Trust & security
Built to measure waste — not to become it.
Last updated: July 2, 2026
Download security packet
Everything your security team needs for an initial review — no sales call required. Documents are updated when our posture changes; the subprocessor register is always live at /subprocessors.
Security overview
Architecture, encryption, tenant isolation, audit logging, and compliance posture.
markdown
Subprocessor register
Machine-readable list of third parties that may process customer data.
json
CAIQ-lite questionnaire
Pre-filled answers to common security-assessment questions.
markdown
DPA template
Standard data-processing agreement for enterprise customers.
markdown
Your data is never used to train, never cross-tenant
Your prompts, outputs, and ingested traces are used only to run the service for your workspace. We do not train models on your data and we do not sell it. Every database read is scoped to your organization ID; the only cross-tenant surface is the opt-in, k-anonymized industry benchmark, which publishes aggregate percentiles only once enough distinct organizations contribute that no single one can be re-identified.
Metadata-only by default
Trace ingestion stores metadata only — model, token counts, cost, and latency — which is all the savings engine needs. Raw prompt/response text is stored only when you explicitly opt in per event, is redacted after a short window (30 days by default), and whole trace records age out on a configurable retention schedule.
Bring your own keys, with guardrails
Evaluations run on your own provider keys, encrypted at rest with AES-256-GCM using version-prefixed ciphertexts (v1) so encryption keys can be rotated without downtime. ReasonRank can never overspend them: every run has a pre-flight cost estimate, per-run caps, a monthly budget, an output-token ceiling, live spend tracking, and a kill switch. The optional gateway is self-hosted and single-tenant only — we never proxy your provider traffic through shared infrastructure.
Recommendations you can trust
We never repoint a production model on a hunch. A recommendation is only surfaced when a statistical non-inferiority test on real score samples shows the cheaper model is not meaningfully worse — with the confidence interval and sample size shown. After you apply one, a verification loop measures realized cost and quality from live traffic and auto-flags regressions with one-click rollback.
Tenant isolation & access
ReasonRank is multi-tenant by construction: organization-scoped access on every query, role-based permissions, audit logging of sensitive actions (viewable and exportable from Settings → Activity log), and encrypted secrets. Web sessions idle out after 24 hours with a 7-day absolute lifetime; API tokens are scoped, expire after a year by default, and rotate in one click. Access to production systems is restricted and audited.
Availability & recovery
Data is stored in Postgres with point-in-time recovery. Webhooks are idempotent, runs are reclaimed via heartbeats if a worker dies, and background jobs (verification, drift detection, retention) run on a scheduled, monitored cron. Current status: /status.
Compliance roadmap
We follow SOC 2 aligned practices today (audit logging, RBAC, encryption at rest, least-privilege access, incident response) and are on a path to formal SOC 2 Type II. Download the security packet above for our CAIQ-lite answers, DPA template, and subprocessor register — or contact sales for a custom questionnaire review.
Your rights
Export or delete your data at any time from the app; a workspace owner can permanently delete the whole workspace. For data-subject requests, email privacy@reasonrank.ai and we will confirm completion in writing. See our Privacy Policy for details.
Subprocessors
Third parties that may process customer data on our behalf.
| Subprocessor | Purpose | Data categories | Location | DPA |
|---|---|---|---|---|
| Vercel Inc. | Application hosting, edge network, and serverless compute for the web app and API. |
| United States | In place |
| Neon Inc. | Managed PostgreSQL database (primary data store) with point-in-time recovery. |
| United States | In place |
| Stripe, Inc. | Subscription billing and payment processing. |
| United States | In place |
| Resend, Inc. | Transactional email (invitations, alerts, verification). |
| United States | In place |
| Functional Software, Inc. (Sentry) | Error monitoring and performance tracing for production reliability. |
| United States | In place |
| Upstash, Inc. | Managed Redis for background job queues (optional — used when REDIS_URL is configured). |
| United States | In place |