Privacy Policy

RANKIGI Inc. (“RANKIGI,” “we,” “us”) operates AI agent compliance infrastructure that provides tamper-evident cryptographic audit trails for autonomous AI agents. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform, APIs, SDKs, and website at rankigi.com.

Account information. When you register, we collect your name, email address, and organization name. Payment details are collected and processed by Stripe - we never store credit card numbers on our servers.

Agent event metadata. When your AI agents send events to RANKIGI via our SDK or REST API, we receive and store event metadata: agent ID, action type, tool invoked, timestamp, and severity level. By default, RANKIGI hashes event payloads on receipt and does not persist a separate raw payload field. We store a keyed payload fingerprint (HMAC-SHA-256, derived per tenant) and the canonical form of the event used for tamper-evident chain verification. Customers on the applicable subscription tier may enable encrypted evidence retention, under which payloads are encrypted with customer-managed keys before persistence.

Usage data. We collect standard usage analytics: pages visited, API calls made, feature usage patterns, and session duration. We use essential session cookies for authentication. We do not use tracking or advertising cookies.

We use collected information to: provide, maintain, and improve the RANKIGI platform; generate cryptographic audit trails, audit reports, and behavioral profiles; enforce compliance policies you configure; process subscription payments; send technical notices and support communications; and comply with legal obligations. We do not sell your data to third parties. We do not use your event data to train machine learning models.

Event data retention varies by subscription tier:

Free: 7 days
Pro: 90 days
Enterprise: 1 year or more, subject to contract

Canonical event record (payload_canonical).For each agent event, RANKIGI retains a canonical event record containing structured metadata (action type, tool invoked, timestamps, policy outcomes, agent identifiers) used to compute and verify the tamper-evident chain hash. The canonical record does not contain raw prompt text, model outputs, or sensitive payload content unless the customer's agent explicitly includes such content in structured metadata fields. It is stored as pseudonymized data under GDPR Article 4(5). On the applicable subscription tier, customers may enable encrypted evidence retention; under this mode the canonical record is encrypted with AES-256-GCM using a per-organisation key derived via HKDF from a master key held in RANKIGI's key management system. Customer-managed keys (BYOK) are on the Q3 2026 roadmap; contact enterprise@rankigi.com.

Customer data is erased from primary storage within 90 days of subscription termination. The hash row in the audit chain is permanently retained to preserve tamper-evident verifiability; the raw event payload that was hashed is tombstoned (set to null) so it is no longer readable. Event payloads are archived in encrypted form for the duration of the contractual retention period before permanent deletion. The archive envelope uses AES-256-GCM with a per-organisation key derived via HKDF-SHA256 from a master key held in RANKIGI's key management system; plaintext payload is not stored in the archive table. Cryptographic hash records cannot be deleted as they form the integrity of the audit chain.

Compliance evidence carve-out.Closure-export evidence bundles (the per-chain compliance artifact generated for regulatory submission) reconstruct the full chain regardless of the org's retention window, because they are evidence of process at a specific point in time and must remain self-verifying. This carve-out is documented here and in the Data Processing Agreement §11. The carve-out applies only to closure exports; dashboard views, the chain-events feed, and the standard chain export honor the retention window.

We use the following third-party services to operate the platform:

Supabase - hosted Postgres + auth (US-based infrastructure)
Railway - application hosting
Stripe - billing/payments
Resend - transactional email
Upstash - rate-limit Redis
Sigstore Rekor - anchor notarization / transparency log
FreeTSA - RFC 3161 timestamps
Sentry - application error monitoring

Each provider maintains their own privacy policies and security certifications. We do not share raw event data with any of these providers - they receive only the minimum information necessary to provide their respective services.

Regardless of your location, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your account and associated data. For append-only chain records, deletion is implemented as payload tombstoning: the hash row stays so chain integrity is preserved, but the raw event payload is nulled and is no longer readable. Prior to tombstoning, payload data is copied to an encrypted archive for the duration of your contractual retention period, after which the archive copy is also permanently deleted. The cryptographic hash satisfies GDPR Article 4(5) pseudonymization and is not reversible to the original content. Full cryptographic erasure under a customer-held key (BYOK) is available on Enterprise plans on the Q3 2026 roadmap; export your data in a machine-readable format (JSON); object to or restrict certain processing activities; and withdraw consent where processing is based on consent.

To exercise any of these rights, contact privacy@rankigi.com. We will respond within 30 days.

For users in the European Economic Area, we process personal data under the following legal bases: contract performance (to provide the service you subscribed to), legitimate interest (to improve and secure our platform), and consent (for optional communications). You may lodge a complaint with your local data protection authority. For data transfer outside the EU, we rely on Standard Contractual Clauses approved by the European Commission. Our Data Processing Agreement (available at /dpa) complies with GDPR Article 28.

California residents have the right to: know what personal information we collect and how it is used; request deletion of personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising these rights. To submit a CCPA request, contact privacy@rankigi.com.

RANKIGI is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

We implement technical and organizational measures to protect your data, including: SHA-256 hash chaining for tamper-evident audit trails; encryption in transit (TLS 1.3) and at rest (AES-256); row-level security enforced at the database layer; peppered and hashed API key storage; append-only event ledger with database-level immutability triggers; and regular security assessments. For full details, see our Security Practices page.

We may update this policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the platform at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For privacy-related questions or requests:

Email: privacy@rankigi.com
Company: RANKIGI Inc., a Delaware C-Corp
Address: United States