Privacy Policies

Hello, welcome!

In view of the entry into force of the General Law for the Protection of Personal Data (Law No. 13.709/2018 - LGPD), activities involving the processing of personal data, as well as their respective purpose, must be recorded and made explicit to the data subjects so that they are aware of how your data is being treated and for what purpose. 

In view of this scenario, RankMyAPP, recognizing the importance of the right to Privacy and Protection of Personal Data, has prepared this Privacy Policy in order to clarify the flow of processing involving personal data, through its products called Mobile Performance and Mobile Intelligence. 

First, it is important to say that personal data is information that identifies an individual, called the holder of personal data, either directly or indirectly, not limited to basic registration data, such as name, CPF, and RG. It also includes data such as personal interests, log record, purchase history, IP address, among others.

What does RankMyAPP do?

provides services of Mobile Intelligence. The goal is to work on all aspects of a given application (app) in search of greater organic visibility, conversions and app performance in virtual stores and search engines.

So, the team Mobile Intelligence seeks to define the best keywords, optimize all elements of a given application, such as its descriptions and images, according to the study of the profile of a particular business and its respective audience.

The other service, called Mobile Performance, aims to work with the main media buying means (user acquisition, Apple Search Ads, programmatic, retargeting and DSP) as a way to impact eventual users. 

Thus, RankMyAPP structures, automates and optimizes acquisition and monetization campaigns considering the main metric of each client.

Within this context, it is important to demonstrate that to achieve these goals, RankMyAPP processes personal data, thus acting as a processing agent under the LGPD.

Its position will be that of personal data operator, since it will only provide the aforementioned services, by contracting a third party (client), who will be responsible for determining the purpose and means of treatment, thus acting as the Controller of the Dice.


1. Category of personal data and purposes of treatment

Personal data is collected, for the purpose of converting new users/consumers, through a digital advertising campaign, running in the format of banners or advertising videos, based on a certain type of transaction determined by the Controller, be it cost per click (CPC) or Cost per action (CPA), for example. 

Furthermore, personal data is collected for the purpose of analyzing and blocking suspected fraud patterns, thus ensuring an efficient advertising campaign.

Here's a chart for better visualization:

                                      PROCESSING OF PERSONAL DATA


personal data


Users impacted by digital advertising.

IP address

1.Convert new users, through a digital advertising campaign, running in the form of banners or advertising videos, based on a certain type of transaction determined by the Controller

2. For the purpose of analyzing and blocking suspected fraud patterns


connection network


Mobile device

Mobile device version

Operational system

Postal Number 

Device ID


device language

User/consumer interaction in the app

 1.1 Source
When providing the service Mobile Performance, RankMyAPP collects personal data through a certain mobile marketing analysis and attribution platform software as a service (SaaS) contracted by the Client and at its discretion.

2. Form and duration of treatment

2.1 Sharing
To achieve the purposes described in item 1.1, RankMyAPP shares personal data with the following companies:

  • Legal Entity that hired it, entitled as Parent company under the LGPD;
  • Microsoft Azure, for secure data storage, which will be considered a sub-operator of personal data, with prior authorization to the controller;
  • 24metrics, due to the subcontracted platform, called ClickShield, which receives data related to clicks for the purpose of analyzing and blocking traffic suspected of fraud;
  • 24metrics, due to the subcontracted platform, called FraudShield, which receives data regarding installations for the purpose of analyzing suspected fraud patterns;
  • MongoDB, which offers a multi-cloud database service available on Azure;

2.2 Automated decision
The platforms contracted by RankMyAPP, described below, process the data in an automated way: 

  • ClickShield – automatic blocking of clicks considered suspected of fraud by means of rules established by the platform itself.
  • FraudShield – Automatic analysis of installations to differentiate legitimate installations from potentially fraudulent installations. 

In addition, there is processing of data collected from human interference.

2.3 Security measures
Personal data are stored in the cloud, on the Microsoft Azure platform, only for the time necessary for the purpose described in this Policy, unless there is a legal obligation that authorizes the retention of data after the purpose has been achieved and the agreement established with the Controller has been terminated. . 

Microsoft Azure applies physical, technical, and organizational security measures, such as encryption in data transport and storage.

In addition, personal data are only accessed by a team of employees who have a strict need for the performance of their activities.

24metrics has implemented a variety of security measures to keep personal data safe, such as: Encryption for different datasets, granting access rights, Amazon and Google Cloud cloud provider security measures.

Finally, MongoDB adopts various technologies and security procedures measures against unauthorized access, use or disclosure, such as individual password for access. 


In order to carry out the Mobile Intelligence activity, as a rule, RankMyAPP does not process data considered personal.

This is because the purpose of this service is related to attracting organic users through keyword optimization and other app elements such as icons, description. 

For this, RankMyAPP only uses data considered quantitative, such as % of installations, % of visits and conversion rates, which are collected from a console owned by a given customer. 

On the other hand, occasionally, depending on the customer's need and command, RankMyAPP will process personal data, in which case the purpose will be to correlate data so that a clear and assertive direction is provided to the customer.

 It is worth mentioning that the aforementioned treatment only takes place under the type “access” and this will be done through the visualization of comments made by users within a certain application owned by the client. 

Here's a chart for better understanding:

                                      PROCESSING OF PERSONAL DATA




Application users


Correlate data so that a clearer and more assertive direction is provided to the Client when, for example, he notices a drop in his application's rating, due to negative user comments.

At this moment, the Mobile intelligence team analyzes the period and the percentage of failures, checks if there was an increase in the number of uninstallations in the same period, observes the users' comments and, from there, can conclude or not, if it was due to application operating system failure that the relationship with the user was harmed.


Mobile device

Mobile device version


 1.1. Security measures 
RankMyAPP guarantees that only employees who have a strict need for the performance of their activities have access to said data. Furthermore, such employees have assumed confidentiality and are trained and qualified to handle personal data ethically and in line with this policy. 

3. Liability of treatment agents according to the scope of Mobile Performance and Mobile Intelligence services

RankMyAPP, its subcontractors and the Controller are jointly and severally liable in the event of any material and/or moral damage to the holder, with the exception of cases in which they are able to prove that:

  • They did not process the personal data assigned to them; 
  • That, although they have carried out the processing of personal data assigned to them, there has been no breach of data protection legislation; and
  • That the damage is due to the exclusive fault of the holder or a third party.
4. Changes

This policy will be updated in cases of need and in the event of any guidelines issued by the National Authority for the Protection of Personal Data (ANPD). 

5. Contact

In case of doubt, comment or suggestion, please contact our Personal Data Processing Officer (“Data Protection Officer”) by sending a message to the email address: [email protected].