Privacy Policy

Last updated: 2025-05-17

1. Introduction

This Privacy Policy explains how RuleRunner ("we", "us", "our") collects, uses, and discloses information about you when you use our website, API, SDKs, and related services (collectively the "Service").

2. Information We Collect

  • Account Information: Your email address and Supabase UID when you create or log in to your account.
  • API Usage Data: Records of API requests, including source IP, timestamps, and parameters, for security and quota enforcement.
  • Website Analytics: We may use privacy-respecting analytics (e.g., Posthog) to understand aggregate usage patterns. No cookies are set for advertising purposes.

3. How We Use Information

  • To provide, maintain, and improve the Service.
  • To enforce quotas and detect fraud or abuse.
  • To communicate with you about updates or important notices.
  • To comply with legal obligations.

4. Sharing of Information

We do not sell your personal information. We share it only:

  • With service providers who process data on our behalf (e.g., Supabase, hosting providers), under data-processing agreements.
  • When required by law or to respond to legal process.
  • To protect the rights, property, or safety of RuleRunner, our users, or the public.

5. Data Retention

API logs are retained for up to 90 days unless a longer period is required for security investigations or legal compliance. Account records persist until you delete your account.

6. Your Choices

  • You may request deletion of your account by emailing [email protected].
  • You may opt out of non-essential email communication at any time.

7. Security

We employ administrative and technical safeguards such as encrypted connections (TLS), hashed API keys (SHA-256), and role-based access controls.

8. International Transfers

Your information may be processed and stored in the United States or other countries where we operate. We rely on Standard Contractual Clauses or equivalent safeguards for such transfers when required.

9. Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date above.

11. Contact Us

If you have questions about this Privacy Policy, contact us at [email protected].