Privacy Policy

Last updated: February 27, 2026

What Data We Collect

When you use Ruloh, we collect:

  • Account information: your name and email address from Google OAuth sign-in.
  • Assessment data: the answers you provide in valuation and exit readiness questionnaires, including financial figures (revenue, SDE) and business characteristics.
  • Generated results: scores, valuation ranges, and improvement recommendations produced from your inputs.

We do not collect data from third parties. All business data in Ruloh comes directly from information you enter.

How We Store Your Data

Your data is stored in Supabase, a cloud database platform with encryption at rest and in transit. Access is enforced through Row-Level Security (RLS) — a database-level mechanism that ensures each user can only access their own data, regardless of application logic.

During the beta period, data storage practices may change. We will make reasonable efforts to preserve your data, but cannot guarantee it. See our Terms of Service for details on the beta period.

Who Can Access Your Data

Only you can access your individual assessment data and results through your authenticated account. Ruloh administrators may access data for support, technical operations, and product improvement purposes.

We do not sell or rent your personal identifiers (name, email) to third parties. However, we may use, license, or sell aggregated and anonymized data — such as industry benchmarks, scoring distributions, and market analytics — that cannot be traced back to any individual user. See our Terms of Service for details on data licensing.

How We Use Your Data

In addition to providing you with assessment results, we use data to:

  • Improve and develop our scoring algorithms and models
  • Generate aggregated industry benchmarks and market insights
  • Train and improve analytical models (including AI/ML models)
  • Produce research, reports, and commercial data products
  • Detect and prevent fraud or misuse

How Long We Keep Your Data

We retain your identifiable data for as long as your account is active. If you request account deletion, we will remove your personal identifiers (name, email, account association) within 30 days. However, anonymized and aggregated data derived from your usage — including but not limited to scoring patterns, industry statistics, and model training data — is retained permanently. Once anonymized, this data cannot be traced to you and is no longer considered personal data.

Cookies

Ruloh uses essential authentication cookies to keep you signed in. These are httpOnly, secure, and scoped to app.ruloh.com. We do not use advertising cookies or third-party tracking cookies.

We use Sentry for error monitoring. Sentry receives error reports that are scrubbed of financial data before transmission.

Your Rights

You have the right to:

  • Access the identifiable data we hold about you
  • Correct inaccurate personal information
  • Request deletion of your personal identifiers and account

Deletion requests apply to personal identifiers (name, email, account data). Anonymized and aggregated data that has already been incorporated into benchmarks, models, or analytics is not subject to deletion, as it can no longer be linked to you. California residents may have additional rights under the CCPA. To exercise any of these rights, contact us at the email below.

How to Request Data Deletion

You may request deletion of your account and personal identifiers at any time by emailing hello@ruloh.com. We will process deletion requests within 30 days. As noted above, anonymized data that has been incorporated into aggregate datasets is retained.

Changes to This Policy

We may update this privacy policy as the product evolves. Material changes will be communicated via the email associated with your account. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about this policy? Email hello@ruloh.com.