Privacy Policy

Last updated: February 2026

RivalScope (“we”, “us”, “our”) is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy, please contact us at hello@therivalscope.com.

1. Data We Collect

We collect the following categories of personal data:

  • Account data: your name, email address, and authentication credentials when you create an account.
  • Payment data: billing information processed securely via Stripe. We do not store your full card details on our servers.
  • Brand data: business names, domains, competitor information, and keywords you provide for AI visibility tracking.
  • Usage data: how you interact with the platform, including features used, scans run, and pages visited.
  • Technical data: IP address, browser type, device information, and operating system collected automatically when you access our service.

2. How We Use Your Data

We process your personal data for the following purposes:

  • Service provision: to operate your account, run AI visibility scans, generate reports, and deliver the core functionality of RivalScope.
  • Payment processing: to manage subscriptions, process payments, and handle billing enquiries via Stripe.
  • Communications: to send transactional emails about your account, scan results, and service updates.
  • Marketing: with your explicit consent, to send newsletters and product updates. You may withdraw consent at any time.
  • Service improvement: to analyse usage patterns, fix bugs, and improve our platform.
  • AI platform queries: to submit prompts to AI platforms (ChatGPT, Claude, Perplexity, Gemini, Google AI Overviews) on your behalf to monitor brand visibility.

Our lawful bases for processing include: performance of a contract (service provision), legitimate interests (service improvement and security), consent (marketing), and legal obligation (financial record-keeping).

3. Third Parties

We share data with the following third-party processors:

  • Stripe: payment processing and subscription management.
  • OpenAI: AI platform queries for ChatGPT visibility monitoring.
  • Anthropic: AI platform queries for Claude visibility monitoring.
  • Perplexity: AI platform queries for Perplexity visibility monitoring.
  • Google: AI platform queries for Gemini and AI Overview visibility monitoring.
  • Serper.dev: search engine results data for Google AI Overview analysis.
  • Mailchimp: email communications and marketing (where consent is given).
  • Vercel / Replit: hosting and infrastructure services.
  • Neon: database hosting and storage.

We require all third-party processors to respect the security of your personal data and treat it in accordance with applicable law.

4. International Data Transfers

Some of our third-party processors are based in the United States. Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement (UK IDTA) and supplementary measures where necessary. These safeguards ensure that your data receives an equivalent level of protection to that afforded under UK GDPR.

5. Data Retention

We retain your data for the following periods:

  • Account data: retained while your account remains active, and deleted within 30 days of account closure.
  • Scan results and brand data: retained while your account remains active, and deleted upon account closure.
  • Payment records: retained for 6 years in accordance with HMRC requirements and applicable financial regulations.

6. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data in certain circumstances.
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: request a machine-readable copy of your data.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: you may file a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at hello@therivalscope.com. We will respond within one calendar month.

7. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication and session management. These are strictly necessary and do not require consent.
  • Analytics cookies: used with your consent to understand how visitors interact with our platform, helping us improve the service.

For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on our platform. We encourage you to review this policy periodically.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: hello@therivalscope.com