Skip to main content

TRUST CENTER

Security, transparency, and accountability. For a product that proves accountability.

Everything a security reviewer needs to evaluate what RANKIGI proves, what it stores, and where its current limits are.

Last updated: 2026-06-04 | Contact: security@rankigi.com

Reviewed quarterly. Next review: 2026-09-04.

Technical

Security Architecture

How RANKIGI protects your data. SHA-256 hash chaining, Ed25519 signing, AES-256-GCM encryption, and why the default storage model persists no separate raw payload field.

OPEN

Open

5W1H Scoring Methodology

Exactly how RANKIGI calculates audit scores. Full weight breakdown, component definitions, and how certificates are issued. No black boxes.

OPEN

Regulatory

Compliance Framework Mapping

Control-by-control mapping of RANKIGI features to EU AI Act, SOC 2, HIPAA, ISO 42001, and PCI-DSS. RANKIGI is mapping to these frameworks. Formal certification is in progress. None of these certifications are currently attained.

OPEN

Privacy

Data Practices and Privacy

What RANKIGI stores by default, what it does not persist as raw payload, data residency, retention policies, breach notification protocol.

OPEN

CC BY 4.0

RCR/1 Open Specification v1.1

The open specification RANKIGI implements. Published under CC BY 4.0. Any organization can implement it.

OPEN

Live

System Status and Incident History

Live uptime, historical incident records, and transparent communication during outages.

OPEN

Minimized default storage. No separate raw payload field is persisted by default; reconstructable evidence is opt-in and customer-key encrypted.

Passive observation. RANKIGI never sits in your agent's execution path.

Published specification. Our audit specification is public and free to implement.

COMPLIANCE STATUS

Where RANKIGI stands today.

  • SOC 2 Type II: Not yet certified. Audit initiation and completion targeted for Q4 2026.
  • HIPAA: Data Processing Agreement available on request.
  • EU AI Act: Evidence support for Article 12 audit requirements.

SUBPROCESSORS

Third parties involved in delivering RANKIGI.

  • Supabasehosted Postgres + auth
  • Railwayapplication hosting
  • Stripebilling/payments
  • Resendtransactional email
  • Upstashrate-limit Redis
  • Sigstore Rekoranchor notarization / transparency log
  • FreeTSARFC 3161 timestamps

SECURITY CONTACT

Report a vulnerability to security@rankigi.com. We acknowledge security reports within 48 hours.

DATA PROCESSING AGREEMENT

Data Processing Agreement available. Contact privacy@rankigi.com.