Platform Privacy Policy

Rufus Labs, Inc. ("Rufus," "we," "us," or "our") is committed to protecting the privacy and security of our customers, end users, and partners. This Platform Privacy Policy ("Policy") describes how Rufus collects, uses, shares, and protects information in connection with our hardware devices, software-as-a-service (SaaS) platform, mobile applications, and related services (collectively, the "Services").

This Policy is separate from and in addition to Rufus’ Website Privacy Policy, which governs personal data collected through our marketing websites.

1. Scope

This Policy applies to all data processed by Rufus through:

  • Rufus hardware devices (e.g., wearables, scanners, accessories).

  • Rufus SaaS applications and platform.

  • Mobile applications provided by Rufus.

  • Support and maintenance services.

2. Types of Data Collected

2.1 Customer Data

Information uploaded, submitted, or generated by Customer or its Authorized Users while using the Services, including:

  • User account details (names, emails, roles, credentials).

  • Business or operational data entered into the platform.

  • Hardware device usage logs and performance data.

  • Transactional data related to Customer’s operations.

2.2 Personal Data

Personal information of Customer personnel or Authorized Users, such as:

  • Identity and contact information.

  • Login credentials and authentication data.

  • Communication records with Rufus (support, feedback).

2.3 Technical Data

Automatically collected data, including:

  • Device identifiers, browser type, operating system.

  • Log files, IP addresses, access times.

  • Diagnostic, usage, and performance information.

3. Lawful Bases for Processing

Where applicable laws such as GDPR apply, Rufus processes personal data under the following legal bases:

  • Contract Performance: To provide the Services to Customers.

  • Legal Obligation: To comply with regulatory or legal requirements.

  • Legitimate Interests: To ensure security, prevent fraud, improve our products and services.

  • Consent: For marketing communications or other uses where consent is explicitly required.

4. Use of Data

Rufus uses the data collected for:

  • Providing and operating the Services.

  • Authentication, security, and fraud prevention.

  • Troubleshooting, support, and service improvements.

  • Complying with legal obligations.

  • Developing analytics, research, and product enhancements.

  • Using anonymized and aggregated data for product improvement, analytics, and marketing purposes.

5. Sharing & Disclosure

Rufus may share information as follows:

  • Subprocessors/Service Providers: With trusted vendors providing hosting, support, analytics, and related services, bound by confidentiality and data protection terms. Rufus maintains a current list of subprocessors and will notify Customers of material changes. Customers may object to the use of a new subprocessor within a reasonable time if it poses a material risk.

  • Business Transfers: In connection with mergers, acquisitions, or sale of assets.

  • Legal Compliance: To comply with laws, regulations, legal process, or enforce contractual rights.

  • Customer’s Direction: As instructed or authorized by Customer in writing.

Rufus does not sell Customer Data.

6. International Data Transfers

If Customer Data is transferred outside the country of origin, Rufus will implement appropriate safeguards, including Standard Contractual Clauses (SCCs) or other lawful mechanisms under applicable data protection laws.

7. Security

Rufus implements industry-standard technical and organizational measures to protect data, including:

  • Encryption of data in transit and at rest.

  • Access controls and authentication safeguards.

  • Monitoring and auditing of systems.

  • Regular testing and vulnerability management.

If Rufus becomes aware of a confirmed personal data breach, Rufus will notify affected Customers without undue delay and, where applicable, within seventy-two (72) hours, unless prohibited by law.

8. Data Retention & Deletion

  • Customer Data is retained as long as the account is active or as needed to provide the Services.

  • Upon Customer’s written request, Rufus will return or securely delete Customer Data, except where retention is required by law.

  • Anonymized/aggregated data may be retained indefinitely.

9. Customer & User Rights

Depending on applicable laws (e.g., GDPR, CCPA), Customers and Authorized Users may have the right to:

  • Access, correct, or delete their personal information.

  • Restrict or object to certain processing.

  • Receive a copy of personal data in portable format.

  • File a complaint with a supervisory authority.

Rufus will respond to such requests within the timeframes required by applicable law (typically 30–45 days).

Requests can be submitted to Rufus at privacy@getrufus.com.

10. Marketing Communications

Rufus distinguishes between operational communications and marketing communications:

  • Operational Communications: Service-related emails (e.g., updates, security notices, support) are necessary for providing the Services and cannot be opted out.

  • Marketing Communications: Rufus may send marketing or promotional communications subject to applicable laws. Customers and Users may opt out at any time by using the unsubscribe link provided in emails or by contacting Rufus.

11. Customer Data Ownership

Customer retains all rights, title, and interest in and to Customer Data. Rufus processes Customer Data solely on behalf of the Customer and under the Customer’s instructions, except where otherwise required by law. Nothing in this Policy shall be construed as granting Rufus ownership of Customer Data.

12. Children’s Privacy

The Services are not directed to individuals under 16. Rufus does not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.

13. Updates to this Policy

We may update this Policy from time to time to reflect legal, technical, or business changes. Updates will be effective upon posting, unless otherwise required by law. If material changes are made, Rufus will notify Customers in advance.

14. Contact Information

For questions about this Policy or Rufus’ privacy practices, please contact us at:

Rufus Labs, Inc.
Email: enterprise@rufuslabs.com
Address: 8033 W. Sunset Blvd, #899, Los Angeles, CA 90046

This Platform Privacy Policy is incorporated by reference into Rufus’ Terms and Conditions and Master Services Agreement.