Rulely Privacy Policy

Effective Date: February 20, 2026

Last Updated: March 6, 2026

Policy Version: 1.0

1. INTRODUCTION

This Privacy Policy ("Policy") is issued by Mahamane Sissoko, an individual developer registered in the United States of America ("Developer," "we," "us," or "our"), and governs the collection, use, storage, disclosure, and protection of personal information obtained through the Rulely mobile application ("Rulely," "App," or "Application") and all associated services, including the web dashboard accessible at https://app.rulely.app ("Web Dashboard").

Rulely is a family-oriented parental control and educational productivity application designed to help guardians manage and monitor their children's device usage, enforce app-blocking rules, and promote healthy study habits. Because Rulely is designed for use by families, including children under the age of thirteen (13), this Policy has been drafted to comply with, and shall be interpreted in accordance with, the following laws and regulations:

Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. Section 6501-6506 and its implementing regulations at 16 C.F.R. Part 312, including the 2025 amendments effective June 23, 2025;

General Data Protection Regulation ("GDPR"), Regulation (EU) 2016/679, and its provisions relating to the processing of personal data of minors ("GDPR-K");

California Consumer Privacy Act ("CCPA"), Cal. Civ. Code Section 1798.100 et seq., as amended by the California Privacy Rights Act ("CPRA");

Lei Geral de Protecao de Dados ("LGPD"), Law No. 13,709/2018 of Brazil;

Google Play Developer Program Policies, including the User Data Policy, Families Policy, and Permissions Policy.

By downloading, installing, accessing, or using Rulely, you ("User," "you," or "your") acknowledge that you have read, understood, and agree to be bound by this Policy. If you are a guardian or parent consenting on behalf of a child, you represent and warrant that you have the legal authority to provide such consent.

If you do not agree to this Policy, you must not use Rulely.

2. DEFINITIONS

For the purposes of this Policy, the following terms shall have the meanings ascribed below:

"Child" or "Student" means any individual under the age of eighteen (18), and where specifically referenced in the context of COPPA, any individual under the age of thirteen (13), whose device usage is monitored or managed through Rulely.

"Guardian" or "Parent" means a parent, legal guardian, tutor, mentor, counselor, or other adult who has registered an account on Rulely and has established a verified connection with a Child for purposes of supervision and management.

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes, without limitation, persistent identifiers such as device identifiers and IP addresses, behavioral data, and inferred data, consistent with the expanded definition under COPPA as amended in 2025.

"Device" means the Android mobile device on which Rulely is installed.

"Service Provider" means a third-party entity that processes data solely on behalf of and under the instruction of the Developer, as distinguished from a third party that uses data for its own purposes.

"Processing" means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

3. INFORMATION WE COLLECT

3.1 Information Provided Directly by Users

When a Guardian or Student creates an account or uses Rulely, we may collect the following categories of information provided voluntarily:

(a) Guardian Information:

Display name

Email address (used for authentication and parental consent verification)

Phone number (optional; provided at Guardian's discretion)

Timezone preference

Notification preferences (digest schedules, alert types)

(b) Student Information:

Display name

Email address (used for account creation)

Grade level (optional)

Bio (optional; provided at the Student's or Guardian's discretion)

Study preferences (preferred study time, session duration, subjects of study)

The nature of the Guardian-Student relationship (parent, tutor, mentor, counselor, or other)

Permission level granted by the Guardian (full, summary, or minimal)

Connection status and invitation records

(d) User-Generated Content:

Messages exchanged between Guardians and Students within Rulely

Feedback and ratings submitted through in-app feedback forms

Study task titles, descriptions, and scheduling data

AI assistant chat conversations (used for study planning assistance)

3.2 Information Collected Automatically from the Child's Device

When Rulely is installed on a Child's device and the Guardian has provided verifiable parental consent, the Application collects the following information automatically:

(a) Installed Application Data:

Names and package identifiers of applications that the Guardian has designated for blocking or monitoring

Whether a given application is classified as a system application

Application installation and uninstallation events relevant to blocked applications

We do not retain metadata for applications that are not subject to Guardian-configured blocking rules. Data pertaining to non-blocked applications is discarded immediately after the blocking status determination.

