Privacy Policy

Rankigi Inc. (“RANKIGI,” “we,” “us”) operates AI governance infrastructure that provides tamper-evident cryptographic audit trails for autonomous AI agents. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform, APIs, SDKs, and website at rankigi.com.

Account information.When you register, we collect your name, email address, and organization name. Payment details are collected and processed by Stripe — we never store credit card numbers on our servers.

Agent event metadata.When your AI agents send events to RANKIGI via our SDK or REST API, we receive and store event metadata: agent ID, action type, tool invoked, timestamp, and severity level. All event payloads are SHA-256 hashed before storage. We store only the resulting hash and canonical payload representation — never raw sensitive data such as user inputs, model outputs, or personally identifiable information.

Usage data. We collect standard usage analytics: pages visited, API calls made, feature usage patterns, and session duration. We use essential session cookies for authentication. We do not use tracking or advertising cookies.

We use collected information to: provide, maintain, and improve the RANKIGI platform; generate cryptographic audit trails, governance reports, and behavioral profiles; enforce compliance policies you configure; process subscription payments; send technical notices and support communications; and comply with legal obligations. We do not sell your data to third parties. We do not use your event data to train machine learning models.

Event data retention varies by subscription tier:

Free: 30 days
Starter ($49/month): 60 days
Pro ($149/month): 90 days
Growth ($299/month): 120 days
Scale ($599/month): 180 days
Business & above ($999+/month): 365 days

Account data is retained until you delete your account. Upon account deletion, all associated data is permanently purged from our systems within 30 days. Cryptographic hash chain records are retained for the duration specified by your plan and cannot be selectively deleted during the retention period, as this would break chain integrity.

We use the following third-party services to operate the platform:

Supabase— Database hosting and authentication (Postgres 16, US-based infrastructure)
Railway— Application hosting and deployment
Stripe— Payment processing and subscription management
Intercom— Customer support and live chat

Each provider maintains their own privacy policies and security certifications. We do not share raw event data with any of these providers — they receive only the minimum information necessary to provide their respective services.

Regardless of your location, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your account and associated data; export your data in a machine-readable format (JSON); object to or restrict certain processing activities; and withdraw consent where processing is based on consent.

To exercise any of these rights, contact privacy@rankigi.com. We will respond within 30 days.

For users in the European Economic Area, we process personal data under the following legal bases: contract performance (to provide the service you subscribed to), legitimate interest (to improve and secure our platform), and consent (for optional communications). You may lodge a complaint with your local data protection authority. For data transfer outside the EU, we rely on Standard Contractual Clauses approved by the European Commission. Our Data Processing Agreement (available at /dpa) complies with GDPR Article 28.

California residents have the right to: know what personal information we collect and how it is used; request deletion of personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising these rights. To submit a CCPA request, contact privacy@rankigi.com.

RANKIGI is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

We implement technical and organizational measures to protect your data, including: SHA-256 hash chaining for tamper-evident audit trails; encryption in transit (TLS 1.3) and at rest (AES-256); row-level security enforced at the database layer; peppered and hashed API key storage; append-only event ledger with database-level immutability triggers; and regular security assessments. For full details, see our Security Practices page.

We may update this policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the platform at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For privacy-related questions or requests:

Email: privacy@rankigi.com
Company: Rankigi Inc., a Delaware C-Corp
Address: United States