Privacy Policy

Last updated: April 29, 2026

1. Introduction

CleaRank Ltd (“we”, “us”, “our”, or “Company”) operates the website clearank.com and the SaaS dashboard at trade.clearank.com (“Service”). This Privacy Policy explains how we collect, use, disclose, and process personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Lei Geral de Proteção de Dados (LGPD).

This Privacy Policy applies to all users of our Service, including free trial users, paid subscribers (Pro and Ultra tiers), and visitors to our marketing site. Please read this policy carefully. By accessing or using CleaRank, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with our data practices, please do not use the Service.

2. Data We Collect

2.1 Information You Provide Directly

When you create an account, we collect:

  • Email address and password
  • Full name
  • Country of residence
  • Profile preferences (language, timezone, notification settings)
  • Trading simulator data (simulated trades, positions, account balances, journal entries)
  • Support tickets and communication content
  • Payment information (processed by our payment processor; we retain last 4 digits, expiry, and brand only)

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

  • IP address and device identifier
  • Browser type and version
  • Operating system
  • Clickstream and usage patterns (pages visited, features used, time spent)
  • Referral source
  • Server access logs
  • Cookies and similar tracking technologies

2.3 Third-Party Data

We may receive data from third-party sources, including:

  • Market data from TwelveData (price data, instrument information)
  • On-chain analysis from Etherscan and GoPlus (for our Rug Checker tool)
  • Analytics data from Google Analytics

3. Why We Process Your Data (Lawful Basis)

Under GDPR and similar laws, we process your data based on the following lawful bases:

Processing ActivityLawful BasisData Subjects
Account creation and authenticationContract (service delivery)All users
Simulator trading & journal storageContract (core feature)Paid subscribers
Marketing emails & newslettersConsent (opt-in)Opted-in subscribers
Analytics (GA4, usage tracking)Consent (analytics cookies)Visitors & users
Fraud prevention & security monitoringLegitimate interestsAll users
Service improvement & testingLegitimate interestsAll users
Tax & legal record retentionLegal obligationAll users

4. How We Use Your Data

4.1 Core Service Delivery

  • Authenticate your account and maintain your session
  • Store and process your simulator trades, positions, and journal entries
  • Calculate portfolio analytics and performance metrics
  • Fetch real-time and historical market data for your symbols
  • Generate AI-driven insights (AI Coach, Market Analyst) via Google Gemini

4.2 Communication

  • Send transactional emails (account confirmations, password resets, receipts)
  • Deliver newsletters and product updates (if you have opted in)
  • Respond to support requests and inquiries
  • Notify you of policy changes and service announcements

4.3 Security & Fraud Prevention

  • Detect and prevent unauthorized access
  • Monitor for fraudulent activity and terms-of-service violations
  • Enforce our legal agreements

4.4 Legitimate Interests

  • Improve, optimize, and personalize the Service
  • Conduct analytics and track user behavior to understand product usage
  • Test new features and troubleshoot bugs
  • Send direct marketing materials (where permitted by law)

4.5 Legal Compliance

  • Comply with tax and financial reporting obligations (7-year retention)
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service and other legal agreements

5. Sub-Processors and Data Sharing

We do not sell your personal data. We share your data with select service providers who process it on our behalf under Data Processing Agreements (DPA) that require them to protect your data and only use it as instructed:

ProcessorPurposeLocationTransfer Mechanism
SupabaseDatabase, authenticationUS/EUSCCs (DPA in place)
VercelHosting, edge functionsUSSCCs
ResendTransactional emailUSSCCs
MailerLiteMarketing emailUK/EUDPA
Google GeminiAI features (Coach, Analyst)US/EUSCCs
TwelveDataMarket price & quote dataUSSCCs
EtherscanRug Checker (on-chain data)GlobalPublic API
GoPlusRug Checker (on-chain data)GlobalPublic API
PayMe / Paid.co.ilPayment processingUS / IsraelSCCs / DPA
CloudflareCDN, DDoS protectionGlobalSCCs

For all non-European Economic Area (EEA) sub-processors, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism to provide an adequate safeguard for your data.

6. Payment Data & PCI Compliance

CleaRank does not directly handle or store your full payment card details. All payment processing is delegated to third-party payment processors (PayMe (paid.co.il)) that are PCI-DSS Level 1 compliant. On our side, we retain only:

  • Last four digits of your card
  • Card brand (Visa, Mastercard, etc.)
  • Expiry month and year (tokenized)

Your payment processor’s privacy policy governs the collection and processing of full payment details. Never provide your credit card number directly to CleaRank—always use our secure payment form.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy, or as required by law:

Data CategoryRetention Period
Active account & profile dataLifetime of account + 30 days after deletion
Simulator trades & journal entriesDuration of subscription + 30 days after account closure
Support tickets & messages2 years from last message or support closure
Payment & invoice records7 years (legal/tax requirement)
Server access logs90 days
Failed login attempts / fraud alerts30 days
Email subscription & newsletter preferencesUntil unsubscribed or account deleted
Analytics data (Google Analytics 4)26 months (GA4 default)

After the retention period expires, we delete or anonymize your data, except where we are obliged to retain it by law (e.g., tax records).

