Skip to main content

Privacy Policy

Last updated: June 20, 2026

What Data We Collect

When you use Ruloh, we collect:

  • Account information: your name and email address from Google OAuth sign-in.
  • Assessment data: the answers you provide in valuation and exit readiness questionnaires, including financial figures (revenue, SDE) and business characteristics.
  • Generated results: scores, valuation ranges, and improvement recommendations produced from your inputs.
  • Usage data: aggregated page views, feature-usage patterns, and performance data used to operate and improve the product.

We do not collect data from third parties. All business data in Ruloh comes directly from information you enter.

How We Store Your Data

Your data is stored in Supabase, a cloud database platform that uses industry-standard encryption to protect data in transit and at rest. No method of storage or transmission is completely secure. Access is enforced through Row-Level Security (RLS) — a database-level mechanism that ensures each user can only access their own data, regardless of application logic.

During the beta period, data storage practices may change. We will make reasonable efforts to preserve your data, but cannot guarantee it. See our Terms of Service for details on the beta period.

Who Can Access Your Data

Only you can access your individual assessment data and results through your authenticated account. Ruloh administrators may access data for support, technical operations, and product improvement purposes.

We do not sell your personal information, as that term is defined under the California Consumer Privacy Act (CCPA) — and, more simply, we do not sell your information at all. We may use aggregated data — such as industry benchmarks, scoring distributions, and market analytics — that cannot be traced back to any individual user. See our Terms of Service for details on data licensing.

How We Use Your Data

In addition to providing you with assessment results, we use data to:

  • Improve and develop our scoring algorithms and models
  • Generate aggregated industry benchmarks and market insights
  • Train and improve analytical models (including AI/ML models)
  • Produce aggregated research and insights
  • Detect and prevent fraud or misuse

How Long We Keep Your Data

We retain your identifiable data for as long as your account is active. If you request account deletion, we will remove your personal identifiers (name, email, account association) within the timeframes required by applicable law (the CCPA generally requires action within 45 days). Your assessment data — including but not limited to scoring patterns, industry statistics, and model-training inputs — is retained in pseudonymized form for benchmarks and analytics. Aggregated statistics that do not identify any individual cannot be returned or deleted on an individual request.

Cookies

Ruloh uses essential authentication cookies to keep you signed in. These are httpOnly, secure, and scoped to app.ruloh.com. We do not use advertising cookies or third-party tracking cookies.

We use Sentry for error monitoring. Sentry receives error reports that are scrubbed of financial data before transmission. We also use Vercel Analytics and Speed Insights — cookieless services that collect aggregated page-view and performance data. We use PostHog for server-side product analytics (which tools, tiers, and score bands are used, tied to a pseudonymous identifier), including anonymous, aggregate counts of views and email sign-ups on shared-report pages; it sets no cookies, receives no names, emails, financial figures, or report contents, and the data is not sold.

Your Rights

You have the right to:

  • Access the identifiable data we hold about you
  • Correct inaccurate personal information
  • Request deletion of your personal identifiers and account

Deletion requests apply to personal identifiers (name, email, account data). Your assessment data is retained in pseudonymized form; aggregated data incorporated into benchmarks, models, or analytics that no longer identifies any individual is retained. California residents may have additional rights under the CCPA. To exercise any of these rights, contact us at the email below.

How to Request Data Deletion

You may request deletion of your account and personal identifiers at any time by emailing hello@ruloh.com. We will process deletion requests within the timeframes required by applicable law (generally within 45 days under the CCPA). As noted above, your assessment data is retained in pseudonymized form, and aggregated data incorporated into aggregate datasets is retained.

Changes to This Policy

We may update this privacy policy as the product evolves. Material changes will be communicated via the email associated with your account. The "Last updated" date at the top reflects the most recent revision.

Contact

The Service is operated by Mere Muse LLC, a Delaware limited liability company. Questions about this policy? Email hello@ruloh.com.