Skip to main content

Privacy Policy

Privacy Policy

Last updated: March 18, 2026

RapidRabbit (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the RapidRabbit desktop application, website (rapidrabbit.io), and related services.

1. Our Privacy-First Approach

RapidRabbit is designed with privacy at its core. The desktop application processes all website crawl data locally on your machine. Crawled content, scan results, SEO analysis, CMS detection data, and screenshots are stored in a local SQLite database on your device and are never transmitted to our servers unless you explicitly choose to use the optional cloud backup feature.

2. Information We Collect

2.1 Account Information

When you create an account on rapidrabbit.io, we collect:

  • Email address — used for account login, communications, and subscription management
  • Display name — shown within the application and on your account
  • Password — stored in hashed form; we never store or have access to your plain-text password

2.2 Payment Information

If you subscribe to a paid plan (Personal at $7.99/month or Organization at $29.99/month), payment is processed entirely by Stripe. We do not store your credit card number, CVV, or full billing details on our servers. We receive and store only:

  • Stripe subscription and customer identifiers
  • Subscription status (active, cancelled, expired)
  • Plan type and billing period

2.3 Authentication Data

You may sign in using your email and password or through Google OAuth. When using Google sign-in, we receive your name, email address, and profile identifier from Google. We do not access your Google contacts, files, or any other Google account data.

2.4 Cloud Backup Data (Optional)

Paid plan subscribers may optionally upload scan session exports to our servers for cloud backup. These exports contain metadata about crawled websites (URLs, page titles, status codes) but do not contain the full crawled page content. You control when and whether to upload exports, and you can delete them at any time from your account.

2.5 Desktop Application Data

The RapidRabbit desktop application stores all data locally, including:

  • Crawl session data (URLs, page content, metadata)
  • CMS detection results
  • SEO analysis results
  • Screenshots captured during crawls
  • Application preferences and settings

This data remains on your device and is never automatically transmitted to us. The only network requests the desktop app makes are: (1) to websites you choose to crawl, (2) to our authentication server when you sign in, and (3) to upload scan exports if you explicitly choose to do so.

2.6 Organization and Team Data

If you use an Organization plan, we store team membership information including team member email addresses and organization name. Team invitations include the invitee’s email address and a time-limited invitation token that expires after 7 days.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the RapidRabbit service
  • Process subscriptions and payments through Stripe
  • Send transactional emails (account registration, password resets, subscription confirmations, team invitations)
  • Manage organization team memberships and invitations
  • Provide customer support
  • Enforce our terms of service

We do not use your data for advertising, sell your information to third parties, or build user profiles for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate RapidRabbit:

  • Stripe (stripe.com) — Payment processing. Stripe’s privacy policy governs how they handle your payment information.
  • Google OAuth (accounts.google.com) — Optional social sign-in. Google’s privacy policy applies to data shared during authentication.
  • Mailjet (mailjet.com) — Transactional email delivery for account notifications, password resets, and team invitations.
  • DigitalOcean (digitalocean.com) — Server infrastructure hosting.
  • Let’s Encrypt (letsencrypt.org) — SSL/TLS certificate provisioning.

We do not use any third-party analytics, tracking pixels, or advertising services on our website or in the desktop application.

5. Cookies

Our website uses cookies strictly for functional purposes:

  • Authentication cookies — To maintain your login session (set when you sign in, cleared when you sign out)
  • CSRF tokens — To protect form submissions against cross-site request forgery

We do not use cookies for tracking, analytics, or advertising. There are no third-party cookies on our site.

6. Data Retention

  • Account data — Retained as long as your account is active. You may request account deletion at any time.
  • Subscription data — Retained for the duration of your subscription and for a reasonable period afterward for billing and legal compliance.
  • Cloud backup exports — Retained until you delete them from your account or your account is closed.
  • Team invitations — Automatically deleted after 7 days if not accepted, or immediately upon acceptance or cancellation.
  • Local desktop data — Stored on your device under your control. You can delete sessions and all associated data at any time through the application.

7. Data Security

We protect your information through:

  • TLS/SSL encryption for all data in transit
  • Hashed password storage (never stored in plain text)
  • Cryptographically secure token generation for authentication and invitations
  • OAuth 2.0 with PKCE for desktop application authentication
  • Role-based access controls for organization team features

8. Your Rights

You have the right to:

  • Access your personal data by signing in to your account
  • Correct your account information through your account settings
  • Delete your account and associated data by contacting us
  • Export your scan data at any time using the desktop application’s built-in export features (JSON, CSV, XLSX)
  • Withdraw consent for optional features like cloud backups at any time

9. Children’s Privacy

RapidRabbit is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us through our website at rapidrabbit.io.