Privacy Policy

1. Introduction

Welcome to RynoDyno ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Local SEO Competitive Intelligence Platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

Contact Information:

• Email: support@rynodyno.com
• Address: RynoDyno - Local SEO Competitive Intelligence Platform, Trabuco Canyon, California 92679
• Response Time: We will respond to privacy inquiries within 30 days as required by law.

Note: As an online-only business, email is our preferred contact method for privacy requests. For accessibility accommodations, please email us to arrange alternative communication methods.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Account Information

When you create an account, we collect:

• Name and business name
• Email address
• Phone number (optional)
• Business address and location data
• Account credentials (encrypted)

2.2 Authentication Information

When you sign up or log in, we collect:

• Google OAuth data (name, email, profile picture) via WorkOS
• Magic link authentication data (email address, verification tokens) via Better Auth
• Session information and login timestamps

2.3 Business and Competitive Intelligence Data

To provide our competitive intelligence services, we collect:

• Your business information (name, address, category, website URL)
• Competitor business information from public sources
• Citation data (business listings across directories like Google Places, Foursquare)
• Google Search Console data (with your explicit authorization)
• Competitive ranking and performance metrics
• Historical competitive intelligence data

2.4 Payment Information

Payment processing is handled by Stripe, a PCI-DSS compliant payment processor. We do not store your full credit card numbers. We collect:

• Billing name and address
• Last 4 digits of credit card
• Payment method type (Visa, Mastercard, etc.)
• Subscription and billing history

2.5 Usage Data

We automatically collect information about how you use our Service:

• Pages visited and features accessed
• Time spent on pages
• Competitor searches and analyses performed
• Device information (browser type, operating system)
• IP address and general location data

2.6 Cookies and Tracking Technologies

We use the following technologies:

• Session Cookies: Essential for authentication and service functionality
• Vercel Analytics: Privacy-focused analytics that do not use cookies or track personal information
• Cloudflare Turnstile: Bot protection for our free scorecard tool

2.7 Sensitive Personal Information

As defined by the California Consumer Privacy Act (CCPA), we collect the following sensitive personal information:

• Precise Geolocation Data: Business addresses and competitor locations collected via Google Places API, Foursquare Places API, and Google Search Console API for the purpose of providing local competitive intelligence

We use sensitive personal information only for the purposes disclosed in this Privacy Policy (providing local SEO competitive intelligence and service delivery). You have the right to limit our use of sensitive personal information to these necessary business purposes. To exercise this right, contact us at support@rynodyno.com.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Create and manage your account
• Process payments and manage subscriptions
• Provide competitive intelligence and citation data
• Generate AI-powered scorecard summaries via Fireworks.ai
• Track your ranking improvements over time
• Send service notifications and alerts

3.2 Service Improvement

• Analyze usage patterns to improve our platform
• Develop new features based on user needs
• Optimize performance and user experience
• Conduct internal research and analytics

3.3 Communication

• Send transactional emails (account updates, billing)
• Deliver trial notifications (days 1, 3, 7, 12 as required by California AB 2863)
• Respond to support inquiries
• Send marketing communications (only with your opt-in consent)

3.4 Legal Compliance and Protection

• Comply with applicable laws and regulations
• Enforce our Terms of Service
• Protect against fraud and security threats
• Resolve disputes and enforce agreements

4. How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.

We share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who help us operate our platform:

• WorkOS: Authentication services (Google OAuth, session management)
• Better Auth: Magic link authentication and session management
• Stripe: Payment processing (PCI-DSS compliant)
• Google APIs: Google Places API, Google Search Console API for competitive data
• Exa Search API: Citation discovery across business directories
• Tavily API: Competitor website content analysis
• Open PageRank API: Domain authority scoring
• Foursquare Places API: Venue and location intelligence
• Vercel: Hosting and deployment platform
• Supabase: Database hosting with Row-Level Security (RLS)
• Resend: Transactional email delivery
• Fireworks.ai: AI-powered scorecard summary generation (llama-v3p1-70b-instruct model)
• Vercel Analytics: Privacy-focused analytics (no cookies)

All service providers are bound by data protection agreements and are prohibited from using your data for any purpose other than providing services to us.