(b) Device Usage Data:

Detection of which application is currently in the foreground (collected solely to enforce app-blocking rules configured by the Guardian)

Timestamps of blocked application launch attempts

Study session start times, end times, durations, and completion status

Daily and weekly study goal progress

Android Secure ID (a device-level identifier used to bind the device to the paired Student account and enforce row-level security on backend data)

(d) Enforcement and Policy Data:

Records of app-blocking rule changes made by the Guardian

Temporary unlock events (when a Guardian or reward system temporarily lifts blocking)

Policy version and enforcement confirmation data

3.3 Information Collected from System Services

Rulely utilizes the following Android system services, each of which is described in detail in Section 10 of this Policy:

Accessibility Service: Used exclusively to detect foreground application changes for the purpose of enforcing Guardian-configured blocking rules. Rulely does not retrieve, read, store, or transmit the content displayed within any application. The canRetrieveWindowContent capability is explicitly disabled.

Usage Stats Access (UsageStatsManager): Used to query which application is currently in the foreground. Rulely queries usage events within a narrow time window (the most recent ten seconds) solely to identify the active application for enforcement purposes.

Overlay Permission (SYSTEM_ALERT_WINDOW): Used to display a full-screen blocking notification when a Child attempts to open a restricted application.

3.4 Information We Do Not Collect

Rulely does not collect, and has never collected, the following categories of information:

Precise or approximate geographic location

Contacts, call logs, or SMS/MMS messages

Photos, videos, audio recordings, or files from the device

Calendar data from the device's native calendar application

Financial or payment information (payments, if any, are processed entirely through third-party payment platforms and are not handled by Rulely)

Biometric data

Health or fitness data

Web browsing history

Keystroke data, screen content, or any content displayed within applications

Advertising identifiers

4. HOW WE USE INFORMATION

We process Personal Information solely for the following purposes:

4.1 Core Application Functionality

Establishing and maintaining Guardian and Student accounts

Pairing Child devices with Guardian accounts

Enforcing app-blocking rules as configured by the Guardian

Tracking study session progress and goal completion

Managing the reward credit system (earned study time converted to screen time credits)

Delivering Guardian-to-Student messages

Providing AI-assisted study planning through the in-app chat assistant

4.2 Parental Control Enforcement

Detecting when a Child attempts to open a blocked application

Displaying the blocking overlay

Recording enforcement events for the Guardian's review

Managing temporary unlock windows granted by the Guardian or earned through study completion

4.3 System Reliability and Security

Monitoring application performance and diagnosing technical errors

Maintaining audit logs of policy enforcement changes to ensure accountability and transparency

Preventing unauthorized access through device-bound authentication

4.4 Product Improvement

Analyzing aggregated, de-identified usage patterns to improve Rulely's features and user experience

Processing in-app feedback to identify and resolve issues

We do not use Personal Information for advertising, marketing to Children, profiling for commercial purposes, or any purpose not disclosed in this Policy.

5. LEGAL BASIS FOR PROCESSING

5.1 Under COPPA (United States)

Processing of a Child's Personal Information is conducted pursuant to verifiable parental consent obtained from the Guardian prior to collection, as described in Section 6 of this Policy.

5.2 Under GDPR (European Economic Area)

We rely on the following legal bases:

Consent (Article 6(1)(a)): For the processing of a Child's data, obtained from the holder of parental responsibility pursuant to Article 8;

Performance of a Contract (Article 6(1)(b)): For processing necessary to provide the service requested by the Guardian;

Legitimate Interests (Article 6(1)(f)): For system security, fraud prevention, and service reliability, where such interests are not overridden by the data subject's rights.

5.3 Under CCPA/CPRA (California)

We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising. Consumers may exercise their rights as described in Section 11 of this Policy.

5.4 Under LGPD (Brazil)

Processing is based on the consent of the legal guardian (Article 14) and the necessity of processing for the performance of the service (Article 7, V).

6. PARENTAL CONSENT AND VERIFICATION

6.1 Consent Requirement

Rulely does not collect any Personal Information from a Child's device until the Guardian has completed the parental consent verification process described in this section. No data is transmitted from a Child's device to our servers prior to the completion of this process.

6.2 Consent Process

The parental consent process consists of the following steps:

(a) Disclosure: Before consent is requested, the Guardian is presented with a plain-language summary of all data that Rulely will collect from the Child's device, the purposes for which such data will be used, and a direct link to this Privacy Policy.

(b) Affirmative Consent: The Guardian must affirmatively indicate consent by tapping an "I Consent" button. Navigating away from the consent screen, closing the application, or failing to take action does not constitute consent.

