Rue — Privacy Policy
Last Updated: [DATE] Status: DRAFT for legal review. Not yet in force.
Internal note (delete before publishing): Working draft, not legal advice. Review with counsel.
[BRACKETS]need your input. This policy describes Rue's role as controller for our website, account, and billing data, and as processor for the business data you connect. The processor relationship is governed by the separate Data Processing Agreement (DPA / Auftragsverarbeitungsvertrag) — see §3. The sub-processor table in §8 must be kept accurate and in sync with the DPA; it is the part regulators and enterprise security teams read first.
1. Introduction
This Privacy Policy explains how Flooz Inc. ("Rue," "Flooz," "we," "us"), a corporation incorporated in Delaware, USA (EIN 86-1552012) with its address at 8605 Santa Monica Blvd, PMB 94419, West Hollywood, California 90069-4109, USA, collects and uses personal data when you use Rue, an AI employee that connects to your communication channels and business tools to perform operational work on your behalf (the "Service").
Controller for this policy: Flooz Inc., 8605 Santa Monica Blvd, PMB 94419, West Hollywood, California 90069-4109, USA. Data protection contact: Lamine Cheloufi, privacy@rue.works. EU representative (GDPR Art. 27): [TO APPOINT]. As a US-based controller/processor offering services to people in the EU, Flooz Inc. is required to designate a representative established in the EU. [Name / EU address once appointed.]
2. The two roles: controller vs processor
- We act as a controller for personal data we decide the purposes of — for example, account and administrator details, billing data, support communications, and website analytics. This policy governs that data.
- We act as a processor for the personal data inside the channels and tools you connect (your "Customer Data"). We process Customer Data only on your documented instructions, to provide the Service. That processing is governed by your Data Processing Agreement (DPA), not this policy. Where this policy and the DPA conflict in relation to Customer Data, the DPA prevails.
3. Definitions
Customer Data means data you submit to, or that the Service processes on your behalf, including: connection credentials (such as OAuth tokens); workspace and user identifiers; channel and message content where Rue is active; data accessed from connected tools to perform tasks; the business memory ("facts") Rue builds; tasks, approvals, and configurations; and related logs.
4. Information we collect
A. Account and workspace data. Administrator name and email, workspace/team identifiers, user identifiers (such as Slack user ID, display name, and email where provided), and the mapping needed to associate actions and permissions with users.
B. Connection credentials. OAuth tokens, scopes, and expiry metadata for Slack and other tools you connect. Connections enabled in a workspace may be usable by authorised members of that workspace through Rue.
C. Channel and message content. Where Rue is invited or active, the content of channels, direct messages to Rue, and thread replies, used to perform your requests and maintain context.
D. Connected-tool data. Data accessed from tools you connect (such as a CRM, calendar, e-commerce, or accounting tool), limited to the scopes you authorise and to what is needed to perform the tasks you ask of Rue.
E. Business memory. Facts Rue derives from your channels and tools to provide continuity, subject to the retention window in your plan and the controls in your DPA.
F. Service logs and usage data. Operational and security logs (timestamps, request/response metadata, error logs) and usage events needed to run, secure, and improve reliability of the Service.
G. Communications with us. Information you provide when you contact support or sales.
H. Website, analytics, and attribution data. When you visit our website or begin signup, cookie and similar identifiers, device/browser metadata, IP address, pages viewed, and referral/attribution metadata. You can manage non-essential cookies through our cookie controls and your browser.
We do not knowingly collect special-category data for our own purposes. Special-category data may be present in Customer Data only where your plan and DPA provide for it and you have a valid legal basis — see §6.
5. How we use information (and our legal bases — GDPR Art. 6)
| Purpose | Examples | Legal basis (controller data) |
|---|---|---|
| Provide and operate the Service | Authenticate users, maintain integrations, run tasks, build memory | Performance of a contract (Art. 6(1)(b)) |
| Process Customer Data on your behalf | AI processing of channels/tools to produce outputs | On your instructions, under the DPA (you determine the Art. 6 / Art. 9 basis as controller) |
| Security, fraud prevention, abuse detection | Audit trails, incident investigation | Legitimate interests (Art. 6(1)(f)) |
| Billing and administration | Invoicing, account management | Contract / legal obligation (Art. 6(1)(b)/(c)) |
| Service communications | Security notices, product and billing messages | Legitimate interests / contract |
| Improve reliability (aggregated/de-identified) | Usage patterns that cannot identify you | Legitimate interests (Art. 6(1)(f)) |
| Website analytics, attribution, marketing | Measure usage and campaigns; referral programs | Consent where required; otherwise legitimate interests |
We do not use Customer Data for advertising. We do not use Customer Data to train our own or third parties' general-purpose AI models. Our AI providers are contractually bound not to train their models on data we send them — see §7.
