Agent RulesAgent Rules
Last updated: February 24, 2026

Privacy Policy

How we collect, use, and protect your information.

1. Introduction

Agent Rules Builder is operated by Aurora Algorithm Inc., a corporation incorporated under the laws of Canada (“Aurora Algorithm,” “we,” “our,” or “us”). We are committed to protecting your privacy and complying with applicable data protection legislation, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Data Controller

For the purposes of applicable data protection laws, the data controller is:

Aurora Algorithm Inc.

Canada

Email: privacy@agentrulegen.com

If you are located in the European Economic Area (EEA), you may also contact our privacy team at the email above for any data protection inquiries or to exercise your rights under the GDPR.

3. Information We Collect

We collect information in the following categories depending on how you use the Service:

3.1 Account Data (Authenticated Users)

When you create an account via our authentication provider (Supabase), we collect and store: your email address, display name, avatar URL, bio, and account preferences. Your authentication is managed by Supabase, which sets HTTP-only session cookies for secure session management.

3.2 User-Generated Content (Authenticated Users)

If you have an account, the following data is stored in our database: saved rule sets (name, description, selected options, generated rules content, public/private status); custom rule options; user-defined rules and overrides; favorites and bookmarks; API tokens (stored as cryptographic hashes, never in plaintext); and saved analysis results (rules content, analysis scores, per-rule evaluations, cross-cutting issues).

3.3 Contact Form Data

Information you voluntarily provide when using our contact form, such as your name and email address. This data is used solely to respond to your inquiry and is delivered via our email provider (Resend).

3.4 Automatically Collected Data

Information our servers and hosting providers (such as Vercel) automatically collect when you access the Service, such as your IP address, browser type, operating system, access times, and referring URLs. We use Vercel Web Analytics to collect anonymous, privacy-friendly usage metrics. Vercel Analytics does not use cookies and does not collect personally identifiable information.

3.5 Local Storage Data (Browser-Only)

Builder session data (your selected options, generated rules, undo/redo history, and preferences) is stored locally in your browser's localStorage and sessionStorage. For anonymous users, analysis results are also stored locally. This data is never transmitted to our servers unless you are authenticated and explicitly choose to save it.

3.6 Payment Data

If you make a donation or purchase, payment information is collected and processed directly by Stripe, our third-party payment processor. We do not store, collect, or have access to your credit card numbers or full payment details. We may receive limited transaction details (such as purchase confirmation and email) from Stripe.

4. Legal Basis for Processing (GDPR — Article 6)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)) — Processing necessary to provide the Service when you create an account, save rule sets, or use authenticated features.
  • Legitimate Interests (Article 6(1)(f)) — Processing necessary for our legitimate interests, including: maintaining Service security and preventing abuse (rate limiting, CAPTCHA); improving and optimizing the Service (anonymous analytics); and ensuring fair access for all users.
  • Consent (Article 6(1)(a)) — Where you have given explicit consent, such as when you voluntarily submit your contact information, subscribe to communications, or use the AI analysis feature (which sends your content to third-party AI providers). You may withdraw consent at any time.
  • Legal Obligation (Article 6(1)(c)) — Processing necessary to comply with legal obligations, such as retaining transaction records for tax purposes.

5. Use of Your Information

We use the information we collect to provide, maintain, and improve the Service. Specifically, we may use information collected about you to:

  • Provide and maintain your user account and associated features.
  • Store and manage your saved rule sets, custom options, and analysis results.
  • Process your rules content through AI models for generation and analysis.
  • Respond to your inquiries and contact form submissions.
  • Process payments and fulfill transactions via Stripe.
  • Compile anonymous, aggregate statistical data for internal analysis and Service improvement.
  • Send important service-related communications (such as changes to our terms or policies).
  • Monitor and analyze usage trends to enhance and optimize the Service.
  • Prevent fraudulent transactions, abuse, and protect against illegal activity.
  • Enforce rate limits to ensure fair access to the Service for all users.
  • Verify human users via Cloudflare Turnstile CAPTCHA to prevent bot abuse.

6. AI Data Processing

When you use the rule generation or AI analysis features, your configuration selections, inputs, and/or rules file content are transmitted to third-party AI model providers for processing. Important details:

  • AI requests are routed through the Vercel AI Gateway to providers including xAI (Grok models), OpenAI, and potentially other providers as our infrastructure evolves.
  • We do not control how third-party AI providers handle data beyond our contractual agreements and their published data usage policies.
  • We do not use your content to train our own AI models.
  • Generated and analyzed output is provided to you and, for authenticated users who choose to save results, stored in our database.
  • We recommend reviewing the privacy policies of our AI providers, particularly xAI and OpenAI, to understand how they process data received through their APIs.
  • Do not submit confidential, proprietary, or sensitive personal information through the AI generation or analysis features.

7. Third-Party Service Providers

We use the following third-party services to operate the Service. These providers may collect and process data on our behalf in accordance with their own privacy policies:

  • Vercel — Website hosting, deployment, edge network infrastructure, and privacy-friendly web analytics.
  • Supabase — User authentication, PostgreSQL database hosting for user accounts, saved rule sets, analysis results, and other user data.
  • Stripe — Secure payment processing. Stripe collects and processes payment data directly and is PCI-DSS Level 1 compliant.
  • xAI — AI model provider (Grok models) for generating and analyzing rules content, accessed via the Vercel AI Gateway.
  • OpenAI — AI model provider for text embeddings and potentially other processing tasks, accessed via the Vercel AI Gateway.
  • Cloudflare Turnstile — Bot protection and CAPTCHA verification on forms and analysis features.
  • Resend — Transactional email delivery for contact form submissions.
  • Upstash — Redis-based rate limiting service to prevent abuse.

