legal

Privacy Policy

Last updated: 7 July 2026

RANKWIT SRL Società Benefit ("RankWit", "we", "our", or "us") values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you access or use our web application and its related services (the "Web App"), available through the following domains:

  • app.rankwit.ai
  • try.rankwit.ai
  • hotel.rankwit.ai
  • destination.rankwit.ai
  • ecommerce.rankwit.ai

All of these domains provide access to the same underlying RankWit platform, tailored to different use cases and industry verticals (for example hospitality, destinations, and ecommerce). This Policy applies to all of them equally.

This Policy applies exclusively to the Web App. It does not cover third-party websites or services that may be linked from it, including our public marketing website, which are governed by their own privacy notices.

1. Data Controller

The data controller responsible for processing your personal data under the EU General Data Protection Regulation (GDPR) is:

RANKWIT SRL Società BenefitPiazza delle Scuole 6, 95021 Aci Castello (CT), ItalyVAT / Tax code: 06209300877EU VAT number: IT06209300877REA: 478459 (Catania)Email: info@rankwit.aiCertified email (PEC): rankwit@pec.it

For any question about this Policy or about how your personal data is handled, you can contact us at info@rankwit.ai.

2. Who this Policy applies to

RankWit is a business-to-business (B2B) service intended for companies and professionals. The Web App is not directed to children, and we do not knowingly collect personal data from anyone under 18 years of age. If you believe a minor has provided us with personal data, please contact us so that we can promptly delete it.

3. Information we collect automatically

When you access or use the Web App, certain data is collected automatically to ensure functionality and security. This may include:

  • IP address
  • Date and time of access
  • Referring URL (where applicable)
  • Device identifiers (for example UDID or similar)
  • Device and operating system information
  • Browser type and version

This data is used to maintain the technical operation of the service, optimize performance, and prevent abuse or unauthorized access.

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in providing a secure and reliable service).

4. Information you provide voluntarily

Some features of the Web App require you to provide personal information.

4.1 Account registration and login

To create an account or access your workspace, we may process:

  • Email address, for authentication and communication
  • Organization name, for account and workspace management

Authentication is handled securely through AWS Cognito, a service provided by Amazon Web Services (AWS).

Purpose: To enable user registration, authentication, and account management.Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in secure service delivery).

Authentication log data may be retained for up to 30 days for system integrity and security monitoring.

4.2 Payments

When you make payments for subscription plans or premium features, your payment information is processed directly by our payment provider, Stripe Payments Europe, Ltd., located in Ireland.

RankWit does not store and does not have access to full payment card details. Stripe processes this data independently under its own GDPR-compliant privacy framework.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).More information: https://stripe.com/privacy

4.3 Newsletter and product updates (if applicable)

If you choose to receive updates or newsletters, we will use the email address you provide to send you relevant news about RankWit and its products. You may unsubscribe at any time via the link included in every email.

Legal basis: Art. 6(1)(a) GDPR (consent).

5. How the platform processes brand and market data

The core function of the Web App is to measure and optimize how brands are cited and represented across AI search engines and generative platforms. This processing concerns brand, market, and public web data, and does not consist of automated decisions that produce legal or similarly significant effects on you as an individual.

We do not carry out solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR in relation to your personal data.

6. Cookies and tracking technologies

The Web App uses cookies and similar technologies to ensure technical operation, store session information, and analyze how users interact with the platform.

  • Essential cookies: required for authentication, account security, and service delivery.Legal basis: Art. 6(1)(f) GDPR.
  • Analytical cookies: used to understand usage patterns and improve the user experience.Legal basis: Art. 6(1)(a) GDPR (consent).

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of the Web App.

For full details on the cookies we use, please refer to our Cookie Policy where available.

7. Analytics, performance, and infrastructure

7.1 Google Analytics

We use Google Analytics, provided by Google Ireland Limited, to collect anonymized statistical information about user behavior on the Web App. Google Analytics uses cookies to generate aggregated reports (for example number of visits and user flows). Your IP address is truncated within the EU before transmission to Google servers.

Legal basis: Art. 6(1)(a) GDPR (consent).More information: Google Privacy Policy.

7.2 Microsoft Clarity

We use Microsoft Clarity, provided by Microsoft Corporation, to understand how users interact with the Web App (for example clicks, navigation, and scroll behavior). Clarity collects anonymized usage data and is not used to record directly identifiable information.

Legal basis: Art. 6(1)(a) GDPR (consent).More information: Microsoft Privacy Statement.

7.3 Hosting and infrastructure

The Web App and its data are hosted on Amazon Web Services (AWS) infrastructure. AWS may process certain connection data (for example IP address and session tokens) to ensure the security and availability of the platform.

Data is primarily stored within the European Economic Area (EEA). Where transfers outside the EEA occur, AWS applies EU Standard Contractual Clauses (SCCs) to ensure compliance with the GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and scalable hosting).More information: AWS GDPR Center.

8. Service providers (sub-processors)

We rely on a limited number of trusted providers to operate the Web App. Each processes personal data only on our instructions and under a data processing agreement:

ProviderRoleLocationAmazon Web Services (AWS)Hosting, authentication (Cognito)EEA, with SCCs for any non-EEA transferStripe Payments Europe, Ltd.Payment processingIreland (EEA)Google Ireland LimitedAnalyticsIreland (EEA)Microsoft CorporationProduct analytics (Clarity)EEA / United States, with SCCs

9. Data sharing and international transfers

We share your personal data only in the following cases:

  • with the service providers listed above, where necessary to operate the Web App;
  • when we are legally required to do so;
  • when you have given explicit consent; or
  • where we have a legitimate interest that does not override your rights and freedoms.

Where data is transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied. We do not sell your personal data.

10. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law:

  • Technical and log data: up to 30 days.
  • Account and workspace data: for the duration of your contractual relationship with us, and thereafter only as required to comply with legal, accounting, and tax obligations (in Italy, accounting records are generally retained for 10 years).
  • Payment records: as required by applicable tax law.
  • Newsletter data: until you unsubscribe or withdraw consent.

Once data is no longer needed, it is securely deleted or anonymized.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against loss, misuse, or unauthorized access, in compliance with Art. 32 GDPR. These include encryption, access control, and continuous system monitoring.

12. Your rights under the GDPR

You have the right to:

  • access your personal data (Art. 15);
  • request rectification or erasure (Art. 16 and 17);
  • restrict processing (Art. 18);
  • object to processing (Art. 21);
  • request data portability (Art. 20);
  • withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7).

To exercise your rights, contact us at info@rankwit.ai. We may need to verify your identity before processing your request, and we will respond within the timeframes set by the GDPR.

13. Complaints

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with your local Data Protection Authority. In Italy, this is the Garante per la Protezione dei Dati Personali: www.garanteprivacy.it

14. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The latest version will always be available across the Web App domains listed above. Where changes are significant, we will provide an appropriate notice.