Lifetime Deal100k credits · $99Limited seats →
RankParse

Data Processing Agreement

Last updated: June 2026

This DPA governs how RankParse processes personal data on behalf of customers in the EU/EEA, in accordance with GDPR Article 28. By using the RankParse API, EU/EEA customers accept this DPA as part of the Terms of Service.

1. Parties and scope

  • This Data Processing Agreement (DPA) forms part of the RankParse Terms of Service between RankParse (Processor) and the customer (Controller) using the RankParse API.
  • This DPA applies where the customer processes personal data of EU/EEA data subjects using the RankParse API, and RankParse processes that data on the customer's behalf as required by GDPR Article 28.
  • If there is a conflict between this DPA and the Terms of Service, this DPA governs with respect to data protection obligations.

2. Nature and purpose of processing

  • Subject matter: RankParse processes API request metadata on behalf of the customer to deliver SEO data services.
  • Nature: API authentication, credit deduction, rate limiting, abuse detection, and response delivery.
  • Purpose: Providing the RankParse API service as described in the Terms of Service.
  • Duration: For the duration of the customer's active account. On account deletion, personal data is deleted within 30 days.

3. Categories of data and data subjects

  • Personal data processed: email address (account identity), API usage logs (endpoint called, timestamp, credits consumed, response status), IP address (Cloudflare edge, for rate limiting).
  • Data subjects: the customer's authorised users who hold API keys.
  • Special categories: RankParse does not process any special categories of personal data (Article 9 GDPR).
  • Note: RankParse API responses describe publicly crawlable web pages and domains — they do not contain personal data about individuals.

4. Processor obligations

  • Processing only on documented instructions: RankParse processes personal data only as necessary to deliver the API service described in the Terms of Service and this DPA.
  • Confidentiality: RankParse personnel with access to personal data are bound by confidentiality obligations.
  • Security: RankParse implements appropriate technical and organisational measures including encryption in transit (TLS), API key hashing (SHA-256), and access controls. See rankparse.com/security for details.
  • Sub-processor notification: RankParse will notify customers at least 30 days before engaging a new sub-processor that processes EU personal data, giving customers the opportunity to object.
  • Data subject rights: RankParse will assist the customer in responding to requests from data subjects exercising their rights (access, erasure, portability, restriction). Contact support@rankparse.com.
  • Data breach notification: RankParse will notify the customer without undue delay (and in any event within 72 hours of becoming aware) of a personal data breach affecting customer data.
  • Deletion: On account deletion or termination of the Terms of Service, RankParse will delete or return personal data within 30 days.
  • Audit: RankParse will provide the customer with information reasonably necessary to demonstrate compliance with this DPA, and will allow for audits or inspections on reasonable prior written notice.

5. Sub-processors

  • RankParse uses the following sub-processors to deliver the service. Customers authorise these sub-processors by accepting this DPA.
  • Cloudflare, Inc. (and Cloudflare Ireland Ltd for EU data): Infrastructure, edge network, D1 database, R2 object storage, DNS, DDoS protection, rate limiting. Data location: EU-accessible edge; account and database data stored in Cloudflare US region. DPA: cloudflare.com/gdpr/subprocessors.
  • Stripe, Inc.: Payment processing. Stripe is the controller of payment card data — RankParse never sees or stores card numbers. DPA: stripe.com/legal/dpa.
  • PostHog, Inc.: Product analytics (website only, not API). PostHog is only initialised after explicit cookie consent by the website visitor. DPA: posthog.com/dpa.
  • Google LLC: Website analytics via Google Analytics 4 (website only, not API). Only loaded after explicit cookie consent. DPA: business.safety.google/adsprocessorterms.

6. International transfers

  • Personal data may be transferred to and processed in the United States by Cloudflare, Stripe, PostHog, and Google. These transfers are governed by Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c) as included in each sub-processor's DPA.
  • Cloudflare Ireland Ltd acts as the EU entity for Cloudflare services, providing an adequate legal basis for EU data transfers.

7. Liability and indemnification

  • Each party is liable for damages caused by its own breach of this DPA and GDPR obligations.
  • RankParse's total liability under this DPA is subject to the limitations set out in the Terms of Service.

8. Governing law

  • This DPA is governed by the same law as the Terms of Service. Where EU law mandates a specific governing law, those provisions apply.

9. Contact

  • Data protection enquiries: support@rankparse.com. We will respond within 5 business days.
  • To execute a signed DPA for enterprise customers, contact support@rankparse.com.