Privacy Policy
Last updated July 15, 2026
Rula, Inc. (“Rula”, “we”, “us”) builds an AI personal assistant. This policy explains what we collect, how we use it, and the choices you have. By using Rula you agree to this policy.
Information we collect
- Account & profile — your name, email, and the preferences you provide during onboarding (profession, working hours, goals, preferred AI provider, tone, etc.).
- Content you create — chats, tasks, reminders, travel, shopping, finance and health entries, and memories you save.
- Connected accounts — when you connect Google, we access read-only Gmail and Calendar data (see below). Payment/subscription status comes from our processor, Whop.
- Usage & device — basic analytics (pages, performance) and diagnostic/error data to keep the service reliable.
How we use your information
- To provide and personalize the assistant and its features.
- To generate AI responses (your prompts and relevant context are sent to your selected AI provider to fulfill your request).
- To operate accounts, process subscriptions, provide support, and secure the service.
- We do not sell your personal information, and we do not use your content or Google data to train generalized AI/ML models.
Google user data (Gmail & Calendar)
Rula’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We request read-only access to Gmail and Google Calendar solely to provide in-app features you invoke — such as summarizing your inbox and showing your upcoming schedule.
- We do not transfer this data to others except as necessary to provide or improve these features, to comply with applicable law, or with your explicit consent.
- We do not use Google user data for advertising, and we do not sell it.
- We do not use Google user data to train generalized AI/ML models.
- Access tokens are stored encrypted at rest and are accessible only to our secured backend. You can disconnect Google at any time from the Email, Calendar, or Settings pages, which revokes our stored access.
AI providers
To answer your requests, we send the necessary prompt and context to the AI provider you choose (OpenAI, Anthropic, or Google Gemini). These providers process the data on our behalf under their respective terms and do not receive your credentials.
Storage & security
Data is stored with our infrastructure providers (Supabase for the database and authentication, Vercel for hosting). We use encryption in transit and at rest, row-level security so users can only access their own records, secure HTTP-only cookies, and least-privilege access controls.
Data retention & deletion
We keep your data while your account is active. You can delete individual items in the app, disconnect third-party accounts at any time, or permanently delete your entire account and all its data yourself from Settings → Delete account — no email required. You may also request deletion by emailing privacy@hirula.com. Deleting your account removes your personal data (including any stored Google tokens, which we also revoke), subject to limited legal/operational retention.
Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Contact us to exercise these rights.
Cookies
We use essential cookies for authentication and privacy-preserving analytics to understand usage and performance. We do not use advertising cookies.
Children
Rula is not directed to children under 13 (or the age required by your jurisdiction), and we do not knowingly collect their data.
Changes
We may update this policy; we’ll revise the “Last updated” date and, for material changes, notify you in-app or by email.
Questions? Email privacy@hirula.com.