Rank Forge — Privacy Policy

Last updated: 2026-06-28

Rank Forge ("Rank Forge", "we", "us") is an embedded Shopify app that audits the on-page SEO of a merchant's store and, on the Pro plan, writes a single reversible fix (a meta description) back to the store after the merchant approves it. This policy explains exactly what data Rank Forge accesses, why, how long we keep it, and your rights. It is written to match what the app actually does — no more.

1. Who this applies to

This policy is for merchants who install Rank Forge on their Shopify store. Rank Forge does not process the personal data of your customers (see §4).

2. What we access, and why

Shopify access scopes

Rank Forge requests these scopes, and only these:

| Scope | Why |

|---|---|

| read_products | Read product and collection titles, descriptions and SEO meta fields to audit them and to ground the meta-description fix. |

| write_products | Write back only the SEO meta description of a product or collection, and only after you approve the fix. |

| read_content | Read pages, blogs and policies to audit them. |

| write_content | Write back only a page's meta description tag, and only after you approve the fix. |

Rank Forge does not request read_orders, read_customers, read_themes, read_files, or any other scope. It is structurally unable to read orders, customers or checkout data.

Public storefront

Rank Forge fetches your public sitemap.xml and rendered page HTML — exactly as any visitor or search engine would, with no access token — to run the deterministic on-page audit.

Protected Customer Data (PCD)

Rank Forge is Protected Customer Data Level 0: it does not request, access, store, or process any protected customer data (orders, customers, checkouts, or personally identifiable customer information). No PCD review tier above Level 0 applies.

3. What we store

Shop record: your myshopify.com domain and basic shop fields (name, email, country) needed to operate the app.
Shopify access token: encrypted at rest with AES-256-GCM. We store ciphertext, never the plaintext token.
Audit data: per-page on-page SEO findings, scores and stats derived from your public pages and catalog/content. This is on-page markup data, not customer data.
Fix history: for each applied meta-description fix, the new value and a snapshot of the exact previous value (so we can roll it back) plus timestamps.
Operational logs: job runs and webhook receipts for reliability and debugging. These do not contain customer PII.

4. What we never access

Orders, customers, checkouts, carts, fulfillment, payment data, or any personally identifiable customer information. We do not run any AI/LLM on your store content — the audit is a deterministic parse, so nothing about your content is sent to a third party for processing and nothing is retained by a third party.

5. How your data is used

Solely to: run the audit, show you scores and prioritized fixes, write the one meta-description fix you approve, roll it back on request, and re-audit after changes. We do not sell, rent, or share your data, and we do not use it to train any model.

6. Sub-processors

Hosting: our application server (a dedicated VDS) and managed PostgreSQL + Redis on the same infrastructure, used to run the app and store the data in §3.
Shopify: the platform we read from and write to under the scopes above.

We do not use any AI/LLM sub-processor, because the app uses no AI on your content. (For transparency: were that ever to change, this policy would be updated to name the provider — e.g. Anthropic — and we would disclose it before enabling it.)

7. Retention and deletion

Audit and fix data persists while the app is installed so your scores and history remain available.
On app uninstall, your shop is marked uninstalled and paid features stop.
On a Shopify shop redaction request (sent ~48 hours after uninstall), all of your data is permanently deleted from our systems via cascade delete.
The mandatory GDPR webhooks are honored: customers/data_request and customers/redact are answered truthfully ("we hold no customer data"), and shop/redact deletes all shop rows.

8. Your rights (GDPR / CCPA)

You may request access to, correction of, or deletion of your merchant data at any time by contacting us (§10), or trigger deletion yourself by uninstalling the app. Because Rank Forge holds no customer personal data, there is no customer data for us to export or erase on your customers' behalf.

9. Security

Access tokens are encrypted at rest (AES-256-GCM). All traffic is over HTTPS/TLS. Webhooks are HMAC-verified and deduplicated. Database access is least-privilege and not exposed publicly.

10. Contact

Questions or data requests: privacy@rankforge.syncerp.work

We respond within 30 days.