Rule data security
Rule is a software service for communication delivered via the "cloud", i.e. via the internet without the need for installation. The service is designed to be safe, handle any errors well and have high availability/uptime.
- Rule Stores and processes data for their customers but does not own the data - the customer owns the data.
- Customers ' data is always processed and stored inside the EU, primarily in Stockholm and Dublin.
- Please note that you as a customer can access your data outside the EU, e.g. if you log in to Rule during a business trip to the United States.
The service is adapted to applicable laws and regulations, such as Data Protection - GDPR.
Data is stored with redundancy; Local — that is, multiple copies within the same datacenter and, geo-redundancy — that is, additional mirroring in another datacenter with enough physical spacing. This is to prevent, not only common faults, but also disasters such as earthquake, fire, terrorist attacks.
- Daily backups are done on the entire database.
Data communication between customer and Rule is done via https, i.e. encrypted with SSL/TLS.
Special protection is in place for commonly occurring attack attempts such as SQL injection, XSS, CSRF, DoS etc.
The service has historically an uptime of over 99.9%.
Access to the service is provided to the customer's selected users, based on the rights level. Login is done with email and password. Passwords are never saved in plain text without being encrypted with 256 bit AES, as recommended by NIST (National Institute of Standards and Technology, US).
The service is operated from Amazon's data centers, within the EU, which comply with strict requirements and have a large number of certifications such as: EU Data Protection Directive, ISO 27001/17/18, Standard Contractual Clauses (SCC), PCI DSS and others. For more information about the operating environment and compliance, see: https://aws.amazon.com/compliance/