(c) Email Verification: A verification code or link is sent to the Guardian's registered email address. The Guardian must complete email verification to finalize consent. The email address must be associated with the Guardian's authenticated account.

(d) Consent Record: Upon successful verification, Rulely stores a tamper-evident record of the consent event, including: the Guardian's user identifier, the Child's user identifier, the date and timestamp of consent, the version of the Privacy Policy in effect at the time of consent, and the method of verification.

6.3 Ongoing Parental Rights

At any time after providing consent, the Guardian may:

Review all data collected about their Child through the Web Dashboard or in-app data export functionality;

Revoke consent and direct the deletion of all data associated with their Child, as described in Section 8;

Modify the scope of monitoring by adjusting blocking rules, study goals, and other settings;

Request a copy of all data collected about their Child in a portable format, as described in Section 9.

6.4 Policy Update Consent

If this Privacy Policy is materially updated in a manner that expands the categories of data collected from Children or alters the purposes of processing, Guardians will be required to review and re-consent to the updated Policy before data collection continues under the new terms.

7. DATA SHARING AND DISCLOSURE

7.1 We Do Not Sell Personal Information

We do not sell, rent, lease, or trade Personal Information to any third party for monetary or other valuable consideration. This prohibition applies to all categories of data and all categories of users, including Children.

7.2 Service Providers

We engage the following Service Provider to process data on our behalf and under our instruction:

Supabase, Inc.

Purpose: Cloud database hosting, user authentication, and REST API services

Data Center Location: Virginia, United States of America

Security Certifications: SOC 2 Type 2 compliant

Encryption: AES-256 encryption at rest; TLS encryption in transit

Role: Service Provider (data processor). Supabase does not use Rulely user data for its own purposes, does not share it with third parties, and processes it solely pursuant to our instructions.

7.3 No Third-Party Analytics or Advertising

Rulely does not integrate any third-party analytics SDKs, advertising SDKs, crash reporting SDKs, or tracking libraries. All analytics processing is performed internally using our own infrastructure.

7.4 Legal and Safety Disclosures

We may disclose Personal Information if we reasonably believe that disclosure is necessary to:

Comply with any applicable law, regulation, legal process, or governmental request;

Enforce this Policy or our Terms of Service;

Protect the safety, rights, or property of the Developer, our users, or the public;

Detect, prevent, or address fraud, security vulnerabilities, or technical issues.

In the event of such disclosure, we will endeavor to limit the scope of information disclosed to that which is strictly necessary for the stated purpose.

7.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, Personal Information may be transferred to the acquiring entity, provided that the acquiring entity agrees to be bound by the terms of this Policy with respect to all previously collected Personal Information.

8. DATA RETENTION AND DELETION

8.1 Retention Periods

We retain Personal Information only for as long as necessary to fulfill the purposes described in this Policy, subject to the following specific retention rules:

Data Category	Retention Period
Guardian account data	Retained until the Guardian deletes their account
Student profile and study data	Deleted immediately upon Guardian-initiated student removal or account deletion
Installed application records	Deleted immediately upon student removal
App-blocking enforcement logs	Deleted immediately upon student removal
AI chat history	Deleted immediately upon student removal; not retained permanently
System diagnostic logs	Retained for ninety (90) days, then automatically and irreversibly deleted
Analytics events	Retained for ninety (90) days, then automatically and irreversibly deleted
Parental consent records	Retained for the duration of the Guardian-Student relationship plus three (3) years to comply with legal record-keeping obligations
Guardian-Student messages	Deleted immediately upon student removal

8.2 Deletion by Guardian Request

A Guardian may request the immediate deletion of all data associated with a specific Child by:

Using the "Delete Child Data" function within the Rulely application or Web Dashboard;

Sending a written request to mahamane@rulely.app identifying the Child and the Guardian's account;

Calling +1 (973) 517-4706 during business hours;

Submitting a deletion request through our Account Deletion form.

Upon receiving a verified deletion request, we will delete or de-identify all Personal Information associated with the identified Child within thirty (30) days, except for information that we are legally required to retain (such as consent records).

8.3 Deletion Upon Account Termination

When a Guardian deletes their Rulely account entirely, all associated data, including all connected Student profiles, study data, enforcement logs, messages, and configuration data, is permanently deleted within thirty (30) days. To delete your entire account and associated data, visit our account deletion page.

