HiRank

Privacy Policy

HiRank - SEO Rank Checking Service

Article 1 - Data Controller

Zone 2 Technologies Ltd, a Bulgarian limited liability company, registered in the Bulgarian Commercial Register under UIC 206921440 and VAT number BG206921440, with seat and management address at Bulgaria, Sofia 1000, Izgrev region, Iztok district, 6 Dr. Lyuben Rusev Str., fl. 5, ap. 81 ("Zone 2 Technologies", "We", "Us", or "Our").

Through the online platform hirank.co, Zone 2 Technologies provides SEO keyword rank checking services, allowing users to check the Google search ranking positions of their websites for specified keywords.

Zone 2 Technologies is a Data Controller within the meaning of Article 4(7) of the GDPR and, as such, is responsible for processing Your data in a fair, transparent, and secure manner, as required by the Regulation and national legislation.

This Privacy Policy relates to the activities of Zone 2 Technologies ("the Controller") in connection with the management of the website hirank.co and the provision of services through it. To fulfill legal requirements, this Privacy Policy provides You with information about Your rights, the types of personal data collected, the basis for their processing, how they are stored and used, and when they are disclosed to third parties.

In accordance with the Controller's obligations under Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), the Controller guarantees that the processing of Your personal data will always comply with the Regulation and applicable Bulgarian data protection legislation.

Contact Information:

Zone 2 Technologies Ltd Email: hello@hirank.co Website: hirank.co

Article 2 - Personal Data We Collect

As the Controller of the website hirank.co ("the Website"), Zone 2 Technologies determines the purposes, collects, and processes personal data of website users necessary for their identification, contact, and service delivery.

According to Article 4 of EU Regulation 2016/679, "personal data" means any information relating to an identified natural person or to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Zone 2 Technologies processes the following categories of Your personal data:

Order Data:

  • First name and last name
  • Email address
  • Country code

Service Data:

  • Target domain You wish to check
  • Keywords You submit (up to 100 per order)
  • Location, device type, and language preferences
  • Search results and ranking data generated by the Service

Technical Data:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and referral source
  • Date and time of access
  • Session information

Analytics Data:

  • Data collected by Google Analytics (page views, session duration, demographics, device information)
  • Data collected by Vercel Analytics (web vitals, performance metrics)

Article 3 - Personal Data We Do NOT Collect

Zone 2 Technologies does not collect or process personal data that:

  • Reveals racial or ethnic origin
  • Reveals political opinions, religious or philosophical beliefs, or trade union membership
  • Consists of genetic or biometric data
  • Concerns health or medical conditions
  • Concerns sex life or sexual orientation

IMPORTANT: If such information is shared by users of the Website, it will not be subject to processing.

Article 4 - Purpose of Data Processing

Zone 2 Technologies collects and uses Your personal data for the following activities and purposes:

  • To provide the Service, including processing rank checks and generating Reports
  • To deliver Your Report and send email notifications
  • To facilitate payment processing
  • For communication purposes, including responding to Your inquiries and contacting You regarding Your orders
  • To identify parties to contracts and maintain records
  • To comply with legal requirements, settle potential disputes, and protect against fraud
  • To ensure the security of our platforms and confirm that their use complies with our Terms and Conditions
  • To analyze and improve our Service through analytics

Your personal data may also be processed if a government authority requests Zone 2 Technologies' cooperation in connection with official procedures, including pre-trial, judicial, and administrative proceedings related to claims, fraud, etc. In such cases, Zone 2 Technologies discloses only the amount of data requested by the authorities, not exceeding the scope of the specific request.

By placing an order and completing payment, You provide Your consent for us to collect and process Your personal data in accordance with this Policy and applicable legislation.

Article 5 - Retention Period

Personal data is retained for as long as necessary to:

  • Maintain access to Your Reports
  • Fulfill our contractual obligations
  • Comply with legal requirements
  • Resolve disputes

You may request deletion of Your personal data at any time by contacting us at hello@hirank.co. We will process deletion requests in accordance with applicable law, subject to any legal obligations requiring us to retain certain data.

Article 6 - Legal Basis for Processing

We collect Your data on the following legal bases:

  • Contract performance (Article 6(1)(b) GDPR): Processing necessary to provide the Service You have requested
  • Consent (Article 6(1)(a) GDPR): Where You have given explicit consent for specific processing activities
  • Legal obligation (Article 6(1)(c) GDPR): Where processing is required to comply with applicable laws
  • Legitimate interests (Article 6(1)(f) GDPR): For fraud prevention, security, and analytics purposes, where such interests are not overridden by Your rights

By accessing the Website and providing data as described in Article 2 above, You consent to the processing of Your data.

Article 7 - Technical Security

The Controller has implemented all technical and organizational measures necessary for the processing and protection of personal data in accordance with EU Regulation 2016/679 and applicable Bulgarian legislation.

The measures taken correspond to the specific risks associated with the processing and storage of personal data. Organizational and technical measures are in place to protect Your data from loss, alteration, theft, or unauthorized access by third parties.

These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Secure hosting infrastructure

However, no internet transmission is completely secure, and we cannot guarantee absolute security of data transmitted to us online.

