Privacy Policy

Last Updated: May 22, 2026

1. Introduction

Welcome to RankingRider ("we," "our," or "us"). RankingRider for Ecwid is an application developed by Kaestria that uses AI to generate and optimize product SEO content for Ecwid stores. We are committed to protecting your information and your right to privacy. If you have any questions about this policy, contact us at contact@rankingrider.com.

2. Information We Collect

When you install and use the RankingRider Ecwid app, we collect the following data:

  • Store identity: Your Ecwid store_id — a stable, non-personal numeric identifier of your Ecwid store.
  • Access token: The OAuth access token Ecwid issues to our app at install time, so we can read your product catalog and write back optimized SEO fields. The token is encrypted at rest using AES-256-GCM and is never exposed to the browser.
  • OAuth scopes: The list of permissions you granted at install (e.g. read_catalog, update_catalog, charge).
  • Product data: Product titles, descriptions, SKUs and categories that you submit (manually or by picking from your Ecwid catalog) for SEO optimization.
  • Optimization records: The AI-generated SEO outputs (titles, meta descriptions, keywords, scores) keyed to your store_id.
  • Plan state: The subscription tier currently active for your store (free / basic / premium), kept in sync with Ecwid via the application.subscriptionStatusChanged webhook.
  • Session cookie: A short-lived (15 min) HMAC-signed cookie named ecwid_session containing your store_id and interface language. It is HTTP-only and secure, used solely to keep you logged in across iframe loads. We do not use any analytics or tracking cookies.

We do not collect personal data about the end customers of your Ecwid store. We do not store payment card information — billing is handled entirely by Ecwid Native Billing (see §5).

3. How We Use Your Information

  • To authenticate your Ecwid store and provide access to the app inside your Ecwid Control Panel.
  • To generate AI-powered SEO content based on the product data you submit, via the Google Gemini API.
  • To store and display your optimization history within the app.
  • To manage your subscription plan and enforce usage limits.
  • To publish optimized SEO fields (title, meta description, description HTML) back to your Ecwid store, only upon your explicit request.
  • To improve the quality and performance of our service.

4. Data Sharing & Third Parties

We share your data only with the following third-party processors, strictly necessary for operating the app:

  • Ecwid by Lightspeed: To access your store's product data and publish optimized content via the Ecwid REST API v3, and to charge subscription / one-shot fees via Ecwid Native Billing. Governed by the Ecwid Privacy Policy.
  • Google Gemini API (Google LLC): Product data you submit (name, category, description, target market, tone) is sent to Google's Gemini API to generate the SEO output. Governed by Google's API Terms of Service and the Google Privacy Policy.
  • Supabase (Supabase Inc.): Database storage for plan state, encrypted access tokens, and optimization records. Hosted in the EU region. Governed by the Supabase Privacy Policy.

We do not sell your data to any third party. We do not use your data for advertising.

5. Billing & Payment Data

All charges (recurring subscription and one-shot premium upgrades) are processed by Ecwid Native Billing on our behalf. We never receive or store your payment method (card number, bank details, etc.). We only receive the resulting subscription status (ACTIVE, TRIAL, SUSPENDED) and the opaque transactionId of each custom charge, used solely to enforce plan limits and detect idempotent retries.

6. Data Retention & Deletion

We retain your store data and optimization records for as long as the app is installed on your Ecwid store. When you uninstall the app, Ecwid sends an application.uninstalled webhook to our service: upon receipt, the stored access token is deleted immediately, blocking any further access to your store. Your store profile and optimization history are retained for thirty (30) days after uninstall to allow seamless resumption if you re-install during that window. After 30 days, all remaining data is permanently deleted. You may also request immediate deletion at any time by emailing us (see §8), or by using Ecwid's Personal Data Removal Request mechanism — we honour both profile.personalDataExportRequest and profile.personalDataRemovalRequest webhooks within the GDPR 30-day window.

7. Security

Access tokens issued by Ecwid are encrypted at rest using AES-256-GCM with a key never exposed to the client. All data transmission occurs over HTTPS/TLS. Access to our database is restricted via role-based access control. Inbound webhooks from Ecwid are verified against the app's client secret using HMAC-SHA256 with a timing-safe comparison.

8. Your Rights (GDPR & Beyond)

Under GDPR and similar regulations, you have the right to access, rectify, export, or delete any personal data we hold about you. To exercise any of these rights, email contact@rankingrider.com. We will respond within 30 days.

9. Contact & Data Controller

The data controller is Kaestria, 11 rue Maurice Lecolier, 97441 Sainte-Suzanne, La Réunion, France. SIRET 851 571 927 00025.
Email: contact@rankingrider.com

See also our Terms and Conditions.