Privacy Policy
Privacy Policy
Version: 1.0
Effective date: 1 March 2026
Jurisdiction: Australia
1. Who we are
ruloAI Pty Ltd ("ruloAI", "we", "us", "our") operates the ruloAI platform and professional services engagement at home.ruloapp.com and related subdomains. Our registered address is on file with ASIC.
We are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and — where applicable to international clients — the EU General Data Protection Regulation (GDPR).
2. Information we collect
2.1 Information you provide directly
- Identity data: name, job title, organisation name
- Contact data: email address, phone number
- Project data: requirements, specifications, budget ranges, and other information shared during discovery sessions or project engagements
- Payment data: billing address, payment schedule preferences (processed and stored by Stripe — we do not store raw card data)
- Communication data: messages sent through the chat interface or email
2.2 Information collected automatically
- IP address and approximate geolocation
- Browser type, device type, operating system
- Pages visited, time on page, referral source
- Session identifiers and authentication tokens
2.3 Information from third parties
- Stripe: payment confirmation, transaction IDs, and fraud signals
- Cloudflare: edge analytics and security signals
3. How we use your information
| Purpose | Legal basis |
|---|---|
| Delivering professional services and managing your project | Contract performance |
| Generating and sending project proposals and specifications | Contract performance |
| Processing payments and preventing arrears | Contract performance |
| Sending service notifications and project updates | Contract performance |
| Improving our platform and services | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Marketing (where opted in) | Consent |
4. Disclosure of your information
We do not sell personal information. We may share information with:
- Stripe Inc. — payment processing (US, Privacy Shield / SCCs)
- Cloudflare Inc. — infrastructure, DDoS protection, and CDN (US, SCCs)
- Anthropic PBC — AI model inference for discovery sessions (US, SCCs)
- Google Cloud Platform — application hosting (AU region where available)
- Our professional advisers — legal, accounting, and insurance, under confidentiality obligations
- Regulators and law enforcement — where required by law
All third-party processors are bound by data processing agreements consistent with the APPs.
5. International transfers
Where personal information is transferred outside Australia, we ensure adequate protections are in place through standard contractual clauses or equivalent mechanisms recognised under Australian privacy law.
6. Retention
| Data type | Retention period |
|---|---|
| Project and contract records | 7 years from project completion (legal obligation) |
| Payment records | 7 years (taxation law) |
| Chat session logs | 90 days |
| Analytics data | 24 months (aggregated only after 12 months) |
| Marketing preferences | Until withdrawn |
7. Your rights
You have the right to:
- Access the personal information we hold about you
- Correct inaccurate or outdated information
- Request deletion (subject to our legal retention obligations)
- Withdraw consent at any time where processing is consent-based
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or, for EU residents, your local supervisory authority
To exercise any right, contact us at privacy@ruloapp.com. We will respond within 30 days.
8. Security
We implement industry-standard controls including:
- TLS 1.2+ encryption in transit
- Encryption at rest for databases (AES-256)
- Access controls with least-privilege principles
- Regular security reviews and penetration testing
- Cloudflare WAF and DDoS mitigation
Despite these measures, no system is perfectly secure. We will notify you and relevant regulators of any eligible data breach as required under the Notifiable Data Breaches scheme.
9. Cookies and tracking
We use minimal tracking:
- Essential cookies: session management and authentication
- Analytics: Cloudflare Web Analytics (privacy-preserving, no cross-site tracking)
We do not use advertising cookies or third-party tracking pixels.
10. Changes to this policy
We will notify you of material changes by email (if you have an account) and by updating the version number and effective date above. Continued use of our services after the effective date constitutes acceptance.
11. Contact
ruloAI Privacy Officer
Email: privacy@ruloapp.com
Postal: Suite 212, 336 Russell St, Melbourne, Victoria. 3000.
This policy was last updated 1 March 2026 and replaces all prior versions.