This Privacy Policy governs our collection, use, and disclosure of Personal Data when you use our Service and informs you about your privacy rights and how the law protects you.
About RateGather
RateGather is an online service operated by RATEGATHER sp. z o.o. (a Polish limited liability company), with its registered office at 1 Maja Street 39, 71-627 Szczecin, Poland, registered in the National Court Register (KRS) under number 0001246347, Tax ID (NIP) 8513352292, REGON 544954155 (the "Controller," "we," "our," or "us").
We provide local SEO services and tools designed to help businesses improve their online presence and search engine rankings. Our services include review management, citation building, local SEO optimization, AI-assisted content generation, and email communication tools.
For questions regarding this Privacy Policy or your personal data, please contact us at [email protected]. We have not appointed a Data Protection Officer; all data protection inquiries should be directed to the contact email above.
1. Personal Data We Collect
A. Types of Personal Data Collected
We collect the following categories of Personal Data:
- Identifiers: Name, email address, phone number, and online identifiers.
- Internet or Network Activity: Browser type, browsing history, search history, and interactions with our website.
- Geolocation Data: Physical location and movements as provided by your device.
- Commercial Information: Transaction records and interaction history on our platform.
- Inferences: Derived data from your usage to better understand your preferences and service enhancements.
- QR Code and Shortlink Usage Data: Data collected when end users interact with QR codes or shortlinks generated through our Service, including but not limited to remote IP address, user agent, referrer, language, city, region, country, location data, operating system, browser type, device type, and device name.
B. Sources of Personal Data
We collect Personal Data from the following sources:
- Directly from You: Information you provide when using our services, creating an account, or interacting with us.
- Automatically Collected Data: Information collected through cookies, tracking technologies, and usage data from our platform.
- Service Providers: Information from third-party processors listed in Section 3 below (e.g., hosting, email delivery, payment processing, AI providers).
- End Users: Data collected from end users who interact with QR codes or shortlinks generated through our Service or receive email communications sent through the platform.
2. Use of Personal Data
We use the Personal Data collected for various purposes, including:
- Providing and Maintaining Services: To deliver and manage our services, including user support, account management, and enabling email communication features.
- Improving Services: Analyzing usage data to improve and enhance our offerings.
- Communication: To contact you regarding service updates, changes, or promotional offers (with opt-out options).
- Marketing and Analytics: Conducting marketing and promotional activities, as well as analytics to understand user behavior.
- Security and Fraud Prevention: Detecting and preventing fraudulent or unauthorized activities.
- Legal Compliance: Ensuring adherence to legal obligations and protecting our legal rights.
3. Sharing of Personal Data
A. Third-Party Service Providers (Sub-processors)
To provide the Service, we engage the following sub-processors. Each operates under a written data processing agreement that meets the requirements of GDPR Article 28 (and equivalent U.S. requirements where applicable):
- Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) — application and database hosting. For users of the U.S. service, data is hosted in Hetzner's U.S. data center (Ashburn, Virginia). Privacy policy: hetzner.com/legal/privacy-policy.
- Amazon Web Services, Inc. (410 Terry Avenue North, Seattle, WA 98109, USA) — storage of image files (Amazon S3) and delivery of certain emails (Amazon SES). Privacy policy: aws.amazon.com/privacy.
- Mailjet SAS (4 rue Jules Lefebvre, 75009 Paris, France, part of Sinch group) — delivery of transactional, system, and informational emails. Privacy policy: mailjet.com/privacy-policy.
- Lemon Squeezy LLC (1845 Walnut Street, 17th Floor, Philadelphia, PA 19103, USA) — payment processing and subscription billing as Merchant of Record. Privacy policy: lemonsqueezy.com/privacy.
- DataForSEO LLC (Lakeview Place, 9450 SW Gemini Dr, PMB 84415, Beaverton, OR 97008, USA) — retrieval of search engine and Google Maps ranking data. Privacy policy: dataforseo.com/privacy-policy.
- Anthropic, PBC (548 Market St, PMB 90375, San Francisco, CA 94104, USA) — processing of AI model (Claude) requests for content generation (e.g., review responses, articles, posts). Anthropic does not use data submitted via its API to train its models. Privacy policy: anthropic.com/legal/privacy.
- Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) — Google Analytics 4, Google Tag Manager, and Google Ads for website traffic analysis, conversion measurement, and advertising; and the Google Business Profile and Google Places APIs for syncing your business listing, reviews, and location data. Privacy policy: policies.google.com/privacy.
- Meta Platforms, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA) — Meta Pixel and the Conversions API (server-side event sharing) for retargeting, optimization, and ad campaign measurement. Privacy policy: facebook.com/privacy/policy.
- Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA) — Microsoft Clarity (heatmaps, session recordings, behavioral metrics) to optimize the website. Privacy policy: privacy.microsoft.com/privacystatement.
- ARBICHAT, S.L. (Zernio) (Carrer Mallorca 2A, 17230 Palamós, Girona, Spain) — proxy service for managing Google Business Profile content (photos, review replies, posts) on your behalf. Privacy policy: zernio.com/privacy-policy.
- PlePer LTD (Troshevo Bl. 31, Varna 9000, Bulgaria) — retrieval of Google Business Profile and local search data. Privacy policy: pleper.com.
- Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) — DNS, content delivery, TLS, and bot-protection (Turnstile) for our websites. Privacy policy: cloudflare.com/privacypolicy.
- Honeybadger Industries LLC (Kirkland, WA, USA) — application error and performance monitoring. Privacy policy: honeybadger.io/privacy.
- Slack Technologies, LLC (a Salesforce company, 50 Fremont Street, San Francisco, CA 94105, USA) — internal operational notifications that may include customer or lead contact details. Privacy policy: slack.com/privacy-policy.
- OpenAI OpCo, LLC (1455 Third Street, San Francisco, CA 94158, USA) — AI-based image generation. Privacy policy: openai.com/policies/privacy-policy.
- Apify Technologies s.r.o. (Vodičkova 704/36, 110 00 Prague, Czech Republic) — automated retrieval of public web and local-listing data. Privacy policy: apify.com/privacy.
- Outscraper (12600 Hill Country Boulevard, Bee Cave, TX 78738, USA) — automated retrieval of public Google Maps and local business data. Privacy policy: outscraper.com/privacy-policy.
- SASU PDFShift (128 rue la Boétie, 75008 Paris, France) — conversion of reports from HTML to PDF. Privacy policy: pdfshift.io/privacy.
- Unlayer, Inc. (2261 Market Street STE 4667, San Francisco, CA 94114, USA) — email template design tooling. Privacy policy: unlayer.com/privacy.
This list may be updated when our service providers change. The current list is always available in this Privacy Policy.
B. Users of the Service
Users of the Service may enter their own clients' data to send email communications. RateGather acts as a data processor with respect to such data; the user is the data controller and is solely responsible for the accuracy of the data and for ensuring that appropriate consent has been obtained.
C. Data Collection via QR Codes and Shortlinks
Users may use our Service to generate QR codes or shortlinks for marketing or tracking purposes. When end users interact with these QR codes or shortlinks, certain data may be collected, such as IP address, location, and device information. Users of the Service are responsible for obtaining appropriate consent from end users before using these tools.
D. Business Transactions
In the event of a merger, acquisition, or asset sale, Personal Data may be transferred. We will notify you before your Personal Data is transferred and becomes subject to a different Privacy Policy.
E. Legal Requirements
We may disclose Personal Data if required by law or to respond to valid requests by public authorities (e.g., a court, government agency, or law enforcement).
F. No Sale of Personal Information
We do not sell your Personal Data for monetary consideration. See Section 13 (California Privacy Rights) for additional disclosures regarding "sale" and "sharing" as defined under California law.
4. Data Security
We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
5. Data Retention
We retain your Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. We will establish specific retention periods based on the type of data and its purpose.
6. Your Rights
You have the following rights regarding your Personal Data:
- Access and Rectification: Request access to and correction of your Personal Data.
- Erasure: Request deletion of your Personal Data, subject to legal obligations.
- Objection and Restriction: Object to or request the restriction of processing your Personal Data under certain conditions.
