features.
5. Processors and recipients
Actual provider categories audited for the Rankvia service include:
- Supabase: authentication, database, and storage.
- Vercel: hosting, deployment, and delivery.
- Stripe: checkout, subscriptions, invoices, taxes, and payment security.
- OpenAI and Anthropic: AI-assisted analysis and content generation where the relevant model is used.
- Google: OAuth and Google Search Console when authorized.
- PostHog: consent-based product and acquisition analytics.
- Sentry: application error and reliability monitoring.
- Resend: contact and transactional email delivery.
- Inngest: background workflow orchestration.
- DataForSEO: search-result and keyword-demand data used by Rankvia planning flows.
- Cloudflare Turnstile: challenge and abuse prevention in protected Free Preview flows when triggered.
Providers process data under their own terms and data-processing arrangements. Some may act as independent controllers for limited functions such as payment or account security.
6. International transfers
Some providers may process data outside the European Economic Area. Where required, transfers rely on adequacy decisions, Standard Contractual Clauses, or another valid safeguard.
7. Retention
Data is retained only as long as reasonably necessary for the purpose collected: account and service data while the account is active and for a limited period afterwards; website analysis and generated content as needed to provide Rankvia or until deleted under available controls; contact messages as needed to answer and document the request; billing and tax records for statutory periods; and security logs for limited periods unless an incident or legal duty requires longer retention.
8. Your rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to processing, and may withdraw consent at any time. Contact info@distiq.ai. You may also complain to the Agencia Española de Protección de Datos (AEPD) or your local supervisory authority.
9. Security, children, and changes
We use reasonable access, authentication, encryption-in-transit, monitoring, provider-security, and data-minimization measures. No online service is completely secure. Rankvia is intended for business and professional users and is not directed to children.
We may update this policy as the service or law changes. Material changes will be communicated through an appropriate channel, and the current date will appear at the top of this page.
