TRUST CENTER
Security, transparency, and accountability. For a product that proves accountability.
Everything you need to evaluate RANKIGI for your organization. No security questionnaire needed.
Last updated: March 2026 · Contact: security@rankigi.com
Security Architecture
How RANKIGI protects your data. SHA-256 hash chaining, Ed25519 signing, AES-256-GCM encryption, and why hash-only storage means a breach reveals nothing sensitive.
→
5W1H Scoring Methodology
Exactly how RANKIGI calculates audit scores. Full weight breakdown, component definitions, and how certificates are issued. No black boxes.
→
Compliance Framework Mapping
Control-by-control mapping of RANKIGI features to EU AI Act, SOC 2, HIPAA, ISO 42001, and PCI-DSS.
→
Data Practices and Privacy
What RANKIGI stores, what it never stores, data residency, retention policies, breach notification protocol.
→
Open Agent Governance Standard v1.1
The open specification RANKIGI implements. Published under CC BY 4.0. Any organization can implement it.
→
System Status and Incident History
Live uptime, historical incident records, and transparent communication during outages.
→
Hash-only storage. Raw sensitive data never enters RANKIGI systems.
Passive observation. RANKIGI never sits in your agent’s execution path.
Published specification. Our audit specification is public and free to implement.
COMPLIANCE STATUS
Where RANKIGI stands today.
- SOC 2 Type II: Not yet certified. Audit initiation planned for 2026.
- HIPAA: Data Processing Agreement available on request.
- EU AI Act: Evidence support for Article 12 audit requirements.
SUBPROCESSORS
Third parties involved in delivering RANKIGI.
- RailwayInfrastructure hosting
- SupabaseManaged PostgreSQL
- UpstashRate-limit Redis
- Sigstore RekorPublic transparency log
- ResendTransactional email
- StripePayments
SECURITY CONTACT
Report a vulnerability to security@rankigi.com. We acknowledge security reports within 48 hours.
DATA PROCESSING AGREEMENT
Data Processing Agreement available. Contact wes@rankigi.com.