Rule is a software service for communication delivered via the "cloud", i.e., over the internet without the need for installation. The service is designed to be secure, handle errors well, and have high availability/uptime.

1. Rule stores and processes data for its customers but does not own the data - the customer owns the data.
2. Customer data is processed and stored within the EU, primarily in Stockholm and Dublin. 
3. Note that as a customer, you may access your data outside the EU, for example, if you log into Rule during a business trip to the USA.

The service is compliant with applicable laws and regulations, such as the General Data Protection Regulation (GDPR).

All personnel have received special training on GDPR, for example, that it is prohibited to store data outside the EU. All have signed agreements to comply with relevant legislation, as well as the company's internal requirements for security and confidentiality.

Data is stored with redundancy; local - i.e., multiple copies within the same data center, and geo-redundancy - i.e., additional mirroring in another data center with sufficient physical distance. This is to prevent not only common errors but also disasters such as earthquakes, fires, and terrorist attacks.

1. Daily backups are performed on the entire database. 
2. Data communication between the customer and Rule occurs via HTTPS, i.e., encrypted with SSL/TLS. 
3. All data is encrypted with its own key stored with us. 
4. Special protection is in place for common attack attempts such as SQL injection, XSS, CSRF, DoS, among others. The service historically has an uptime of over 99.9%.
5. Access to the service is provided to the customer's selected users, based on their level of permissions. Login is done with email and password. Passwords are never stored in plain text but encrypted with 256-bit AES, as recommended by NIST (National Institute of Standards and Technology, US).
6. The service is operated from Amazon's data centers within the EU, which adhere to strict requirements and have a large number of certifications such as: EU Data Protection Directive, ISO 27001/17/18, Standard Contractual Clauses (SCC), PCI DSS, among others. All data is encrypted with its own key stored outside Amazon, meaning Amazon never has access to any data. 
7. Amazon follows the CISPE Data Protection Code of Conduct (CISPE Code), supported by the European Data Protection Board and approved by CNIL in accordance with the stricter Schrems II requirements.

More information about the operating environment and regulatory compliance can be found here: https://aws.amazon.com/compliance/