Privacy Policy

1. Who we are

LocalOutrank ("we", "us", "our") provides a local SEO analysis tool at localoutrank.co.uk. For the purposes of UK GDPR, the data controller is the operator of the service.

Privacy queries: hello@localoutrank.co.uk.

2. Personal data we collect

• Account data: email address, password (stored only as an Argon2id hash), optional display name, account creation timestamp.
• Session data: a random session token stored in an HTTP-only cookie. The cookie's value is hashed in the database; we cannot recover your raw session token from server records.
• Usage data: the search queries you submit (e.g. "plumbers in Manchester"), the location text you type, the resulting competitor lists, and any chat messages you exchange with our AI assistant.
• Generated artefacts: action plans, review summaries, task completion state, ranking history snapshots - all linked to your account.
• Server logs: standard request metadata (timestamps, IP addresses, user agents) retained for security and operational purposes.

We do not collect payment card details. Where billing is added, payments will be handled by a regulated payment processor and we will only receive a transaction reference and minimal metadata.

3. Lawful bases

• Contract - to provide the service you signed up for (running searches, storing analyses, generating plans).
• Legitimate interests - to keep the service secure, prevent abuse, and improve usability.
• Consent - only where we ask for it explicitly (for example, optional product emails).

4. How we use your data

• To run the local pack analyses you request.
• To persist your analyses and surface them on your dashboard.
• To send your search context to our AI provider so it can generate insights, plans, and chat replies grounded in your data.
• To authenticate you and keep your account secure.
• To respond to support requests and to comply with legal obligations.

5. Sub-processors

We rely on a small set of third parties to deliver the service. We share only the minimum data needed for each.

• DataForSEO (data: search keyword + location) - to fetch live Google local pack results.
• xAI (Grok) (data: anonymised competitor metadata, your chat messages) - to generate AI insights and chat replies.
• OpenStreetMap Nominatim (data: the location text you type, e.g. "Shoreditch") - to geocode places to coordinates.

We do not sell your data, use it to train external advertising networks, or share it with marketers.

6. Cookies

We use a single first-party HTTP-only session cookie (lo_session) to keep you signed in. We do not use any analytics, advertising, or tracking cookies.

7. Data retention

• Account data is kept while your account exists. If you close your account, we delete or anonymise it within 30 days, except where we are legally required to retain it.
• Session records expire automatically and are removed from the database.
• Server logs are retained for up to 90 days for security and troubleshooting purposes.

8. International transfers

Some of our sub-processors operate outside the UK. Where they do, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision as appropriate.

9. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Ask us to correct or erase your personal data.
• Restrict or object to certain types of processing.
• Receive a portable copy of your data.
• Lodge a complaint with the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@localoutrank.co.uk.

10. Security

Passwords are hashed with Argon2id. Session tokens are stored hashed. Data is held on UK or EU infrastructure under industry-standard controls. No system is perfectly secure, so we keep our exposure deliberately minimal.

11. Changes

If we change this policy materially, we'll update the date at the top and, where appropriate, notify signed-in users by email.

12. Contact

Questions about this policy? Email hello@localoutrank.co.uk.

See also our Terms of Service.