Privacy Policy

This Privacy Policy describes how Kangar OÜ ("we," "us," or "our"), operating under the brand name Aranx, collects, uses, and shares your personal information when you use our website, platform, and services (collectively, the "Service").

Kangar OÜ is a company registered in Estonia, located at Harju maakond, Tallinn, Kristiine linnaosa, Kotkapoja tn 2a-10, 10615. By using our Service, you agree to the collection and use of information in accordance with this policy.

We collect the following categories of information:

Personal Information

• Name and email address (provided during account registration)
• Payment information (processed securely through Stripe; we do not store your full card details)

Automatically Collected Information

• IP address, browser type, device information
• Usage data (pages visited, features used, timestamps)

Content Data

• Business information you provide during onboarding
• Prompts, blog topics, and content preferences
• Generated content and publishing configurations

We use your information for the following purposes:

• Account management: Creating and maintaining your account, authentication, and customer support
• Service delivery: Generating AI-powered blog content, keyword research, and content publishing
• Content generation: Processing your business context and preferences through AI providers to produce relevant content
• Analytics: Understanding how you use the Service to improve its performance and features
• Communication: Sending service-related notifications, updates, and transactional emails
• Legal compliance: Meeting our legal obligations, enforcing our terms, and protecting our rights

Your data is never used to train AI models. We process your content through OpenAI solely for the purpose of generating blog articles and related outputs on your behalf.

Your inputs (business context, prompts, and content preferences) are transmitted to OpenAI for processing and are not stored beyond what is necessary for service delivery. OpenAI's data processing is governed by their API data usage policies, which prohibit using API inputs and outputs for model training.

We share your information only with the following third-party service providers, strictly for operating the Service:

• OpenAI: Content generation (processes your business context and prompts)
• Stripe: Payment processing (handles billing and subscription management)
• DataForSEO: Keyword research and SERP analysis
• Vercel: Application hosting and analytics
• Sentry: Error monitoring and performance tracking
• Resend: Transactional email delivery

We do not sell, rent, or trade your personal information to any third party. We may disclose information if required by law, regulation, or legal process.

We use the following technologies:

• Essential cookies: Required for authentication, session management, and core functionality
• Vercel Analytics: Privacy-friendly, anonymous usage analytics (no personal data collected)
• Cloudflare Turnstile: Bot protection during sign-up and authentication flows

We do not use third-party advertising cookies or cross-site tracking technologies.

We retain your personal information for the duration of your account. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS) and at rest, secure infrastructure, and access controls.

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34.

Under the GDPR (Articles 15–22), you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to restriction: Request restriction of processing in certain circumstances
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at legal@aranx.com. We will respond within 30 days.

As an Estonian company, we process personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing under Article 6 include:

• Contract performance: Processing necessary to deliver the Service you have subscribed to
• Legitimate interests: Analytics, security, and service improvement
• Legal obligations: Compliance with applicable laws and regulations
• Consent: Where you have provided explicit consent for specific processing activities

Our supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). You have the right to lodge a complaint with the Inspectorate if you believe your data protection rights have been violated.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt out of the sale of your personal information
• The right to non-discrimination for exercising your privacy rights

We do not sell your personal information. To exercise your CCPA rights, contact us at legal@aranx.com.

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (where our service providers such as OpenAI and Stripe are located). These transfers are protected by Standard Contractual Clauses (SCCs) or other appropriate safeguards approved by the European Commission, ensuring your data receives an adequate level of protection.

When you install and use our WordPress plugin or other CMS integrations, the following additional data is collected:

• Website URL and site title
• Administrator email address
• WordPress version and plugin version

This data is transmitted securely to Aranx servers for the purpose of establishing and maintaining the connection between your CMS and our platform. You can revoke this connection at any time by deactivating and uninstalling the plugin from your CMS, or by disconnecting the integration from your Aranx dashboard.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that a child under 18 has provided us with personal information, please contact us at legal@aranx.com and we will take steps to delete such information.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you at least 30 days before the changes take effect by posting the updated policy on our website and, where appropriate, notifying you by email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Kangar OÜ
• Harju maakond, Tallinn, Kristiine linnaosa, Kotkapoja tn 2a-10, 10615
• Email: legal@aranx.com