Privacy Policy

The short version

We collect what we need to run the service. We do not sell your data. We do not store your contacts’ personal information — it flows through in real time and is discarded. Your credentials are encrypted. You can delete your account and everything in it at any time.

What we collect

Account information

Your email address and a hashed password when you sign up. That is all we ask for. Authentication is handled by Supabase Auth.

Connector credentials

When you connect a data source (HubSpot, Customer.io, PostHog, Mixpanel, Apollo), we store the OAuth tokens or API keys needed to communicate with that provider on your behalf. These credentials are encrypted at rest using pgcrypto and are only decrypted in-memory when making an authorized API call. We never log them in plaintext.

Templates and generated outputs

The prompt templates you write and the AI-generated content produced for your contacts are stored in your account. This is your work product and it lives in your account until you delete it.

Usage and token metrics

We track how many tokens you consume, how many generations you run, and basic activity timestamps. This is how we enforce plan limits and show you your usage. We do not sell this data or use it for advertising.

What we do NOT store

Contact PII from your connected providers — names, emails, job titles, behavioral data, and anything else fetched from HubSpot, Customer.io, PostHog, Mixpanel, or Apollo — is never written to our database. It is fetched on demand, used to render or generate content, and discarded.

We also do not store the resolved prompts sent to the AI. The fully assembled prompt (template plus contact data) is constructed in memory, sent to Anthropic, and not retained.

Third-party services

Running Ratking involves the following sub-processors. Each handles data according to their own privacy policies.

• Supabase — database, authentication, and edge function hosting. Your account data and encrypted credentials live here.
• Vercel — frontend hosting and serverless function execution. Handles web traffic to ratking.ai.
• Anthropic — the AI model (Claude) that generates your content. Prompts are sent to Anthropic’s API and are subject to Anthropic’s privacy policy.
• Connected providers — HubSpot, Customer.io, PostHog, Mixpanel, and Apollo are accessed using credentials you supply. We act as an API client on your behalf under your own account with those services.

Cookies

We use one cookie: the Supabase authentication session cookie. It keeps you logged in. We do not use advertising cookies, third-party tracking cookies, or analytics cookies.

Data retention and deletion

Your account data, templates, and generated outputs are retained for as long as your account is active. You can delete individual templates and generation runs at any time from the dashboard.

To delete your account and all associated data, email us at hello@ratking.ai. We will process the deletion within 30 days. Backups are purged on a rolling schedule.

We do not sell your data to anyone, at any time, for any reason.

Security

Connector credentials are encrypted at rest using pgcrypto. All data is transmitted over TLS. Database access is restricted by row-level security policies — your data is only accessible to your authenticated session. That said, no system is perfectly secure. If you discover a vulnerability, please tell us at hello@ratking.ai.

Children

Ratking is not intended for anyone under 16. We do not knowingly collect data from minors.

Changes to this policy

If we make material changes to how we handle your data, we will update the effective date at the top of this page and notify you by email. Continued use of the service after such notice constitutes acceptance.