8. Data Security

We implement industry-standard technical, administrative, and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • TLS 1.3 encryption in transit (HTTPS)
  • AES-256 encryption at rest (Supabase PostgreSQL)
  • Bcrypt password hashing with salting
  • Row-level security (RLS) policies scoped per user
  • Regular vulnerability scans and dependency updates
  • Strict access controls (employees access data only on a need-to-know basis)
  • Firewalls and DDoS protection via Cloudflare

While we strive to protect your data, no method of transmission or storage is entirely secure. You are responsible for maintaining the confidentiality of your password.

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

9.1 GDPR Rights (EU/EEA Residents)

Right of Access

You have the right to obtain confirmation of whether we process your data and to receive a copy of your personal data. Email info@clearank.com with the subject line “Access Request”. We will respond within 30 days of verifying your identity.

Right of Rectification

You may request correction of inaccurate or incomplete data. Email info@clearank.com with “Rectification Request” and provide the details to be corrected. We will update your data promptly.

Right of Erasure (“Right to Be Forgotten”)

You may request deletion of your personal data, subject to certain exceptions (e.g., legal obligations, fraud prevention). Email info@clearank.com with “Erasure Request”. We will process this within 30 days, unless we have a legal basis to retain your data.

Right to Restrict Processing

You may request that we limit processing of your data while you contest its accuracy or we establish its lawfulness. Email info@clearank.com with “Restriction Request” and specify how you wish your data to be restricted.

Right to Data Portability

You may request a portable copy of your personal data in a machine-readable format (e.g., CSV, JSON). Email info@clearank.com with “Portability Request”. We will provide this within 30 days.

Right to Object

You may object to processing based on legitimate interests or direct marketing. Email info@clearank.com with “Objection Request” and specify the processing activity. We will cease processing unless we have a compelling legitimate reason to continue.

Right to Withdraw Consent

If we process your data based on consent (e.g., marketing emails), you may withdraw consent at any time. Click “Unsubscribe” in any email, or email info@clearank.com with “Withdraw Consent”. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority (e.g., the Information Commissioner’s Office in the UK, CNIL in France, etc.). You may also contact us first at info@clearank.com.

9.2 CCPA/CPRA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA) and its amendment (CPRA), you have the following rights:

  • Right to Know: Request what personal information we have collected about you in the past 12 months.
  • Right to Delete: Request deletion of personal information collected from you, subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit Sensitive Data: Request that we limit our use and sharing of sensitive personal information.
  • Right to Opt-Out of Sale or Sharing: CleaRank does not sell or share personal information for cross-context behavioral advertising. This right is therefore not applicable, but you may request confirmation.
  • No Financial Incentive Discrimination: We do not offer financial incentives or impose penalties for exercising your rights.

To exercise any CCPA/CPRA right, email info@clearank.com with your request. We will respond within 45 days. You may authorize an agent to make a request on your behalf if you provide them with written permission.

9.3 LGPD Rights (Brazil)

Under Brazil’s Lei Geral de Proteção de Dados (LGPD), you have the right to:

  • Confirm whether we hold your data
  • Access your data
  • Correct inaccurate data
  • Delete your data (where permitted)
  • Obtain information about third parties with whom we share your data
  • Request anonymization, blocking, or deletion of unnecessary data
  • Object to automated decision-making that produces legal or similarly significant effects

To exercise any LGPD right, contact us at info@clearank.com. We will respond within 15 days.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (pixels, web beacons, local storage) to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze user behavior and improve the Service
  • Prevent fraud and abuse

You control cookies via your browser settings. You may opt out of analytics cookies via Google Analytics or our cookie consent banner. However, disabling essential cookies may impact your ability to use certain features.

11. Children’s Privacy

CleaRank is intended for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. If we discover that we have collected data from a minor, we will delete it promptly. If you are a parent or guardian and believe your child has provided information to us, please contact info@clearank.com immediately.

12. International Data Transfers

Your data may be transferred, stored, and processed in countries outside the EEA, including the United States and Israel. These countries may not have the same data protection laws as your country of residence. When we transfer data outside the EEA, we rely on Standard Contractual Clauses (SCCs) or other legally adequate transfer mechanisms to ensure your data remains protected. By using CleaRank, you consent to such transfers.

13. Third-Party Links

Our Service may contain links to third-party websites and services that are not operated by CleaRank. This Privacy Policy does not apply to such third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before providing any personal information.

14. California Shine the Light (CA Civil Code § 1798.83)

California residents may request information about personal information we have shared with third parties for their direct marketing purposes. Send your request to info@clearank.com with the subject line “California Shine the Light Request”, and we will respond within 30 days.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the “Last Updated” date. For material changes, we will provide at least 30 days’ notice via email and in-app notification before the changes become effective. Your continued use of the Service after such notice constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:

  • Email: info@clearank.com
  • Data Protection Officer: info@clearank.com

Postal Address: Beni Berman 2, Netanya 4249330, Israel

  • Company: CleaRank Ltd, 329591143
  • Jurisdiction: Israel

We will respond to all data subject requests within the timeframe specified by applicable law.