8.4 Automatic Data Cleanup

System diagnostic logs and analytics events are subject to an automatic ninety (90) day retention policy. Records older than ninety (90) days are permanently and irreversibly deleted through automated processes.

9. DATA PORTABILITY AND EXPORT

9.1 Export Functionality

Guardians may export a comprehensive copy of all data associated with their account and their connected Students through the "Export My Data" function available in the application and the Web Dashboard.

9.2 Export Format

Exported data is provided in machine-readable JSON or CSV format and includes:

Guardian profile information (name, email, phone number if provided)

Student profile information (name, grade level, relationship type)

Study session history (dates, durations, completion status, goal progress)

Weekly and daily goal records

Reward credit balances and transaction history

App-blocking rules and enforcement event logs

Guardian-Student message history

AI chat history

9.3 Processing Time

Data export requests are processed within seventy-two (72) hours of the request.

10. SENSITIVE PERMISSIONS AND IN-APP DISCLOSURE

Rulely requires the following sensitive Android permissions. Each permission is essential to the core functionality of the application and is used strictly as described below. Prominent in-app disclosures are presented to the user immediately before each permission is requested.

For a visual demonstration of these permissions in action, you can watch the following videos:

Permissions Demo Video - Shows how Rulely detects foreground apps and enforces blocking rules

Foreground Service Demo Video - Explains the FOREGROUND_SERVICE_SPECIAL_USE permission and continuous protection

10.1 Accessibility Service

Permission: Android Accessibility Service API

Purpose: To detect when the foreground application changes on the Child's device. This detection is necessary to enforce app-blocking rules configured by the Guardian. When a blocked application is detected in the foreground, Rulely triggers the blocking overlay.

What is accessed: The package name and class name of the application that has entered the foreground. This information identifies which application is active.

What is NOT accessed: Rulely does not retrieve, read, intercept, store, or transmit the content displayed within any application. The Accessibility Service configuration explicitly disables the canRetrieveWindowContent capability. Rulely does not inject input events, modify user interface elements, or perform any autonomous actions on behalf of the user.

Data handling: The detected package name is compared against the Guardian-configured blocking list in real time. If the application is not blocked, the package name is discarded immediately and is not stored or transmitted.

In-app disclosure: Before requesting this permission, Rulely displays a dedicated disclosure screen explaining: (i) that the Accessibility Service will detect which app is in the foreground; (ii) that this is necessary to block restricted apps; (iii) that no screen content is read or stored; and (iv) that the user must tap "I Understand" to proceed.

10.2 Usage Stats Access

Permission: PACKAGE_USAGE_STATS (UsageStatsManager API)

Purpose: To identify which application is currently in the foreground as a secondary detection method alongside the Accessibility Service, ensuring reliable enforcement of blocking rules.

What is accessed: Usage events from the most recent ten-second window, specifically application resume and pause events, limited to identifying the currently active application.

What is NOT accessed: Historical application usage data, usage duration statistics, or any data beyond the immediate foreground application identification.

Data handling: Foreground application identification is performed in memory. The data is not persisted to local storage or transmitted to any server except when a blocking event is triggered, in which case only the blocked application's package name, the timestamp, and the enforcement action are recorded.

In-app disclosure: Before directing the user to the system settings screen to grant this permission, Rulely displays a disclosure explaining: (i) that Usage Stats access is needed to detect the active app; (ii) that only real-time foreground detection is performed; (iii) that no usage history is collected or stored.

10.3 Overlay Permission

Permission: SYSTEM_ALERT_WINDOW (Draw Over Other Apps)

Purpose: To display a full-screen blocking notification when a Child opens an application that the Guardian has restricted. The overlay prevents the Child from interacting with the blocked application until they navigate away.

What is displayed: A notification informing the Child that the application is blocked, with an indication of the Guardian-configured rules (such as "Complete your study goals to unlock this app").

Data handling: The overlay does not collect, store, or transmit any data from the underlying application.

In-app disclosure: Before requesting this permission, Rulely displays a disclosure explaining: (i) that the overlay is used to display a blocking screen over restricted apps; (ii) that the overlay does not interact with or collect data from any application.

10.4 Foreground Service Permission

Permission: FOREGROUND_SERVICE, FOREGROUND_SERVICE_SPECIAL_USE

Purpose: To maintain continuous app-blocking enforcement while the device is in use. The foreground service type is designated as specialUse under Google Play's parental control classification.

