Privacy policy.

1. Who we are

Rank Spot Media ("we", "our", "us") is a digital agency that designs and builds websites and runs SEO and paid advertising programs for client businesses. This privacy policy applies to the website at rankspotmedia.com (the "Site") and to information we collect from prospects, clients, and visitors.

2. What we collect

We collect information in three ways:

Information you give us

• Contact details such as name, email address, company name, and phone number when you submit the proposal form, send an email, or sign a contract.
• Project details you choose to share, including budgets, goals, and access credentials needed to deliver services.
• Billing information processed by our payment providers. We do not store full card numbers on our servers.

Information collected automatically

• IP address, browser type and version, device type, operating system, and screen size.
• Pages viewed, time on page, referring URL, and clicks, captured through analytics tools.
• Cookie identifiers and similar technologies.

Information from third parties

• Lead and enrichment data from publicly available sources or referral partners, used only to qualify and respond to inquiries.
• Authentication data from sign-in providers if you choose to connect them.

3. How we use it

• To respond to your inquiry and scope a proposal.
• To deliver services under a signed agreement, including design, development, SEO, and ads.
• To send invoices, project updates, and operational notices.
• To improve our Site, marketing, and service quality.
• To prevent fraud, abuse, and unauthorized access.
• To comply with legal obligations and respond to lawful requests.

We do not sell personal information, and we do not share it for cross-context behavioral advertising as defined by the CCPA / CPRA.

4. Legal bases (EEA / UK visitors)

Where GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to deliver agreed services), our legitimate interests (to run our business, secure our systems, and respond to inquiries), your consent (for non-essential cookies and marketing emails where required), and legal obligations (for tax, accounting, and compliance).

5. Cookies and similar technologies

We use a small number of cookies and similar technologies for the following purposes:

• Strictly necessary: required for the Site to function, such as remembering session state.
• Analytics: aggregate, mostly anonymized usage data so we can improve content and performance.
• Preferences: remember choices such as theme or language.

You can disable cookies in your browser, but parts of the Site may not function as intended.

6. Sharing

We share personal information only as follows:

• Service providers: hosting, analytics, email delivery, payment processing, and similar vendors, under written contracts that require them to protect the data and use it only for the agreed purpose.
• Professional advisors: lawyers, accountants, and auditors when needed.
• Authorities: when required by law, court order, or to protect rights, safety, and property.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice.

7. International transfers

Some service providers process data outside your country. Where required, we use approved transfer mechanisms (such as Standard Contractual Clauses) to keep your data protected to the standard required by your local law.

8. Retention

We keep personal information only as long as needed for the purposes set out above, then delete or anonymize it. Typical retention windows: proposal inquiries (24 months from last activity), client project files (7 years for financial records, longer if required by law), and analytics aggregates (up to 26 months in their original form).

9. Security

We use industry-standard administrative, technical, and physical safeguards: TLS encryption in transit, access controls, least-privilege staff access, regular backups, and vendor due diligence. No system is 100% secure, and we cannot guarantee absolute security.

10. Your rights

Depending on where you live (including under GDPR, UK GDPR, and CCPA / CPRA), you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data, subject to legal retention requirements.
• Object to or restrict certain processing.
• Port your data to another provider.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email [email protected]. We will respond within the statutory window (typically 30 to 45 days).

11. California residents

If you are a California resident, you have the rights described in section 10 plus the right to opt out of "sharing" for cross-context behavioral advertising. We do not engage in such sharing. To submit a request, email [email protected]. You may also designate an authorized agent to act on your behalf.

12. Children

The Site is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided information to us, please contact us and we will delete it.

13. Third-party links

Our Site may link to third-party websites we do not control. Their privacy practices are governed by their own policies, which you should review before submitting information.

14. Changes to this policy

We may update this policy from time to time. Material changes will be flagged at the top of this page with a new last-updated date. Continued use of the Site after a change means you accept the updated policy.

15. Contact us

Questions, complaints, or requests:

• Email: [email protected]
• General: [email protected]