4.2 Team Members

If you invite team members to your account, they will have access to your business location data and competitive intelligence reports based on their assigned role permissions.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government or regulatory requests
• Requests to protect our rights or property
• Emergency situations involving safety threats

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

5. Data Retention

We retain your personal information for different periods based on the type of data and applicable legal requirements:

5.1 Account Data

We retain your account information as long as your account is active. After you request account deletion, we retain your data for an additional 30-day grace period to allow account recovery, then permanently delete it unless legally required to retain it longer.

5.2 AI Scorecard Summaries

AI-generated scorecard summaries are cached for 30 days to improve performance and reduce API costs. After 30 days, cached summaries are automatically deleted.

5.3 Competitive Intelligence Data

Historical competitive data (rankings, citations, competitor profiles) is retained while your account is active to enable trend analysis and progress tracking. This data is deleted within 30 days after account closure.

5.4 Transaction Records

We retain billing and payment records for 7 years to comply with tax and accounting regulations.

5.5 Consent Verification Records

Records of your consent to our terms, privacy policy, and subscription agreements are retained for 3 years to comply with California AB 2863 requirements.

5.6 Communication Logs

• Support Communications: Retained for 2 years for quality assurance and dispute resolution
• Transactional Emails: Logs retained for 90 days

6. Data Security

We implement industry-standard security measures to protect your personal information:

6.1 Technical Safeguards

• Encryption: All data is encrypted in transit using SSL/TLS and at rest using AES-256 encryption
• Secure Authentication: OAuth 2.0 via WorkOS, secure session management via Better Auth
• Payment Security: PCI-DSS compliant payment processing via Stripe
• Database Security: Row-Level Security (RLS) in Supabase for multi-tenant data isolation
• Access Controls: Limited staff access with role-based permissions

6.2 Organizational Safeguards

• Regular security audits and vulnerability assessments
• Employee training on data protection best practices
• Incident response procedures for data breaches
• Regular backups with 7-day point-in-time recovery via Neon Postgres

6.3 Data Breach Notification (California Law Compliance)

IMPORTANT: We take data security seriously and have comprehensive breach response procedures.

In the event of a data breach that affects your personal information, we will notify you within 72 hours of discovering the breach as required by California Civil Code § 1798.82 and other applicable data breach notification laws.

Our breach notification will include:

• Date and Nature of Breach: When the breach occurred and how it was discovered
• Types of Data Affected: What categories of personal information were compromised (e.g., names, email addresses, business information, payment data)
• Number of Affected Users: Approximate number of individuals impacted
• Cause of Breach: How the breach occurred (e.g., unauthorized access, security vulnerability, third-party breach)
• Steps We Are Taking: Immediate actions taken to contain the breach, remediation measures, and security improvements being implemented
• Your Recommended Actions: Specific steps you should take to protect yourself (e.g., change passwords, monitor credit reports, enable two-factor authentication)
• Contact Information: How to reach us with questions and where to get additional support
• Free Credit Monitoring: If Social Security numbers or financial account information is compromised, we will offer free credit monitoring services for at least 12 months

Notification Methods: We will notify you via email to the address associated with your account. If email is unavailable or the breach affects a large number of users, we may also post a prominent notice on our website and/or notify regulatory authorities as required by law.

No Limitation of Liability: Nothing in our Terms of Service limits our liability for data breaches caused by our failure to implement reasonable security measures as required by applicable data protection laws.

California Civil Code § 1798.82 Compliance: If you are a California resident and we experience a breach of unencrypted personal information, we will comply with all California data breach notification requirements, including notifying the California Attorney General if the breach affects more than 500 California residents.

