Skip to main content
How It WorksSandboxPricing
← Trust Center

SECURITY ARCHITECTURE

How RANKIGI protects your data.

A governance platform must be held to the same standards it enforces. Here is exactly how RANKIGI is built.

The Hash-Only Storage Principle

Every piece of sensitive content your agent handles — inputs, outputs, reasoning, decisions — is converted into a cryptographic hash before it reaches RANKIGI’s infrastructure. A hash is a fixed-length fingerprint of data. Given the hash, it is computationally infeasible to reconstruct the original content.

This means RANKIGI stores proof that something happened without storing what happened. If RANKIGI’s database were compromised tomorrow, the attacker would find a sequence of SHA-256 hashes. Nothing sensitive. Nothing readable. Nothing actionable.

This is not a policy decision. It is an architectural constraint. Your data cannot be exfiltrated from RANKIGI because your data was never stored in RANKIGI.

input_hash = SHA-256(canonical_json(input_payload))
output_hash = SHA-256(canonical_json(output_payload))
event_hash = SHA-256(canonical_json(all_event_fields))

Canonical JSON: alphabetically sorted keys, no whitespace, UTF-8.
Deterministic. Reproducible. Independently verifiable.

The Hash Chain

Every event RANKIGI records includes the hash of the previous event. This forms a chain where each link depends on every link before it. To modify any record you must recompute every hash in the chain from the modified point forward.

This is detectable. RANKIGI’s verification endpoint recomputes every hash on demand and reports the first broken link. The chain is append-only. No UPDATE or DELETE operations on event records.

event_hash_n = SHA-256(canonical_json({
  event_id, agent_id, timestamp, action_type,
  tool_invoked, input_hash, output_hash,
  decision_metadata, execution_result,
  previous_event_hash: event_hash_(n-1),
  chain_index: n
}))

Agent Identity: Ed25519 Passports

RANKIGI issues Ed25519 passports to every governed agent. Ed25519 is an elliptic curve signature scheme that provides 128-bit security with fast signing and verification. Passport signatures are verified on every federation handshake and every certificate issuance. The public key is published at rankigi.com/.well-known/jwks.json for independent verification.

Intent Chain Encryption

The Intent Chain is opt-in. When enabled, the agent’s reasoning is encrypted client-side using AES-256-GCM before transmission. RANKIGI stores only the encrypted ciphertext and its hash. The encryption key never leaves your environment. RANKIGI cannot decrypt Intent Chain records. Every decryption event is logged as a governed event.

Infrastructure Security

  • TLS 1.3 for all data in transit
  • All data encrypted at rest (AES-256)
  • API key authentication with SHA-256 hashing — raw keys never stored
  • Role-based access control with immutable audit logging
  • Rate limiting on all public endpoints
  • OWASP Top 10 hardened — zero known vulnerabilities as of March 2026
  • Security headers: CSP, HSTS, X-Frame-Options, nosniff, Referrer-Policy
  • Dependency vulnerability scanning on every deploy

Responsible Disclosure

Found a vulnerability? Email security@rankigi.com. We respond within 24 hours and will publicly acknowledge responsible disclosures.