Privacy Policy

Last updated: June 30, 2026

ReasonRank is operated by BlueDuck LLC ("we", "us"), the data controller for the information described below.

What we collect

We collect the information you give us to run the service: your name, email address, and workspace name; the agents, test cases, and model configurations you create; the outputs and metrics produced by your evaluation runs; and any production usage data you send us through trace ingestion (see below). We also collect standard operational data such as IP addresses and request logs for security and abuse prevention.

Provider API keys

API keys you add for LLM providers (e.g. OpenAI, Anthropic, Google) are encrypted at rest with AES-256-GCM and used solely to execute the evaluations you start. We never use your keys for any other purpose, and you can delete them at any time.

Ingested production traces

If you send production usage to our ingestion endpoint, we store it to estimate each agent's real monthly volume and spend, which powers savings recommendations. By default we store metadata only — model name, token counts, cost, and latency. Raw prompt or response text is stored only when you explicitly opt in per event. Stored payloads are redacted (removed) after a short window (30 days by default), and whole trace records are deleted after a retention period (365 days by default). We do not sell this data or train models on it.

Anonymized industry benchmarks (opt-in)

Industry benchmarks are off by default. If — and only if — a workspace admin explicitly opts in, we include that workspace's benchmark results in aggregate industry statistics. Even then, we only ever compute and publish anonymized, aggregated distributions (percentiles such as p10/p50/p90 for cost-per-call, efficiency, and quality) grouped by the industry category you assign to an agent. We never include your organization identifier, agent names, prompts, responses, or any other identifying detail in these aggregates, and a category's statistics are published only when enough distinct organizations contribute that no single organization can be re-identified (k-anonymity). Every aggregation run is audited. You can opt out at any time in Benchmarks settings, and doing so removes your data from future aggregations.

How we use your data

Your evaluation data is used only to provide the service to your workspace: running benchmarks, computing metrics, and showing results to members of your organization. To be explicit: your prompts, outputs, and traces are never used to train any model, and they are never exposed to another tenant. Every query is scoped to your organization ID; the only cross-tenant surface is the opt-in, k-anonymized industry benchmark described above.

Data residency & subprocessors

Data is processed and stored in the United States on our hosting and database providers. Our current subprocessors are our cloud host and Postgres provider (with point-in-time recovery), Stripe (payments), our transactional email provider, and our error-monitoring service. We will maintain an up-to-date subprocessor list and provide advance notice of material changes to enterprise customers under contract.

Your rights (access & deletion)

You can export or delete your data at any time from the app, and a workspace owner can permanently delete the entire workspace self-serve. For data-subject requests (access, correction, deletion), email us and we will confirm completion in writing. Deletion of a workspace removes agents, runs, results, ingested traces, and provider keys, subject only to limited records we must keep by law (e.g. billing).

Sharing

Data is shared with third parties only as needed to operate the service: our hosting and database providers, our payment processor (Stripe — we never store full card details), our email provider (for transactional email), and our error-monitoring service. If you create a public share link for a run, the comparison metrics for that run become visible to anyone with the link until you revoke it; raw model outputs and test-case inputs are not included in shared pages.

Retention & deletion

We retain your data while your account is active. You can delete agents, test cases, runs, and provider keys at any time from the app. A workspace owner can delete the entire workspace self-serve from Settings, which permanently removes all associated data — including agents, runs, results, ingested traces, and keys. Ingested trace payloads and records are also aged out automatically on the schedule described above. We may retain limited records where required by law (e.g. billing records).

Security

All traffic is encrypted in transit (TLS). Secrets are encrypted at rest. Access to production systems is restricted and audited. If we become aware of a breach affecting your data, we will notify you without undue delay.

Contact

Questions about this policy or your data: privacy@reasonrank.ai.