Privacy Policy
Last updated: March 2026
1. Who we are
Ruply is operated by Temkit Sid Ali ("we", "us"). Contact: privacy@ruply.app
2. What data we collect
| Data | Purpose | Retention |
|---|---|---|
| Email address, name | Account creation and login | Until account deletion |
| Password | Authentication (stored as Argon2 hash, never in plaintext) | Until account deletion |
| Email OAuth tokens | Read-only access to your inbox — Gmail, Outlook, IMAP (encrypted at rest with Fernet) | Until you disconnect the account |
| AI API keys | BYOK — your own key for AI processing (encrypted at rest) | Until you remove the config |
| Processed data | Activity log — extraction results and delivery status | 30 days, then auto-deleted |
| Processor configs | Your AI prompts and output schemas | Until you delete them |
| Output configs | Webhook URLs, Telegram group IDs (webhook auth tokens encrypted) | Until you delete them |
3. What we do NOT store
- Raw email content — emails are processed in memory and discarded
- Email attachments
- Email sender addresses or subjects in the dashboard
- AI conversation logs
4. How data flows
New email arrives → push notification → our server fetches email content → your AI processor extracts structured data → data delivered to your configured output (Telegram, webhook, API) → email content discarded. Only the delivery status is logged.
5. Third-party services
| Service | Purpose | Location |
|---|---|---|
| Google (Gmail API, Pub/Sub) | Email access and real-time notifications | EU (europe-west1) |
| Your AI provider (BYOK) | Email summarization | Depends on your choice |
| Telegram | Summary delivery | Global |
| Hetzner Cloud | Server hosting | Nuremberg, Germany (EU) |
6. Data location
All Ruply infrastructure is hosted in the EU (Hetzner, Nuremberg, Germany). Your data never leaves the EU unless your chosen AI provider processes it elsewhere. We recommend Mistral AI (EU) or Ollama (local) for full EU residency.
7. Your rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — view what data we hold about you
- Rectification — correct inaccurate data
- Erasure — delete your account and all associated data (available in your dashboard settings)
- Portability — request a copy of your data
- Restrict processing — disconnect Gmail accounts to stop processing
- Object — contact us to object to processing
To exercise any right, email privacy@ruply.app or use the account deletion button in your dashboard.
8. Account deletion
When you delete your account, we permanently remove: your user profile, all email account connections and tokens, AI configurations and keys, processors, outputs, pipe configurations, routing data, and all activity logs. This action is irreversible and takes effect immediately.
9. Security
- All tokens and API keys encrypted at rest (Fernet symmetric encryption)
- HTTPS everywhere (TLS 1.3 via Caddy)
- Passwords hashed with Argon2
- JWT authentication with 24-hour expiry
- Rate limiting on authentication endpoints
- Google Pub/Sub webhook signature verification
10. Cookies
See our Cookie Policy.
11. Changes
We may update this policy. Material changes will be communicated via the dashboard. Continued use after changes constitutes acceptance.
12. Contact
For privacy inquiries: privacy@ruply.app