7. Your Privacy Rights

Depending on your location, you have various rights regarding your personal information:

7.1 Right to Access

You have the right to request a copy of the personal information we have collected about you. We will provide this information in a structured, commonly used, and machine-readable format.

7.2 Right to Correction

You have the right to request correction of inaccurate personal information we maintain about you. You can update most information directly in your account settings.

7.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing transactions, legal compliance, security purposes).

7.4 Right to Data Portability

You have the right to receive your personal information in a portable format and to transmit it to another service provider where technically feasible.

7.5 Right to Opt-Out

You have the right to opt out of:

• Sale of Personal Information: We do not sell your personal information
• Sharing for Behavioral Advertising: We do not share your information for cross-context behavioral advertising
• Marketing Communications: You can unsubscribe from marketing emails at any time

7.6 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of sensitive personal information (such as precise geolocation data) to purposes necessary to provide our services. Contact us at support@rynodyno.com to exercise this right.

7.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not:

• Deny you goods or services
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
• Provide a different level or quality of goods or services to you
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services

7.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: support@rynodyno.com
• Subject Line: "Privacy Rights Request"
• Include: Your name, email address, and specific request details

We will respond to your request within 30 days (or 45 days if we notify you of an extension). We may need to verify your identity before processing your request to protect your privacy and security.

8. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

8.1 Essential Cookies

Session Cookies: Required for authentication and basic service functionality. These cookies are necessary for the Service to work and cannot be disabled.

8.2 Analytics

Vercel Analytics: We use Vercel Analytics, a privacy-focused analytics solution that does not use cookies and does not track personal information. It helps us understand how users interact with our Service to improve performance and user experience.

8.3 Security

Cloudflare Turnstile: Bot protection for our free scorecard tool. This helps us prevent abuse and ensure the scorecard remains available to legitimate users.

8.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect your ability to use certain features of our Service.

9. Third-Party Links and Services

Our Service may contain links to third-party websites, plugins, or applications (such as competitor websites displayed in your competitive analysis). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected personal information from a child under 18, we will delete that information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@rynodyno.com.

11. International Data Transfers

US-Based Service: Our Service is designed for and targeted at users in the United States. Our servers are located in the United States, and your information is processed and stored in the United States.

International Users: If you access our Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our Service, you consent to such transfer and processing.

Data Protection: We implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable data protection laws.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

12.1 Categories of Personal Information Collected

We collect the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address
• Commercial Information: Subscription records, billing information, purchase history
• Internet Activity: Browsing history on our Service, search history, feature usage
• Geolocation Data: Business addresses, precise location data for competitive intelligence
• Professional Information: Business name, industry, business category
• Inferences: Preferences, characteristics, competitive positioning derived from your usage

12.2 Sources of Personal Information

• Directly from you: Account registration, profile updates, support communications
• Automatically collected: Usage data, device information
• Third-party APIs: Google Places API, Google Search Console API, Foursquare Places API
• Public sources: Business directory data, publicly available competitive information

12.3 Purposes for Collection and Use

We use personal information for the purposes described in Section 3 (How We Use Your Information), including service delivery, improvement, communication, and legal compliance.

12.4 Sale or Sharing of Personal Information

We do not sell your personal information to third parties.

We do not share your personal information for cross-context behavioral advertising.

If our practices change, we will provide a clear "Do Not Sell or Share My Personal Information" link on our homepage and honor all opt-out requests.

12.5 Sensitive Personal Information

We collect and use precise geolocation data (business addresses) for the purpose of providing local competitive intelligence. You have the right to limit our use of this sensitive information to necessary business purposes.

12.6 Data Retention

We retain personal information for the periods described in Section 5 (Data Retention).