What is accessed: The system allows Rulely to display a persistent notification indicating that the parental control service is active and running.

What is NOT accessed: The foreground service does not directly collect additional personal data beyond what is already collected through the Accessibility Service and Usage Stats Access permissions. It simply keeps the enforcement mechanism active.

Data handling: The foreground service maintains the blocking engine's state in memory but does not independently transmit data. Enforcement events are logged only when a Child attempts to open a blocked application.

In-app disclosure: Before the service is enabled, Rulely displays a disclosure explaining: (i) that the foreground service ensures continuous protection; (ii) that it displays a persistent notification; (iii) that it requires device resources to remain operational.

For a detailed visual explanation of how the foreground service maintains continuous protection, watch our Foreground Service Demo Video.

10.5 Additional Permissions

Boot Completed (RECEIVE_BOOT_COMPLETED): Used to restart the monitoring service after the device reboots, ensuring continuous enforcement of Guardian-configured rules.

Notifications (POST_NOTIFICATIONS): Used to display blocking notifications and study reminders.

Battery Optimization Exemption (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS): Requested to prevent the operating system from terminating the enforcement service during periods of inactivity.

11. YOUR RIGHTS

11.1 Rights Under COPPA (All United States Users)

If your Child is under thirteen (13) years of age:

Right to Review: You have the right to review all Personal Information collected from your Child. You may do so at any time through the application, the Web Dashboard, or by contacting us.

Right to Deletion: You have the right to request that we delete all Personal Information collected from your Child. We will comply within thirty (30) days.

Right to Refuse Further Collection: You have the right to revoke consent and direct us to cease all further collection of your Child's Personal Information. Upon revocation, Rulely's monitoring and enforcement features will be deactivated on the Child's device.

Right to Non-Discrimination: We will not condition a Child's participation in any activity on the disclosure of more Personal Information than is reasonably necessary for that activity.

11.2 Rights Under GDPR (European Economic Area Users)

If you are located in the European Economic Area, you have the following rights:

Right of Access (Article 15): The right to obtain confirmation as to whether your Personal Information is being processed and to access such data.

Right to Rectification (Article 16): The right to have inaccurate Personal Information corrected.

Right to Erasure (Article 17): The right to have your Personal Information deleted, subject to applicable legal retention obligations.

Right to Restriction of Processing (Article 18): The right to restrict the processing of your Personal Information under certain circumstances.

Right to Data Portability (Article 20): The right to receive your Personal Information in a structured, commonly used, machine-readable format.

Right to Object (Article 21): The right to object to processing based on legitimate interests.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority.

For users under the age of sixteen (16) (or the applicable age in your member state), consent for processing must be provided by the holder of parental responsibility.

11.3 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

Right to Know: The right to request disclosure of the categories and specific pieces of Personal Information we have collected about you.

Right to Delete: The right to request deletion of your Personal Information.

Right to Correct: The right to request correction of inaccurate Personal Information.

Right to Opt-Out of Sale: We do not sell Personal Information. This right is therefore satisfied by default.

Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us using the information provided in Section 14.

11.4 Rights Under LGPD (Brazilian Users)

If you are located in Brazil, you have the following rights under Articles 18 and 19 of the LGPD:

Confirmation of the existence of processing

Access to your data

Correction of incomplete, inaccurate, or outdated data

Anonymization, blocking, or deletion of unnecessary or excessive data

Data portability

Deletion of data processed with consent

Information about public and private entities with which your data has been shared

Information about the possibility of denying consent and its consequences

Revocation of consent

12. DATA SECURITY

12.1 Technical Safeguards

We implement the following technical measures to protect Personal Information:

Encryption in Transit: All data transmitted between the Rulely application, the Web Dashboard, and our backend servers is encrypted using Transport Layer Security (TLS). The application enforces HTTPS-only communication; cleartext HTTP traffic is blocked at the application level through Android's network security configuration.

Encryption at Rest: Data stored in our backend database is encrypted at rest using AES-256 encryption, as provided by our Service Provider's infrastructure.

Encrypted Local Storage: Sensitive data stored locally on the device (including the device identifier and device pairing credentials) is encrypted using AES-256-GCM via Android's EncryptedSharedPreferences API.

Row-Level Security: Our database enforces row-level security policies that restrict data access based on authenticated user identity and device binding, ensuring that users can only access data they are authorized to view.