6. Special-category and sensitive data
The standard Service is not intended for special-category data under Article 9 GDPR (such as health data). On standard plans, you must not connect special-category data to the Service.
Special-category data may be processed only under an Enterprise plan with a signed DPA that expressly provides for it (for example, a healthcare-adjacent customer processing patient data). In that case:
- You remain the controller and are responsible for the Article 9 legal basis (such as explicit consent or another applicable condition) and for any sector-specific or professional-secrecy obligations (in Germany, including §203 StGB).
- We apply additional technical, organisational, and contractual safeguards to that data, as set out in your DPA and TOMs, including EU-resident or self-hosted inference.
- Where required, we will support you in meeting confidentiality obligations toward the relevant professionals and data subjects.
7. AI processing and model providers
To produce outputs, relevant portions of data (the prompt and context needed for a task) are processed by AI models. We use a combination of providers and, for sensitive and enterprise workloads, configure them for in-region processing and zero retention where available.
- EU inference gateway. For EU and sensitive workloads, model requests are routed through EUrouter (EUrouter B.V., Amsterdam, Netherlands — EU-incorporated), an EU AI gateway that keeps inference inside the EU/EEA and applies zero-data-retention by default. EUrouter provides EU-resident access to the underlying models we use (which may include Anthropic Claude, OpenAI, Mistral, and open-weight models such as DeepSeek, MiniMax, and Kimi), so that prompts and responses are processed within Europe.
- No training. Our AI providers and the EUrouter gateway are contractually required to use data we send only to return the requested output to you, and not to train their general models on it.
- Data residency. For eligible enterprise and sensitive workloads, we route model inference (via EUrouter) and storage to EU/EEA regions and enable zero-data-retention. Where a specific workload cannot be processed in-region, we will tell affected customers and will not route special-category data outside the EU/EEA without an appropriate transfer mechanism and your agreement.
- Direct provider routing (where used). For some customer-facing reasoning we may also use Anthropic Claude via an EU region (e.g. AWS Bedrock Frankfurt or Google Vertex AI EU) with zero retention, consistent with an enterprise customer's existing approved posture.
- Self-hosted / open models. Where we use open-weight models for the most sensitive workloads, we may host them on infrastructure we control in the EU/EEA, rather than sending data to any model provider's hosted API outside the EU/EEA.
8. Sub-processors
We use the following categories of sub-processors to provide the Service. The current, authoritative list (with entity names and locations) is maintained in the DPA / sub-processor page and updated there; this table is a summary.
| Sub-processor | Purpose | Location | Notes |
|---|---|---|---|
| Hetzner | Primary hosting, storage, compute | Germany | EU-incorporated subprocessor; ISO 27001 data centres; not itself subject to the US CLOUD Act |
| EUrouter (EUrouter B.V.) | EU AI gateway — routes inference to underlying models, in-region | Netherlands / EU | EU-incorporated; EU residency + zero retention; verify their own DPA, sub-processor list, and certifications |
| Anthropic (via EUrouter and/or Bedrock/Vertex EU) | AI model inference (customer-facing reasoning) | EU region where configured; otherwise US | No-training; ZDR where enabled — see §9 |
| OpenAI (via EUrouter and/or EU API project) | AI model inference (where used) | EU data residency where configured; otherwise US | No-training; in-region inference + ZDR where enabled |
| Open-weight models (DeepSeek, MiniMax, Kimi, Mistral — via EUrouter or self-hosted on Hetzner) | Classification / cheaper inference | EU/EEA | Routed via EUrouter in-region or self-hosted on EU infra — never via non-EU hosted APIs for sensitive data |
| Composio | Tool authentication and action execution | [LOCATION — verify] | Verify EU residency and DPA |
| Native integrations (via OpenClaw / MobClaude) | Direct connections to tools you authorise | [per each tool] | Scoped to the permissions you grant |
| Slack | Core channel integration | [per Slack terms] | OAuth; you can revoke anytime |
| [Email / phone provider — via OpenClaw] | Rue's inbox and number | [LOCATION — verify] | [Confirm provider(s) and EU residency] |
| Stripe | Payments and billing | EU/US | Billing metadata; card data handled by Stripe |
| Sentry | Error monitoring | [US/EU — Sentry offers an EU region; confirm yours] | Technical metadata; may include identifiers in error payloads |
| Google Analytics | Website analytics | US (Google) | Online identifiers; consent-gated via cookie banner |
| PostHog | Product analytics | [US or EU Cloud — confirm region] | Usage events and identifiers; EU Cloud option available |
To verify before launch: the exact legal entity, location, and DPA status of every provider above — especially any AI model accessed through a non-EU hosted API (this is the highest-risk item for sensitive EU data). See the architecture note that accompanies this draft.
