Effective February 6, 2026
RuleAI.Systems (“RuleAI”, “we”, “us”) provides an AI-powered Business Operating System. This policy explains what data we collect, how we use it, and your rights.
We do not sell your data. We share limited data with subprocessors (Stripe for billing, Anthropic/OpenAI for AI generation, MongoDB Atlas / hosting infra). Each subprocessor is bound by contractual data-protection terms.
Content you send to AI features (SOPs, prompts, chat) is transmitted to Anthropic (Claude Sonnet 4.6) via our Universal AI proxy for the sole purpose of returning a response. We do not use your data to train third-party models.
You may request access, correction, export, or deletion of your personal data by emailing privacy@ruleai.systems. EU/UK residents have rights under GDPR; California residents under CCPA/CPRA.
We retain workspace data as long as your account is active. On account deletion, data is removed within 30 days, subject to legal holds.
Data is encrypted in transit (TLS 1.2+). Passwords are hashed with bcrypt. Access is scoped by organization (multi-tenant isolation) and by role (RBAC).
Questions about this policy: privacy@ruleai.systems