Rule data security

Rule is a communication software service delivered via the "cloud", i.e. via the internet without the need for installation. The service is designed to be secure, handle errors well and have high availability/uptime.

  • Rule Stores and processes data for their customers but does not own the data - the customer owns the data.
  • Customers ' data is always processed and stored inside the EU, primarily in Stockholm and Dublin. 
  • Please note that you as a customer can access your data outside the EU, e.g. if you log in to Rule during a business trip to the United States. 

The service is adapted to applicable laws and regulations, such as Data Protection - GDPR.

ALL staff have received special training on the GDPR, e.g. That it is forbidden to save data outside the EU. All have signed agreements to comply with relevant legislation, as well as the company's internal requirements for security and confidentiality. 

Data is stored with redundancy; Local — that is, multiple copies within the same datacenter and, geo-redundancy — that is, additional mirroring in another datacenter with enough physical spacing. This is to prevent, not only common faults, but also disasters such as earthquake, fire, terrorist attacks.

  • Daily backups are done on the entire database.

Data communication between the customer and Rule takes place via https, i.e. encrypted with SSL/TLS. 

All data is encrypted with a private key that is stored with us. 

Special protection is in place for commonly occurring attack attempts such as SQL injection, XSS, CSRF, DoS etc.

The service has historically an uptime of over 99.9%.

Access to the service is provided to the customer's selected users, based on the rights level. Login is done with email and password. Passwords are never saved in plain text without being encrypted with 256 bit AES, as recommended by NIST (National Institute of Standards and Technology, US).

The service is operated from Amazon's data centres, within the EU, which comply with strict requirements and have numerous certifications such as: the EU Data Protection Directive, ISO 27001/17/18, Standard Contractual Clauses (SCC), PCI DSS and others. 

Amazon complies with the CISPE Data Protection Code of Conduct (CISPE Code) which is endorsed by the European Data Protection Board and is approved by the CNIL in accordance with the stricter Schrems II requirements.

For more information on the operating environment and compliance, see: https://aws.amazon.com/compliance/

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.