9. International transfers
Our default posture for enterprise and sensitive workloads is EU/EEA processing and storage: data is stored at rest with an EU provider (Hetzner) and model inference runs in the EU/EEA via the EUrouter gateway or EU regions of our providers.
Important: Flooz Inc. is itself a US-incorporated company. Even though Customer Data for EU/sensitive workloads is processed and stored in the EU/EEA, Flooz Inc. as a US entity may be subject to US legal process (including the CLOUD Act). We address this through: (i) EU data-at-rest residency and EU-region inference as described above; (ii) the European Commission's Standard Contractual Clauses and a transfer impact assessment for any onward transfer outside the EEA; (iii) supplementary technical measures such as encryption, tenant isolation, and zero retention; and (iv) appointment of an EU Representative under Art. 27 GDPR. Where a customer requires an EU-contracting entity, we will discuss that structure separately.
Where data is nonetheless transferred outside the EU/EEA (for example, to a US-incorporated AI provider not yet offering in-region processing for a given workload), we rely on the same safeguards and identify the transfer in your DPA. We will not route special-category data outside the EU/EEA without an appropriate transfer mechanism and your agreement.
10. How we share information
We share information only as needed to run the Service: with the sub-processors above; with professional advisers; in connection with a merger, acquisition, or financing (subject to confidentiality); and where required by law or to protect rights and safety. We do not sell personal data. We do not use Customer Data, or Slack message content, for advertising.
11. Data retention
- Customer Data / business memory is retained according to your plan's retention window (for example, 30 / 90 / 365 days) and the controls in your DPA. Contradicted or superseded facts are removed on the cycle described in the product.
- Account and billing data is retained for the life of the account and as required for legal and accounting obligations afterwards.
- Logs are retained for a limited operational period.
- On account closure or a valid deletion request, we delete Customer Data from active systems within [~30 days]; encrypted backups age out on their normal rotation ([~35 days]), after which they are overwritten or purged. Derived data (such as indexes or embeddings) is deleted or disassociated when the underlying data is deleted.
12. Security
We maintain technical and organisational measures appropriate to the data, including: encryption in transit (TLS 1.2+/1.3) and at rest (AES-256); access controls (role-based access, MFA, least privilege); per-workspace tenant isolation; audit logging and monitoring; and an incident-response process with breach notification to affected customers and authorities where required by law. The full TOMs are set out in the DPA. You are responsible for security within your own workspace (such as channel access and admin permissions).
13. Your rights
Subject to your local law (including the GDPR), you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. For Customer Data, requests are generally directed to the customer (controller) whose workspace the data belongs to; we will assist that customer as required by the DPA. For data where we are the controller, contact us at [PRIVACY EMAIL]. You also have the right to complain to your supervisory authority (in Germany, your competent state authority; our lead authority is [AUTHORITY, if applicable]).
14. Slack Marketplace compliance
When you use Rue with Slack, Rue accesses the following data for the purposes shown:
| Data | Purpose |
|---|---|
| Messages in channels where Rue is invited | Perform requests and provide assistance |
| Direct messages to Rue | Respond to direct interactions |
| Thread replies | Maintain context for requested actions |
| User profile information | Identify users and direct responses appropriately |
| Channel information | Understand context and permissions |
| Files and file metadata (where you request) | Process attachments you ask Rue to handle |
Our Slack commitments: we use Slack data only to provide and operate the Service; we do not sell Slack data; we do not use Slack data for advertising; and we affirm that Slack APIs are not used to develop, improve, or train generalised AI/ML models. You can uninstall Rue or revoke access at any time in Slack App Management. Revoking access stops new collection immediately; it does not by itself delete previously stored data, which is deleted per §11.
15. Children
The Service is not intended for anyone under 18 (or the local age of majority, if higher), and we do not knowingly collect their data. Contact us if you believe a child has provided personal data and we will delete it.
16. Changes to this policy
We may update this policy. For material changes we will notify you by appropriate means (such as notice to administrators or email). The "Last Updated" date reflects the latest revision.
17. Contact
Flooz Inc. (Rue) 8605 Santa Monica Blvd, PMB 94419, West Hollywood, California 90069-4109, USA Privacy / DPO: privacy@rue.works [recommend creating] General: hi@rue.works EU Representative (Art. 27): [TO APPOINT]