Legal

Privacy Policy

Last updated: February 2026

RuleForge (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with your use of the RuleForge website and the purchase and use of the RuleForge software product (“Product”).

RuleForge is operated by an individual trader established in Spain. As we are based in Spain and offer products to individuals in the European Union, this Policy is drafted in compliance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and its Spanish implementing legislation (Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, “LOPDGDD”).

Data Controller contact: support@ruleforge.tech

1. What Personal Data We Collect

1.1 Purchase and Order Data

When you purchase the Product, we collect:

  • Your email address, used to deliver the Product and communicate about your purchase;
  • Your name and billing country, as provided during checkout via Stripe;
  • Your purchase record (licence tier, purchase date, order reference), stored in our database.

We do not collect or store your payment card details. All payment processing is performed by Stripe, Inc. directly. We receive only a transaction confirmation and a non-sensitive order reference from Stripe.

1.2 Website Analytics Data

We use PostHog for website analytics. PostHog is configured in cookieless mode on our website, meaning no cookies are placed on your device for analytics purposes. PostHog collects anonymised or pseudonymised data including:

  • Page views and navigation paths;
  • General device type and browser information;
  • Approximate geographic location (country level only, derived from IP address, which is not stored).

Because PostHog is operating in cookieless mode and processes only anonymised data, this does not constitute processing of personal data within the meaning of the GDPR.

1.3 Data You Voluntarily Provide

If you contact us via email (e.g. for support), we will retain the content of your communications and your email address for the purpose of responding to your query and maintaining a record of customer support interactions.

2. Legal Bases for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b) GDPR): Processing your email address and order data is necessary to deliver the Product you purchased and to fulfil our obligations under the Terms of Service.
  • Legal obligation (Art. 6(1)(c) GDPR): Retaining order and transaction records for 7 years is required by Spanish tax and accounting law (Ley 58/2003 General Tributaria and related regulations).
  • Legitimate interests (Art. 6(1)(f) GDPR): Retaining support communications and responding to queries, where our interest in providing customer support is not overridden by your rights.

3. Third-Party Processors

We use the following third-party service providers who may process personal data on our behalf as data processors:

  • Stripe, Inc. — Payment processing. Stripe processes your payment card data and billing information directly. Stripe Privacy Policy
  • Resend — Transactional email delivery. Resend delivers the Product download and order confirmation to your email address. Resend Privacy Policy
  • PostHog, Inc. — Website analytics (cookieless mode). PostHog processes anonymised usage data only. PostHog Privacy Policy
  • Google Cloud (Google LLC) — Cloud infrastructure, hosting, and database storage (Firestore). Your order data is stored on Google Cloud servers within the EU where applicable. Google Privacy Policy

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

4. Data Retention

  • Order and purchase records (email, licence tier, date, transaction reference): retained for 7 years from the date of purchase, as required by Spanish tax and accounting law.
  • Support communications: retained for a maximum of 3 years from the date of the last communication, after which they are permanently deleted.
  • Analytics data: processed in anonymised form only; no personal data is retained by PostHog in connection with our configuration.

After the applicable retention period, data is permanently and securely deleted from our systems.

5. Cookies

Our website does not use cookies for analytics or tracking purposes. PostHog is configured in cookieless mode. We may use technically necessary cookies (e.g. session cookies required for the checkout process), which do not require consent under applicable law. No third-party advertising or tracking cookies are used.

6. International Transfers

Some of our third-party processors (including Stripe and PostHog) are established in the United States. Where personal data is transferred outside the European Economic Area (EEA), such transfers are made on the basis of appropriate safeguards, including the EU Standard Contractual Clauses (SCCs) adopted pursuant to Article 46 GDPR, or on the basis of an adequacy decision by the European Commission. You may request details of the safeguards in place by contacting us at support@ruleforge.tech.

7. Your Rights Under the GDPR

As a data subject in the EU (or UK), you have the following rights under the GDPR (Articles 15 to 22) and the LOPDGDD:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request that inaccurate data be corrected.
  • Right to erasure (Art. 17): You may request deletion of your personal data, subject to our legal obligations to retain certain data (e.g. tax records).
  • Right to restriction of processing (Art. 18): You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests.
  • Right not to be subject to automated decision-making (Art. 22): We do not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at support@ruleforge.tech. We will respond within 30 days. Your request is free of charge, unless it is manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, “AEPD”) at www.aepd.es, or with the supervisory authority in your country of residence.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, or destruction. These measures include access controls, use of reputable cloud infrastructure providers (Google Cloud), and encrypted communications. However, no transmission over the internet is entirely secure, and we cannot guarantee absolute security.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will notify customers via the email address associated with their purchase. The date at the top of this Policy will be updated accordingly. We encourage you to review this Policy periodically.

10. Contact

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us at:

Email: support@ruleforge.tech

RuleForge is a trading name of deepkernel.ai, a company incorporated in Spain.

← Back to homeTerms of Service →