Updated 08.23.2025

Data Handling & SOC2

Get Access to support if you have questions regarding this document:
We support companies with deep privacy needs. Please see our privacy policy below. For customization, reselling Rantir or other commercial goals and needs for your company please reach out to hello@rantir.com or support@rantir.com.
Data Classification and Handling Program for Rantir Cloud

We are not SOC 2 Compliant

By signing up with Rantir Products you adhere to the following terms and conditions for our products. Note, that any open-source or on-premise installs adhere to the licensing: Rantir is under a hybrid, GPL extended Fair-Use License.
Type:
Data Handling and Classification
Last updated 08.23.2025
SOC2 Compliance is not applied for by default. Because we don't have shared hosting, SOC2 is on a per case basis and can be applied to with a Self-Host option. This can be achieved by your hosting provider where Rantir is installed. We work alongside your hosting provider to successfully apply for and receive SOC2.
Rantir Cloud, focusing on Confidential Information (including Non-public Personal Information with key components:

1. Understanding the Context

Rantir Cloud is an integration platform that handles sensitive data, but does not store your data. Our goal is to safeguard this data, especially Confidential Information through the integration and automation experience. High level understanding of Rantir's data policy: We rarely store data that is integrated between third-party sources. Some data might be stored inside the app for it to function within that integration period. But generally speaking, no, we don’t maintain any database ourselves, it’s all third parties (such as AWS, Airtable, Webflow, Framer, ect.)

2. Data Classification Levels

Let’s delve into the three data classification levels: Public Data, Internal Data, and Confidential Data. Each level serves a distinct purpose in managing information within an organization.                            

  • Public Data:
    • Description: Public data is information that has no restrictions on access or dissemination. It’s meant for public consumption and doesn’t contain sensitive or confidential details.
    • Examples:
      • Company website content (publicly accessible pages).
      • Press releases, marketing materials, and product brochures.
      • Non-sensitive research findings.
    • Handling Guidelines:
      • No access controls needed.
      • Minimal metadata required.
      • Focus on availability and ease of sharing.
  • Internal Data:
    • Description: Internal data is intended for use within the organization but isn’t publicly available. It includes operational data, employee records, and non-critical business information.
    • Examples:
      • Employee directories (with limited access).
      • Project documentation (not confidential).
      • Non-sensitive financial reports.
    • Handling Guidelines:
      • Controlled access based on roles (RBAC).
      • Metadata includes data owner and purpose.
      • Encryption for data at rest.
      • Regular audits to ensure compliance.
  • Confidential Data:
    • Description: Confidential data is highly sensitive and requires strict protection. Unauthorized access could harm individuals or the organization. It includes personal information, financial data, trade secrets, and legal documents.
    • Examples:
      • Personal health records (PHI).
      • Financial transactions (credit card numbers, bank account details).
      • Intellectual property (designs, algorithms).
    • Handling Guidelines:
      • Strong access controls (need-to-know basis).
      • Detailed metadata (classification, data type, retention period).
      • Encryption for data in transit and at rest.
      • Rigorous auditing and monitoring.
      • Incident response plan for breaches.

3. Metadata and Tagging

  • Attach metadata tags to each data item:
    • Indicate classification level (public, internal, confidential).
    • Specify data type (e.g., personal, financial).
    • Identify data owner.

4. Access Controls

  • Implement role-based access control (RBAC):
    • Define roles (e.g., admin, user, auditor).
    • Assign permissions based on roles.
  • Restrict access to confidential data.

5. Encryption and Masking

  • Encrypt data at rest and in transit:
    • Use strong encryption algorithms (AES, RSA).
    • Manage encryption keys securely.
  • Mask sensitive data in non-production environments.

6. Auditing and Incident Response

  • Log all data access events.
  • Regularly review logs for anomalies.
  • Prepare an incident response plan for breaches.

                           

In addition to our data handling process we also have a data policy set forth below:

No Data Selling Policy

At Rantir, Inc., we firmly believe that user data should not be treated as a commodity. We have a strict no data selling policy, ensuring that user information is never sold to third parties. Our revenue model is based on providing high-quality AI services and products, not on monetizing user data. This commitment to ethical data practices sets us apart and underscores our dedication to user privacy.

Compliance with Legal Standards

Rantir, Inc. complies with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) limited and the California Consumer Privacy Act (CCPA) limited. Our compliance efforts include implementing data protection impact assessments, appointing a Data Protection Officer (DPO), and maintaining records of data processing activities. By adhering to these legal standards, we ensure that our data protection practices meet the highest levels of scrutiny and accountability.

Continuous Improvement

Data protection is an ongoing process, and we are committed to continuously improving our practices. We stay abreast of the latest developments in data security and privacy to ensure that our measures remain effective and up-to-date. Feedback from users and stakeholders is invaluable in this process, helping us to refine our policies and enhance our services. At Rantir, Inc., we are dedicated to maintaining a secure and trustworthy platform for all our users.

The next generation of personalized software.
G2
star iconstar iconstar iconstar iconstar icon
620+ Reviews
"The community & partners program behind Rantir is intense. The amount the community has developed in 2-3 months has been wild. If you want a new Journey build a template with Rantir. "
Jilian Day
Head of Marketing, Rantir
FAQs & Support
Get support & ask questions
Arrow up right icon
Rantir Research
Read our papers and blog
Arrow up right icon
Documentation & Changelog
View our Guides and API Docs
Arrow up right icon
Join the Community
Over 330+ Rantir Vibe Coders
Arrow up right icon
Cloud Software
Rantir StudioData & AuthoLogic and WorkflowsTIR + Open Source API & EmbedsIntegrations WorkflowsPricingManifesto
Services
All ServicesEnterprise
Software Partners
Rantir with Framer
Rantir with Webflow
Rantir with Shopify
Rantir and Lovable
Rantir and V0
Rantir and Wordpress
Rantir & Cursor AI
Rantir and Bolt
Rantir and Windsurf
Company
About UsRantir ResearchDocumentationFair-Use OS LicenseContact Rantir SalesRequest Demo
Markets
For ConstructionFor HealthcareFor EnterpriseFor Agencies
Support
hello@rantir.comSupport TicketsGet StartedLogin
Privacy PolicyData ClassificationData PolicyCompany Services PolicySecurity PolicySuprocessors DisclaimerTerms and ConditionsLicensing
Main logo link that leads to home page
© Designed by Medium Rare, Developed by Webtir powered by Rantir
If the software is used in conjunction with third-party AI APIs—including but not limited to OpenAI, Google Gemini, Anthropic, AWS Bedrock, or similar systems—the user is responsible for ensuring that their chosen AI provider complies with their own organization’s privacy and data-handling requirements. When the user supplies their own API keys for any such provider, Rantir makes no copies of those keys and does not facilitate their use beyond forwarding requests directly to the provider under the user's explicit instruction within Rantir Cloud or Rantir Studio. In these cases, the user’s data is governed by the data policies of the external AI provider, and the user is responsible for reviewing those terms. All Rantir Products are under the parent company called Hexigon AI, Inc. a Colorado, USA s-corp.