Privacy Policy

Effective Date: January 30, 2026

Rudy AI, Inc. (“Rudy”, “we”, “us”, or “our”) operates the Rudy AI service, including the website at heyrudy.ai and our desktop application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Hashed password (we never store plaintext passwords)

1.2 Payment Information

We use Stripe to process payments. We do not store your full credit card number, CVV, or bank account details. Stripe handles all payment data in accordance with PCI-DSS standards. We receive only:

  • Last four digits of your card
  • Card brand (Visa, Mastercard, etc.)
  • Billing address
  • Transaction history

1.3 Usage Data

We automatically collect:

  • Device type, operating system, and browser
  • IP address (anonymized for analytics)
  • Pages visited and features used
  • Timestamps and session duration
  • Error logs and crash reports

1.4 Screenshot and Monitoring Data

When you use Rudy to monitor screens:

  • Screenshots are captured locally on your device by our desktop application
  • Screenshots are transmitted to our servers only for AI processing
  • Screenshots are processed in real-time and immediately discarded
  • We do not store, retain, or archive your screenshots
  • We do not review screenshots manually unless you explicitly share them with support

1.5 Agent Configuration Data

We store:

  • Your agent names and descriptions
  • Monitoring rules and conditions you configure
  • Alert history (what triggered, when)
  • Connected notification channels (Discord webhook URLs, Telegram bot tokens, email addresses)

1.6 Cookies and Tracking

We use:

  • Essential cookies: Required for authentication and security
  • Analytics cookies: To understand how users interact with our Service (we use privacy-focused analytics)

We do not use advertising cookies or sell your data to advertisers.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your subscription payments
  • Send alerts and notifications you’ve configured
  • Respond to support requests
  • Send important service updates (security alerts, billing issues, major changes)
  • Detect and prevent fraud, abuse, or security threats
  • Comply with legal obligations

We do not:

  • Sell your personal information
  • Use your data for advertising
  • Share your data with data brokers
  • Train AI models on your screenshots (they are discarded after processing)

3. Third-Party Services

We share data with the following service providers who process data on our behalf:

ProviderPurposeData SharedPrivacy Policy
SupabaseDatabase & authenticationAccount data, agent configssupabase.com/privacy
StripePayment processingBilling info, transaction datastripe.com/privacy
OpenAIAI vision processingScreenshots (transient, not retained by OpenAI per our API agreement)openai.com/privacy
VercelWebsite hostingIP addresses, access logsvercel.com/legal/privacy-policy

When you connect notification channels, your alerts are sent to:

  • Discord (via webhooks you configure)
  • Telegram (via bot tokens you configure)
  • Email providers (via your email address)

We do not control these third-party platforms. Their privacy policies apply to data after it leaves our Service.

4. Data Retention

Data TypeRetention Period
Account dataUntil you delete your account
Agent configurationsUntil you delete them or your account
Alert history90 days, then automatically deleted
ScreenshotsNot retained — processed in real-time and immediately discarded
Payment records7 years (required by tax law)
Support conversations2 years after resolution

Upon account deletion, we delete your personal data within 30 days, except where retention is required by law.

5. Data Security

We implement industry-standard security measures:

  • All data encrypted in transit using TLS 1.3
  • Data encrypted at rest using AES-256
  • Passwords hashed with bcrypt (cost factor 12)
  • Database access restricted via role-based permissions
  • Regular security audits and penetration testing
  • Two-factor authentication available for accounts

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to security@heyrudy.ai.

6. Your Rights

6.1 All Users

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your agent configurations
  • Withdraw consent for optional data processing

To exercise these rights, email privacy@heyrudy.ai or use the account settings in the app.

6.2 European Economic Area (EEA) Residents — GDPR

If you are in the EEA, you also have the right to:

  • Data portability: Receive your data in a machine-readable format
  • Restrict processing: Limit how we use your data
  • Object to processing: Opt out of certain data uses
  • Lodge a complaint: File with your local Data Protection Authority

Legal Basis for Processing:

  • Contract: To provide the Service you’ve subscribed to
  • Legitimate interest: To improve our Service and prevent fraud
  • Consent: For optional features like marketing emails
  • Legal obligation: To comply with tax and financial regulations

Data Controller: Rudy AI, Inc. Email: privacy@heyrudy.ai

6.3 California Residents — CCPA/CPRA

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Delete your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination: We will not discriminate against you for exercising your rights

Categories of Personal Information Collected (past 12 months):

  • Identifiers (email, name, IP address)
  • Commercial information (subscription history)
  • Internet activity (usage data, feature interactions)

We do not sell your personal information.

To submit a request, email privacy@heyrudy.ai with subject line “CCPA Request”.

7. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US.

For EEA residents, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with our service providers

8. Children’s Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@heyrudy.ai.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will:

  • Post the updated policy on this page
  • Update the “Effective Date” at the top
  • Notify you via email or in-app notification

Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@heyrudy.ai

Mailing Address: Rudy AI, Inc. [Your business address] United States

We aim to respond to all requests within 30 days.