Terms of Service

By accessing or using the RANKIGI platform, APIs, SDKs, dashboard, or website (collectively, the “Service”), you agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms. If you do not agree, do not use the Service.

RANKIGI provides AI agent compliance infrastructure, including: tamper-evident cryptographic event audit trails using SHA-256 hash chains; event-time policy evaluation against declared canons; behavioral drift detection and profiling; monthly audit reports mapped to compliance frameworks; Agent Passport identity and verification system; immutable daily snapshots; and associated SDKs (Node.js, Python) and REST APIs.

Reports summarize tamper-evident records that RANKIGI received and chained. They are not audits, audit opinions, or compliance certifications. Customers and their auditors remain solely responsible for evidentiary review and regulatory determinations.

RANKIGI evaluates configured policy rules against each ingested event at the time of ingest and records the verdict in the chain. The sidecar is passive: it does not block, modify, or interrupt agent execution. Customers are responsible for acting on verdicts in their own runtime.

RANKIGI is a passive attestation layer. The Service receives event metadata submitted by your AI agents, computes SHA-256 hash chains over that metadata, stores the resulting chain records in an append-only ledger, and periodically submits Merkle roots of those chains to the Sigstore Rekor public transparency log. The Service produces cryptographic records and verification tooling for those records.

RANKIGI does not provide legal advice. RANKIGI does not provide compliance certification. RANKIGI does not provide regulatory approval. RANKIGI does not provide evidentiary authentication of agent behavior. RANKIGI does not guarantee any AI agent's behavior, decisions, or outputs. The Service is not a SOC 2, ISO 27001, EU AI Act, HIPAA, or 21 CFR Part 11 certification, attestation, or audit. Compliance report templates produced by the Service are operational artifacts only. They are not, and shall not be represented as, third-party attestations or certifications.

The Service produces cryptographic records of event metadata submitted to it. The Service attests to two things only: (a) that the chain of records received by RANKIGI is internally consistent under SHA-256, and (b) that periodic Merkle roots of those chains were submitted to the Sigstore Rekor public transparency log at the timestamps shown. The Service does not attest, and you shall not represent to any third party that the Service attests, that (i) any AI agent operated lawfully, safely, or correctly; (ii) all actions taken by any AI agent were submitted to RANKIGI; (iii) records submitted to RANKIGI accurately reflect the underlying agent behavior; (iv) the Service constitutes a SOC 2, ISO 27001, EU AI Act, HIPAA, or 21 CFR Part 11 certification, attestation, or audit; or (v) outputs of the Service are admissible as evidence in any legal or regulatory proceeding.

You are the data controller for any metadata you submit to the Service. RANKIGI is the data processor and processes that metadata solely to provide the Service. The Service is designed to receive minimal metadata and cryptographic hashes, not raw sensitive content. You agree not to submit personally identifiable information, protected health information, payment card data, or other regulated content in raw (unhashed) form. You are responsible for ensuring your submissions comply with applicable data protection laws including GDPR, CCPA, and HIPAA where applicable. RANKIGI processes data on infrastructure operated by Supabase, Railway, Stripe (for billing only), Resend (for transactional email only), and Sigstore Rekor (for public Merkle root anchoring only). A separate Data Processing Addendum is available on request at legal@rankigi.com.

You must provide accurate and complete information when creating an account. You are responsible for maintaining the confidentiality of your account credentials, API keys, and session tokens. You must notify us immediately at security@rankigi.com if you suspect unauthorized access. API keys are peppered and hashed before storage - we cannot retrieve your raw API key after creation. You are responsible for rotating keys if they are compromised.

You agree not to: ingest personally identifiable information (PII) in raw form into the Service; attempt to circumvent security controls, hash chain integrity, or immutability triggers; reverse-engineer the cryptographic mechanisms of the platform; use the Service to facilitate illegal activity or to harm others; exceed documented API rate limits or attempt to overwhelm the Service; share API keys or account credentials with unauthorized parties; or use the Service in violation of applicable law. Violation of these terms may result in immediate account suspension.

The RANKIGI API is subject to the following rate limits: 200 requests per minute per IP address (pre-authentication) and 120 requests per minute per API key (post-authentication). Enterprise customers may negotiate higher limits. Exceeding rate limits will result in HTTP 429 responses. Sustained abuse may result in temporary or permanent key revocation.

Subscription fees are billed monthly or annually in advance through Stripe. Available tiers: Free, Builder, Business, Regulated Enterprise, and Sovereign. See the pricing page for current rates. All fees are in US dollars. Prices may change with 30 days written notice. Failed payments trigger a 7-day grace period; after which, access may be suspended. You can manage your subscription, update payment methods, and access invoices through the Stripe customer portal.

You may cancel your subscription at any time through the dashboard or by contacting legal@rankigi.com. Upon cancellation: your subscription remains active until the end of the current billing period; you retain read-only access to your data for 14 days after the billing period ends; after 14 days, all event data, hash chains, snapshots, and reports are permanently deleted. Refunds are available for the current billing period only if requested within 7 days of the charge. Prorated refunds are not offered for mid-cycle cancellations.

Account closure removes operational metadata and access credentials. Hash-chained event records are append-only by design and are retained in their immutable form for the retention period stated in your plan; their cryptographic contents (hashes and chain linkages) cannot be altered or selectively deleted without breaking the chain. Where applicable law requires erasure of personal data, RANKIGI redacts pre-image metadata while preserving the hash linkage that proves the record was not retroactively modified.

You retain full ownership of all event data, audit trails, audit reports, and other content you create through the Service. By using the Service, you grant RANKIGI a limited, non-exclusive license to process, store, and display your data solely to provide the Service. We do not use your event data to train machine learning models, share it with third parties, or use it for any purpose other than providing the Service. Upon termination, you may export your data before it is deleted.

The RANKIGI platform, including its software, algorithms, documentation, design, and branding, is owned by RANKIGI Inc. and protected by applicable intellectual property laws. These Terms do not grant you any right to use RANKIGI's trademarks, logos, or brand elements without prior written consent. Open-source components used in the platform are subject to their respective licenses.

The Service is provided “as is” and “as available” without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement. RANKIGI does not warrant that the Service will be uninterrupted, error-free, or completely secure. The Service does not constitute legal, compliance, or regulatory advice. You are responsible for determining whether the Service meets your specific compliance requirements.

To the maximum extent permitted by applicable law, RANKIGI Inc.'s total aggregate liability for any claims arising from or related to the Service is limited to the fees paid by you in the three (3) months immediately preceding the event giving rise to the claim. In no event shall RANKIGI be liable for indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunity, regardless of the theory of liability.

You agree to indemnify, defend, and hold harmless RANKIGI Inc., its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorney fees) arising from: your use of the Service; your violation of these Terms; your violation of any applicable law or regulation; or any data you ingest into the Service.

These Terms are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes arising under these Terms shall be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. The arbitration shall take place in Delaware. Each party bears its own costs. Judgment on the arbitration award may be entered in any court of competent jurisdiction.

We may modify these Terms at any time. We will provide at least 14 days notice of material changes via email to the address associated with your account. Continued use of the Service after the effective date of any changes constitutes your acceptance of the modified Terms. If you do not agree with the modified Terms, you must discontinue use of the Service before the effective date.

For questions about these Terms:

Email: legal@rankigi.com
Company: RANKIGI Inc., a Delaware C-Corp
Address: United States