Device-Bound Authentication: Each Child device is cryptographically bound to a specific Student account through a device identifier that is verified on every API request, preventing unauthorized devices from accessing the Child's data.

12.2 Organizational Safeguards

Access to production data is restricted to the Developer.

No employees, contractors, or third parties have access to Personal Information except as required for the operation of the Service Provider infrastructure.

We conduct periodic reviews of our security practices and update them as necessary.

12.3 Incident Response

In the event of a data breach that affects the security, confidentiality, or integrity of Personal Information, we will:

Investigate and contain the breach promptly;

Notify affected users within seventy-two (72) hours of becoming aware of the breach, or as otherwise required by applicable law;

Notify the relevant supervisory authorities as required by applicable law;

Take corrective measures to prevent recurrence.

13. INTERNATIONAL DATA TRANSFERS

Personal Information collected through Rulely is stored and processed in the United States of America, specifically in data centers located in the state of Virginia. If you are accessing Rulely from outside the United States, you acknowledge that your Personal Information will be transferred to and processed in the United States.

For users in the European Economic Area, such transfers are conducted pursuant to Standard Contractual Clauses or other lawful transfer mechanisms recognized under Chapter V of the GDPR.

For users in Brazil, such transfers are conducted in compliance with Articles 33 through 36 of the LGPD.

14. CONTACT INFORMATION

If you have questions about this Policy, wish to exercise any of your rights, or need to report a concern, you may contact us through any of the following methods:

Developer / Data Protection Contact:

Mahamane Sissoko

Email: mahamane@rulely.app

Phone: +1 (973) 517-4706

Mailing Address: United States of America

In-App: You may also submit inquiries through the feedback function within the Rulely application.

We will respond to all privacy-related inquiries within thirty (30) days. For requests submitted under the GDPR, we will respond within thirty (30) days, with a possible extension of sixty (60) additional days for complex requests, in accordance with Article 12(3).

15. CHANGES TO THIS POLICY

We reserve the right to update or modify this Privacy Policy at any time. When we do so, we will:

Update the "Last Updated" date at the top of this Policy;

Increment the Policy version number;

Notify users of material changes through in-app notification;

If the changes materially affect the collection or processing of Children's data, require Guardians to review and re-consent to the updated Policy before data collection continues under the new terms.

Your continued use of Rulely after any non-material modification constitutes acceptance of the updated Policy. For material modifications affecting Children's data, continued collection will only proceed after renewed parental consent is obtained.

16. GOOGLE PLAY DATA SAFETY SUMMARY

The following summarizes the disclosures made in Rulely's Google Play Data Safety section, consistent with the requirements of the Google Play Developer Program Policies:

Data Collected:

Data Type	Collected	Shared	Purpose
Name (display name)	Yes	No	App functionality, account management
Email address	Yes	No	Authentication, parental consent verification
Phone number	Optional	No	Guardian contact preference
User IDs	Yes	No	Account management, security
App interactions	Yes	No	Parental control enforcement
Installed apps (blocked only)	Yes	No	App-blocking enforcement
Other user-generated content	Yes	No	Study planning, messaging
Device identifiers	Yes	No	Device binding, security
Diagnostics	Yes	No	App stability, error resolution

Data NOT Collected: Location, financial info, health/fitness, photos/videos, audio, files, contacts, calendar, web browsing, advertising identifiers.

Security Practices:

All data is encrypted in transit (TLS)

Data is encrypted at rest (AES-256)

Users can request data deletion

Data Sharing: Data is not sold or shared with third parties for advertising, marketing, or any purpose outside the scope of Rulely's core functionality. Our backend Service Provider (Supabase, Inc.) processes data solely on our behalf.

17. GOVERNING LAW

This Policy shall be governed by and construed in accordance with the laws of the United States of America, without regard to its conflict of laws principles. To the extent that the laws of other jurisdictions (including but not limited to the GDPR, CCPA, and LGPD) apply to specific users by virtue of their location, the provisions of this Policy applicable to those jurisdictions shall be interpreted in accordance with those laws.

18. SEVERABILITY

If any provision of this Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent.

19. ENTIRE AGREEMENT

This Privacy Policy, together with the Rulely Terms of Service (when published), constitutes the entire agreement between the Developer and the User with respect to the privacy practices of Rulely and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written, relating to the subject matter hereof.

Rulely Privacy Policy v1.0

Privacy Policy