- Data Portability: Request a copy of your Personal Data in a structured, machine-readable format.
- Withdraw Consent: Withdraw your consent at any time, where we rely on consent to process your Personal Data.
To exercise these rights, please contact us at [email protected].
7. User Responsibilities and Consent
- Consent for Communications: Users of the Service who input their clients' data for email communications must ensure that they have obtained explicit and informed consent from their clients before using the Service to send such communications, including the use of shortlinks in those messages. RateGather is not responsible for any unauthorized or non-compliant use of the Service to send communications to clients.
- Consent for Data Collection via Shortlinks: Users must inform their clients and end users that by clicking on shortlinks included in QR codes or email communications, their interactions will be tracked, and data such as IP address, location, and device information may be collected. Users are responsible for obtaining their consent to such tracking and data collection.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to monitor activity on our Service. You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of our Service.
Types of Cookies Used:
- Session Cookies: To operate our Service.
- Preference Cookies: To remember your preferences.
- Security Cookies: For security purposes.
- Analytics Cookies: To analyze usage data and improve our Service.
9. International Data Transfers
RateGather is established in Poland (European Union). When you use the Service, your Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA) and/or your country of residence, including the United States.
Where Personal Data is transferred outside the EEA, we rely on one or more of the following legal mechanisms under the GDPR:
- EU–U.S. Data Privacy Framework (DPF): European Commission adequacy decision (EU) 2023/1795 of July 10, 2023, for sub-processors certified under the DPF (currently including Google LLC, Meta Platforms, Inc., Microsoft Corporation, and Anthropic PBC). The active list of certified entities is available at dataprivacyframework.gov/list.
- Standard Contractual Clauses (SCCs): European Commission implementing decision (EU) 2021/914 of June 4, 2021, used for sub-processors not covered by the DPF or as an additional safeguard.
Our sub-processors also implement supplementary technical and organizational measures, including encryption in transit and at rest, access controls, and security audits. You may request a copy of the safeguards in place by contacting us at [email protected].
10. Children's Privacy
Our Service does not address anyone under the age of 16. We do not knowingly collect Personal Data from children. If we become aware of such data collection, we take steps to remove that information.
11. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. Your continued use of the Service after changes are posted indicates your acceptance of the revised Privacy Policy.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), grants you the following rights regarding your Personal Information:
- Right to Know: You may request that we disclose the categories and specific pieces of Personal Information we have collected about you, the sources of that information, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request that we delete Personal Information we have collected from you, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, or comply with a legal obligation).
- Right to Correct: You may request that we correct inaccurate Personal Information that we maintain about you.
- Right to Opt Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your Personal Information as those terms are defined under the CCPA/CPRA. We do not sell your Personal Information for monetary consideration. However, our use of certain advertising and analytics cookies (e.g., Meta Pixel and the Conversions API, Google Analytics, and Google Ads) may qualify as "sharing" for cross-context behavioral advertising under California law. You can opt out by disabling advertising and analytics cookies through your browser settings.
- Right to Limit Use of Sensitive Personal Information: We do not use or disclose Sensitive Personal Information (as defined under the CCPA/CPRA) for purposes that would trigger this right.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Categories of Personal Information collected in the past 12 months: identifiers (name, email, phone, online identifiers), commercial information (transaction records), internet or other network activity (browsing history, interactions with our Service), geolocation data, and inferences drawn from the above. We do not knowingly collect Sensitive Personal Information.
Sources: directly from you, automatically through your use of the Service, and from the sub-processors listed in Section 3.
Business purposes for collection: providing and maintaining the Service, customer support, security and fraud prevention, analytics, advertising, and legal compliance.
How to exercise your rights: Submit a verifiable consumer request by emailing us at [email protected] with the subject line "California Privacy Request." We may need to verify your identity before fulfilling your request. You may designate an authorized agent to make a request on your behalf in accordance with California law. We will respond within 45 days, with a possible 45-day extension as permitted by law.
For more information about your California privacy rights, you may contact the California Attorney General's office at oag.ca.gov/privacy.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us at [email protected].
Last Updated: June 25, 2026