12.7 Your CCPA Rights

California residents have the following rights:

• Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information (we do not sell or share)
• Right to Limit: Limit use and disclosure of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

12.8 How to Exercise Your CCPA Rights

To exercise your CCPA rights:

• Email: support@rynodyno.com with "CCPA Request" in the subject line
• Include: Your name, email address, and specific request
• Verification: We may need to verify your identity before processing your request
• Response Time: We will respond within 45 days (or notify you of an extension)

12.9 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We will require proof that the agent is authorized to act on your behalf and may need to verify your identity directly.

13. GDPR Rights (EEA, UK, and Switzerland Residents)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):

13.1 Legal Basis for Processing

We process your personal information based on:

• Consent: When you provide explicit consent for specific processing activities
• Contract: To perform our contractual obligations to provide the Service
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

13.2 Your GDPR Rights

• Right to Access: Obtain confirmation of whether we process your data and access to that data
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restriction: Restrict processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

13.3 Data Transfers

Your personal information may be transferred to and processed in the United States. We implement appropriate safeguards, including Standard Contractual Clauses, to ensure adequate protection of your data during international transfers.

13.4 How to Exercise Your GDPR Rights

Contact us at support@rynodyno.com with "GDPR Request" in the subject line.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.

For material changes that significantly affect your rights, we will provide prominent notice on our website or via email notification at least 30 days before the changes take effect, as required by applicable law. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Service after changes to this Privacy Policy constitutes your acceptance of the updated policy.

14.1 Version History

This is version 1.0 of our Privacy Policy, effective October 8, 2025. Previous versions are available upon request for compliance verification purposes. We maintain records of all policy versions and their effective dates.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Note: As an online-only business, email is our preferred contact method for privacy requests. If you require phone support or have accessibility needs, please email us to arrange a call or alternative communication method.

16. Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) browser signals as valid opt-out requests under the California Consumer Privacy Act (CCPA). If your browser or device sends a GPC signal (Sec-GPC: 1 HTTP header), we will treat it as a request to opt out of the sale or sharing of your personal information.

Important Note: We do not sell or share your personal information for advertising purposes. However, we honor GPC signals as a matter of policy and user preference.

16.1 How to Enable GPC

To enable Global Privacy Control, use a compatible browser or browser extension that supports the GPC standard, such as:

• Brave Browser (built-in GPC support)
• DuckDuckGo Browser (built-in GPC support)
• Firefox with Privacy Badger extension
• Chrome with GPC extension

Learn more about Global Privacy Control and how to enable it at globalprivacycontrol.org

16.2 What Happens When You Enable GPC

When we detect a GPC signal from your browser:

• We will automatically opt you out of any sale or sharing of your personal information (if applicable)
• Your preference will be respected across all your interactions with our Service
• You can still manually adjust your privacy preferences in your account settings

16.3 Technical Implementation

Our platform detects the Sec-GPC: 1 HTTP header sent by GPC-enabled browsers and automatically applies your opt-out preference. We log GPC requests for compliance verification purposes.

17. AI-Generated Content Disclosure

Our Service uses artificial intelligence (AI) to generate certain content and insights:

17.1 AI Scorecard Summaries

Our free competitive scorecard tool uses Fireworks.ai's llama-v3p1-70b-instruct AI model to generate plain-English summaries of your competitive position. These summaries are generated based on:

• Your business information (name, location, category)
• Competitor data from Google Places API
• Citation scores and ranking information

17.2 How AI Summaries Work

• Generation Frequency: 1 AI summary per IP address per 24 hours to prevent abuse
• Caching: Summaries are cached for 30 days to improve performance
• Privacy: Your data is processed in accordance with Fireworks.ai's privacy policy and data protection agreements
• Accuracy: AI summaries are provided for informational purposes and may not be 100% accurate. Always review the underlying data.

17.3 Your Rights Regarding AI-Generated Content

You have the right to:

• Request deletion of AI-generated summaries associated with your email address
• Opt out of AI summary generation (cached summaries will still be shown if available)
• Request correction of inaccurate information used to generate summaries

Contact us at support@rynodyno.com to exercise these rights.