Ranex
← Back to Home

Privacy Policy

Last updated: December 1, 2025

Introduction

Ranex ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI governance platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, and password when you create an account
  • Payment Information: Billing details processed through secure third-party payment processors (we do not store credit card numbers)
  • Profile Information: Optional profile details, preferences, and settings
  • Communications: Messages you send to our support team

1.2 Information Collected Automatically

  • Usage Data: Features used, scan frequency, command execution, and interaction patterns
  • Device Information: Operating system, browser type, IP address, and device identifiers
  • Log Data: Access times, pages viewed, and actions taken within the Service
  • Cookies: Session cookies for authentication and analytics cookies (see Section 8)

1.3 Code and Scan Data (Edition-Specific)

Community Edition (Local):

  • Runs entirely on your local machine
  • Your code NEVER leaves your device
  • No code or scan results are transmitted to our servers
  • We collect zero information about your code

Team Edition (Cloud-Connected):

  • Scan Metadata: File paths, scan timestamps, vulnerability counts, compliance scores (NOT the actual code)
  • Scan Results: Security findings, antipattern detections, drift alerts, compliance violations
  • Configuration: Custom standards, personas, and governance rules you define
  • NOT Collected: Your source code itself is never uploaded or stored

Enterprise Edition (On-Premise):

  • Deployed on your infrastructure
  • You control all data storage and retention
  • We only collect telemetry if you opt-in

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Send administrative information, updates, and security alerts
  • Respond to support requests and provide customer service
  • Improve and optimize the Service through analytics
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service
  • Send marketing communications (Team/Enterprise only, with opt-out available)

3. Data Sharing and Disclosure

We may share your information with:

3.1 Service Providers: Third-party vendors who perform services on our behalf (hosting, payment processing, analytics, customer support). These providers are contractually obligated to protect your data.

3.2 Team Members: For Team Edition, scan results and metadata are shared with other members of your organization as part of collaboration features.

3.3 Legal Requirements: When required by law, subpoena, or legal process, or to protect our rights and safety.

3.4 Business Transfers: In connection with a merger, acquisition, or sale of assets. You will be notified of any change in ownership.

3.5 With Your Consent: We may share information for other purposes with your explicit consent.

We DO NOT:

  • Sell your personal information to third parties
  • Share your source code with anyone (it's never uploaded)
  • Use your data to train AI models
  • Share scan results outside your organization without permission

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
  • Access Controls: Role-based access control (RBAC) and principle of least privilege
  • Authentication: Secure password hashing (bcrypt), optional 2FA for Team/Enterprise
  • Infrastructure: Hosted on secure cloud infrastructure with regular security audits
  • Monitoring: 24/7 security monitoring and incident response (Enterprise)
  • Audit Trails: Cryptographic audit trails using Blake3 + Ed25519 (Enterprise)

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

Account Data: Retained while your account is active and for 30 days after deletion (for recovery purposes).

Scan Results (Team Edition):

  • Active subscription: 6 months of historical data
  • After cancellation: 30 days, then permanently deleted

Billing Records: Retained for 7 years to comply with tax and accounting regulations.

Logs and Analytics: Aggregated and anonymized after 90 days.

Enterprise Edition: You control retention policies for on-premise deployments.

6. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data (subject to legal retention requirements)
  • Export: Download your scan results and configuration in JSON format
  • Opt-Out: Unsubscribe from marketing emails (link in every email)
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in a structured, machine-readable format

To exercise these rights, contact us at support@ranex.email.

7. International Data Transfers

Our servers are located in Singapore. If you access the Service from outside Singapore, your information may be transferred to, stored, and processed in Singapore. By using the Service, you consent to this transfer. We comply with applicable data protection laws and use standard contractual clauses for international transfers.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how users interact with the Service (can be disabled)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

9. Third-Party Services

We use the following third-party services:

These services have their own privacy policies. We are not responsible for their practices.

10. Children's Privacy

Ranex is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@ranex.email.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at support@ranex.email.

12. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on consent, contract performance, and legitimate interests
  • Data Protection Officer: Contact support@ranex.email
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority
  • Data Transfers: We use standard contractual clauses for transfers outside the EEA

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (for material changes)

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: support@ranex.email

Website: https://ranex.dev

GitHub: github.com/anthonykewl20/ranex-framework

Terms of ServiceContact UsBack to Home