Privacy
Privacy Policy
Last updated: 2026-05-10
1. Who we are
ContentRank is operated as a personal, non-commercial project by Anthony Gosme, based in France. Anthony is the data controller and is reachable via the contact form. See the legal notice for the publisher details.
2. What we collect
We process the minimum data needed to operate the Service:
- ·Submitted content: the URLs and the text excerpts you submit, the extracted text content, and the resulting match records.
- ·Anti-abuse identifiers: a hashed IP address (irreversible SHA-256), a browser fingerprint hash. Used to enforce per-day quotas and block abuse. We do not store raw IP addresses.
- ·Local-only state: a list of matches you've submitted is kept in your browser's localStorage / sessionStorage to power your private "my matches" view. This data lives on your device, not on our servers.
- ·Analytics (with your consent): if you accept analytics cookies, Google Analytics collects aggregated usage data (pages viewed, session duration, approximate location, device type). See the Cookie Policy for details.
- ·Technical logs: server logs (HTTP requests, error traces) for security and debugging. Retained 30 days.
3. Lawful basis
- ·Operating the Service: legitimate interest (Article 6(1)(f) GDPR) and performance of the contract with you (6(1)(b)).
- ·Anti-abuse measures: legitimate interest in preserving the integrity of the rankings.
- ·Analytics: your consent (6(1)(a)), revocable at any time via the cookie banner.
- ·Legal obligations: where applicable (6(1)(c)).
4. Public content
Match results are public by default. The URLs you submit, the extracted text, the per-axis verdicts, and the citations may be displayed at a stable public URL /match/{hash} and indexed by search engines. If you don't want the content to be public, do not submit it. Removal requests are handled at the contact form.
5. Retention
- ·Public matches: kept indefinitely, since they constitute the public ranking history (the system depends on the accumulated graph). You may request removal of a specific match at any time.
- ·Anti-abuse identifiers: hashed IP and fingerprint kept 90 days for quota enforcement.
- ·Server logs: 30 days.
- ·Analytics data: as defined by Google Analytics retention settings; we set the minimum (currently 14 months).
- ·Local browser storage: lives on your device, you can clear it at any time via your browser settings.
6. Recipients and transfers
- ·Hosting provider: Hetzner Online GmbH (Germany). Hosts our servers and database.
- ·LLM provider: DeepSeek (China). Receives the extracted text content for the qualitative comparison step. Operates under their own Privacy Policy.
- ·Embedding provider: OpenAI (United States). Receives the extracted text for embedding-based concordance scoring.
- ·Backup provider: Cloudflare R2 (United States) for encrypted database backups via Litestream.
- ·Analytics: Google LLC (United States), with anonymisation enabled when supported.
Some recipients are located outside the European Economic Area. Where applicable, transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by the providers' own safeguards.
7. Your rights
Under GDPR you have the right to:
- ·Access the personal data we hold about you.
- ·Rectify inaccurate data.
- ·Erasure ("right to be forgotten"), within the limits of our legitimate interest in maintaining ranking integrity (we will discuss specific cases case-by-case).
- ·Restrict processing.
- ·Data portability for the data you actively submitted.
- ·Object to processing based on legitimate interest.
- ·Withdraw consent for analytics at any time, via the cookie banner.
To exercise these rights, contact the contact form. We respond within one month of receipt.
You may also lodge a complaint with the data protection authority of your country. In France, that's the CNIL.
8. Security
We apply reasonable technical and organisational measures to protect the data: encrypted connections (HTTPS), encrypted backups, hashed identifiers (irreversible SHA-256 on IP), restricted access to production systems, regular dependency updates. No system is perfectly secure; we report incidents promptly when applicable.
9. Children
The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has submitted personal data, contact us and we will delete it.
10. Changes
We may update this Privacy Policy. The "Last updated" date at the top reflects the current version. Significant changes will be flagged on the home page.