Home
wRanks

Privacy Policy

Last updated: May 13, 2026

This Privacy Policy describes how wRanks, a product operated and managed by OhMySaaS ("we", "us", "our"), collects, uses, discloses, and protects information when you install and use the SEO & AI Visibility application ("the App") available through the Shopify App Store. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Shopify's API and Partner requirements.

1. Data Controller

The data controller responsible for your personal data is:

OhMySaaS (operating as wRanks)
Email: hello@wranks.com
Website: https://wranks.com

2. Information We Collect

2.1 Store Data (via Shopify API)

When you install the App, we access the following data through the Shopify API with your explicit authorization:

  • Products: titles, descriptions, images, prices, variants, and SEO metadata
  • Collections: titles, descriptions, and SEO metadata
  • Pages: titles, body content, and SEO metadata
  • Blog articles: titles, body content, authors, and SEO metadata
  • Theme data: theme files for structured data and meta tag injection
  • Store information: store name, domain, owner email, and locale settings
  • Script tags and assets: for injecting structured data markup

2.2 Google Search Console Data

If you choose to connect Google Search Console, we access search performance data (clicks, impressions, CTR, average positions) through Google's OAuth 2.0 API with read-only permissions. We do not store your Google credentials. Authentication is managed entirely through secure OAuth 2.0 tokens.

2.3 Usage Data

We automatically collect:

  • Feature usage patterns and credit consumption history
  • Optimization history and audit results
  • App performance and error logs

2.4 Personal Data

We collect the Shopify store owner's name and email address as provided by Shopify during the app installation process. We do not collect any personal data from your store's customers. The App does not process, store, or access any customer data, payment information, or order details.

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases as defined by Article 6 of the GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the App's services as described in the Terms of Service.
  • Consent (Art. 6(1)(a)): For optional integrations such as Google Search Console, where you explicitly authorize data access.
  • Legitimate interest (Art. 6(1)(f)): For service improvement, security monitoring, and fraud prevention.

4. How We Use Your Information

  • To generate AI-optimized SEO content (titles, descriptions, blog articles)
  • To perform SEO audits and provide actionable recommendations
  • To display search performance data from Google Search Console
  • To track keyword rankings via third-party SERP data providers
  • To monitor AI platform mentions of your brand across 8 AI chatbots
  • To inject structured data (JSON-LD) and social meta tags into your theme
  • To send transactional emails and reports you have opted into
  • To process subscription billing through Shopify's billing API
  • To improve and maintain the App's functionality and performance

5. Third-Party Services and Sub-processors

We share limited data with the following third-party services solely to provide the App's functionality:

ServicePurposeData SharedPrivacy Policy
OpenRouterAI content generationProduct/page content for optimizationopenrouter.ai/privacy
DataForSEOSERP tracking, competitor analysisKeywords and domain namesdataforseo.com/privacy
Google APIsSearch Console, Indexing APIStore domain and page URLspolicies.google.com
ShopifyBilling, authenticationSubscription eventsshopify.com/legal/privacy

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

6. Data Retention

  • Active installations: Data is retained for as long as the App is installed on your store.
  • After uninstallation: All associated store data is deleted within 30 days.
  • Billing records: Retained for up to 7 years as required by tax and accounting regulations.
  • Google OAuth tokens: Revoked and deleted immediately upon disconnection or uninstallation.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • API keys and credentials are stored using encryption at rest
  • Access to production systems is restricted to authorized personnel
  • Regular security audits and vulnerability assessments are performed
  • Google credentials are never stored; authentication uses OAuth 2.0 tokens only
  • Database backups are encrypted and access-controlled

8. International Data Transfers

Our servers are hosted in data centers that may be located outside of the EEA. When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs).

9. Your Rights

Under the GDPR, CCPA, and applicable data protection laws, you have the following rights:

  • Right of access (Art. 15 GDPR): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): Request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): Request deletion of your personal data.
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured format.
  • Right to restrict processing (Art. 18 GDPR): Request limitation of processing.
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent for optional integrations at any time.
  • Right to lodge a complaint: File a complaint with your local Data Protection Authority.

To exercise any of these rights, contact us at hello@wranks.com. We will respond within 30 days.

10. Cookies and Tracking

The App operates within the Shopify admin panel and does not set cookies on your storefront or track your customers.

11. Children's Privacy

The App is designed for business use by Shopify store owners and is not intended for individuals under the age of 18.

12. Shopify Compliance

As a Shopify Partner, we comply with:

  • Shopify's API Terms of Service and Partner Program Agreement
  • Shopify's mandatory privacy requirements for apps
  • Shopify's data protection addendum (DPA)
  • Responding to Shopify's mandatory data deletion webhooks (GDPR compliance)
  • Handling customers/redact, shop/redact, and customers/data_request webhooks

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect.

14. Contact Us

For any questions, concerns, or data requests:

OhMySaaS (operating as wRanks)
Email: hello@wranks.com
Website: https://wranks.com
Response time: Within 30 days of receipt