Privacy Policy

1. Information We Collect

RuleVault processes decision metadata only — we do NOT store raw payload data or personally identifiable information (PII) unless you explicitly configure payload retention in your settings.

We collect:

• Account information (name, email, company, role)
• Decision metadata (timestamps, verdict, rule matched, latency)
• Usage analytics (decisions per day, block rate, feature usage)
• Technical logs (IP addresses, browser type, session data)

2. How We Use Your Information

Your data is used to provide the RuleVault service, including decision interception, audit logging, alert notifications, and compliance reporting. We do not sell your data to third parties.

3. Data Retention

Retention periods depend on your plan:

• Free: 30 days
• Lite: 90 days
• Pro: 7 years (EU AI Act compliant for high-risk AI systems)

4. GDPR Rights

Under GDPR, you have the right to access, rectify, erase, restrict processing, and port your data. To exercise these rights, contact privacy@rulevault.ai.

We support GDPR Article 17 (Right to Erasure) via our data deletion API. A Data Processing Agreement (DPA) is available on request for enterprise customers.

5. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Audit logs are cryptographically signed and stored on immutable ledgers. We are SOC 2 Type II in progress and HIPAA-ready for healthcare clients.

6. EU Data Residency

All EU customer data is processed and stored in EU-based infrastructure (Frankfurt, Germany). Pro plan customers can choose their data residency region.

7. Contact

For privacy-related inquiries: privacy@rulevault.ai

RuleVault Inc. — Amsterdam, Netherlands