/ LEGAL

Privacy Policy

Effective February 6, 2026

RuleAI.Systems (“RuleAI”, “we”, “us”) provides an AI-powered Business Operating System. This policy explains what data we collect, how we use it, and your rights.

1. Data we collect

  • Account data: name, email, organization name, hashed password.
  • Workspace content: SOPs, records, employees, documents, and other data you create in RuleAI.
  • Usage data: page views, feature interactions, session identifiers.
  • Device data: IP address, browser, operating system.
  • Payment data: processed by Stripe. We never store card numbers.

2. How we use data

  • Provide, secure, and improve the platform
  • Deliver AI features (via Anthropic, OpenAI, and other model providers)
  • Communicate about your account, billing, and product updates
  • Comply with legal obligations

3. Sharing

We do not sell your data. We share limited data with subprocessors (Stripe for billing, Anthropic/OpenAI for AI generation, MongoDB Atlas / hosting infra). Each subprocessor is bound by contractual data-protection terms.

4. AI and your content

Content you send to AI features (SOPs, prompts, chat) is transmitted to Anthropic (Claude Sonnet 4.6) via our Universal AI proxy for the sole purpose of returning a response. We do not use your data to train third-party models.

5. Your rights

You may request access, correction, export, or deletion of your personal data by emailing privacy@ruleai.systems. EU/UK residents have rights under GDPR; California residents under CCPA/CPRA.

6. Data retention

We retain workspace data as long as your account is active. On account deletion, data is removed within 30 days, subject to legal holds.

7. Security

Data is encrypted in transit (TLS 1.2+). Passwords are hashed with bcrypt. Access is scoped by organization (multi-tenant isolation) and by role (RBAC).

8. Contact

Questions about this policy: privacy@ruleai.systems