Article 8 - Third Parties Receiving Your Data

In certain cases, the Controller may disclose personal data to partners or subcontractors who work with the Controller by providing services related to its activities. These include:

Payment Processing:

  • Stripe - processes payment transactions. For details on how Stripe handles Your payment data, see their privacy policy at https://stripe.com/privacy

Analytics:

  • Google Analytics - We use Google Analytics to understand how visitors use our Website. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to our site. We use this information to improve our Website and Service. Google Analytics collects the IP address assigned to You on the date You visit the site, but not Your name or other identifying information. For more information on how Google collects and uses Your data, visit https://policies.google.com/privacy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
  • Vercel Analytics - We use Vercel Analytics to monitor website performance and web vitals. Vercel Analytics is privacy-focused and collects aggregated, anonymized performance data. For more information, see https://vercel.com/legal/privacy-policy

Search Engine Data:

  • SearchAPI.io - provides search engine results data for rank checking. Keywords and domain information are sent to this provider to perform rank checks.

Email Delivery:

  • Resend - delivers transactional emails including Report notifications. Your email address and name are shared with this provider for email delivery purposes.

Cookie Consent Management:

Infrastructure:

  • Vercel - hosts our Website and Service
  • Third-party database providers for data storage

The Controller will share personal data with third parties only after explicitly ensuring the technical and legal mechanisms under which the processing of shared personal data will be carried out in accordance with the requirements of Regulation 679/2016 and Bulgarian legislation.

Third parties and partners of the Controller are obliged to take all actions to ensure legitimate processing of personal data in accordance with the confidentiality requirements set out in this Policy.

Article 9 - Data Processing Principles

The Controller guarantees that the personal data it processes are:

a) Processed lawfully, fairly, and in a transparent manner in relation to You ("lawfulness, fairness, and transparency");

b) Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes ("purpose limitation");

c) Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");

d) Accurate and, where necessary, kept up to date; all reasonable steps are taken to ensure that inaccurate personal data are erased or rectified without delay ("accuracy");

e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");

f) Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality").

Article 10 - Your Data Protection Rights

Under the GDPR, You have the following rights:

Right of Access

Upon Your request, You have the right to access the personal data stored about You. You also have the right to request a copy of the personal data being processed.

Right to Rectification

You have the right to request correction of incorrect, inaccurate, or incomplete personal data. Depending on the purposes of processing, You may have the right to supplement incomplete personal data, including by providing an additional statement.

Right to Erasure ("Right to Be Forgotten")

You have the right to request the deletion of personal data when they are no longer necessary or if their processing is unlawful. Please note that Article 17 of the GDPR defines the cases in which we are obliged to delete Your data. Please also note that we may be required to retain Your data even if You have requested their deletion (for example, to comply with a legal obligation under EU or Bulgarian law).

Right to Restriction of Processing

Under certain circumstances, You have the right to request restriction of the processing of Your personal data. For example, You may exercise this right when we no longer need Your personal data for processing purposes, but we must keep them in our systems for use in situations such as exercising rights or defending claims.

Right to Data Portability

Under certain circumstances, You have the right to receive the personal data You have provided to us in a structured, commonly used, and machine-readable format (i.e., in digital form), and You may have the right to request the transfer of such data to another person without hindrance from us, if such transfer is technically feasible.

Right to Object

Under certain circumstances, You have the right to object to the processing of Your personal data, and we may be required to stop processing them in the future. You may exercise this right, for example, if we use Your email address for direct marketing purposes - in this case, after Your objection, we will no longer be able to send You marketing materials.

Right to Withdraw Consent

When the processing of Your personal data is based on Your consent, You may withdraw Your consent at any time without giving us a reason. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise Your rights, You may contact us with a written request at hello@hirank.co. We will respond to Your questions and requests without undue delay and within 1 month at the latest. You may be asked to provide information to verify Your identity in order to exercise Your rights.

Article 11 - Complaint to Supervisory Authority

If for any reason You are not satisfied with the way we process Your personal data, please first inform us so that we can understand the cause of the problem and try to resolve it. We will carefully review Your request and answer all Your questions.

If You believe You have not received adequate assistance from Zone 2 Technologies or that Your right has been violated, You have the right to lodge a complaint with a supervisory authority. This authority in the Republic of Bulgaria is:

Commission for Personal Data Protection: Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria Phone: 02/915 35 18 Email: kzld@cpdp.bg Website: www.cpdp.bg

Article 12 - International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including:

  • United States (where some of our service providers are located)
  • Other countries where our infrastructure providers maintain servers

When we transfer Your data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with an adequacy decision
  • Other legally recognized transfer mechanisms

Article 13 - Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance Your experience and collect analytics data.

Essential Cookies: These are necessary for the Website to function and cannot be disabled. They include session cookies and security cookies.

Analytics Cookies:

Google Analytics:

  • _ga - Used to distinguish users (expires after 2 years)
  • _gid - Used to distinguish users (expires after 24 hours)
  • _gat - Used to throttle request rate (expires after 1 minute)

Vercel Analytics: Vercel Analytics is designed to be privacy-friendly and does not use cookies for tracking. It collects anonymized performance data.

Managing Cookies: We use CookieYes to manage Your cookie preferences. When You first visit our Website, You will see a cookie consent banner that allows You to accept or reject different categories of cookies. You can change Your preferences at any time by clicking the cookie settings link in the footer of our Website.

You can also control cookies through Your browser settings. Most browsers allow You to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies
  • Delete all cookies when You close Your browser

Please note that blocking certain cookies may affect the functionality of our Website.

You can also opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Article 14 - Policy Updates

To keep this Privacy Policy up to date, it may be changed in whole or in part at any time without special notice. Please check this Policy periodically for updates. The date of the last update will be indicated below.

This Privacy Policy was adopted on December 7, 2025.

Last Updated: December 7, 2025