8. Disclosure of Your Information

We may share information we have collected about you in certain situations:

By Law or to Protect Rights. If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Third-Party Service Providers. We may share your information with the third-party service providers listed above that perform services for us or on our behalf. These service providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.

Public Content. If you choose to make your rule sets or custom options public, this content will be visible to other users of the Service. Your display name may be shown alongside public content.

Business Transfers. If Aurora Algorithm Inc. is involved in a merger, acquisition, asset sale, or similar business transaction, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

9. Cookies & Local Storage

The Service uses the following storage mechanisms:

  • Authentication Cookies (Essential) — If you create an account, Supabase sets HTTP-only session cookies for secure authentication and session management. These are strictly necessary for the Service to function and do not require consent under GDPR.
  • Browser localStorage/sessionStorage — Used to persist your builder session data, preferences, and anonymous analysis results locally on your device. This data is never transmitted to our servers unless you are logged in and explicitly save it.
  • Third-Party Cookies — Cloudflare Turnstile and Stripe may set their own cookies as necessary for bot protection and payment processing. These are essential cookies. Please refer to their respective privacy policies for details.

We do not use tracking cookies for advertising, behavioral profiling, or cross-site tracking purposes. Vercel Web Analytics, which we use for aggregate usage metrics, is cookie-free and does not track individual users. You can clear your browser's local storage and cookies at any time through your browser settings.

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data — Retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • Saved Rule Sets & Analysis Results — Retained for as long as your account is active or until you delete them.
  • Contact Form Submissions — Retained only as long as needed to respond to your inquiry.
  • Payment Records — Retained as required by applicable tax and financial regulations (typically 7 years).
  • Server Logs — Retained for up to 30 days for security and debugging purposes.
  • Aggregate, Anonymized Data — Data that cannot identify you may be retained indefinitely for analytical purposes.

11. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect the information we collect. All data in transit is encrypted using TLS/SSL. Payment processing is handled by Stripe, which is PCI-DSS Level 1 certified. Our database is hosted on Supabase with encryption at rest. API tokens are stored as cryptographic hashes and never in plaintext. Authentication sessions use HTTP-only cookies to prevent client-side access. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee the absolute security of your information. You acknowledge that you provide your information at your own risk.

12. International Data Transfers

Aurora Algorithm Inc. is based in Canada. The Service is hosted on Vercel's global edge network, and our third-party service providers may be located in various countries around the world, including the United States.

For EEA/UK/Swiss Users: When your personal data is transferred outside the EEA, UK, or Switzerland, we ensure adequate protection through one or more of the following mechanisms: (a) transfers to countries recognized by the European Commission as providing adequate data protection (Canada has received an adequacy decision from the European Commission); (b) Standard Contractual Clauses (SCCs) approved by the European Commission with service providers in non-adequate countries; or (c) other lawful transfer mechanisms as permitted under applicable law.

For Canadian Users: Under PIPEDA, Aurora Algorithm Inc. remains accountable for personal information transferred to third-party service providers, regardless of their location. We use contractual agreements to ensure comparable protection of your information.

13. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws:

13.1 Rights Under the GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights: (a) Right of Access — the right to obtain confirmation of whether we process your personal data and to receive a copy; (b) Right to Rectification — the right to correct inaccurate personal data; (c) Right to Erasure (“Right to be Forgotten”) — the right to request deletion of your personal data; (d) Right to Restriction of Processing — the right to request that we limit how we use your data; (e) Right to Data Portability— the right to receive your personal data in a structured, commonly used, machine-readable format; (f) Right to Object — the right to object to processing based on legitimate interests; and (g) Right to Withdraw Consent — the right to withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe we have violated your data protection rights.

13.2 Rights Under PIPEDA (Canada)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian users have the right to: (a) access their personal information held by us; (b) challenge the accuracy and completeness of their personal information and have it amended as appropriate; (c) withdraw consent for the collection, use, or disclosure of their personal information, subject to legal or contractual restrictions and reasonable notice; and (d) file a complaint with the Office of the Privacy Commissioner of Canada if they believe their privacy rights have been violated. To exercise these rights, or for any privacy-related inquiry, please contact us at privacy@agentrulegen.com.

13.3 Rights Under the CCPA/CPRA (California, USA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA): (a) Right to Know — you may request that we disclose the categories and specific pieces of personal information we have collected about you; (b) Right to Delete — you may request that we delete your personal information; (c) Right to Correct — you may request that we correct inaccurate personal information; (d) Right to Opt-Out of Sale/Sharing— you have the right to opt out of the sale or sharing of your personal information. We do not sell or share your personal information as defined by the CCPA/CPRA; and (e) Right to Non-Discrimination— we will not discriminate against you for exercising your privacy rights.

13.4 Exercising Your Rights

To exercise any of your privacy rights, please email us at privacy@agentrulegen.com. We will respond to verifiable requests within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA). For authenticated users, most data can be managed directly through your account settings, including data export and account deletion.

14. Children's Privacy

The Service is not intended for use by children under the age of 16 (or the minimum digital consent age in your jurisdiction, if higher). We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 16. If we become aware that we have collected personal information from a child under 16, we will take reasonable steps to delete such information promptly. If you believe that a child under 16 has provided personal information to us, please contact us immediately at privacy@agentrulegen.com so that we can take appropriate action.

15. Do Not Track Signals

Some browsers include a “Do Not Track” (DNT) feature. Because there is no universally accepted standard for interpreting DNT signals, the Service does not currently respond to DNT browser signals. However, we do not engage in cross-site tracking, behavioral advertising, or selling personal information, so the practical effect is the same regardless of your DNT setting.

16. Disclaimer of Liability

WE ARE NOT RESPONSIBLE FOR ANY PROBLEMS, ISSUES, DAMAGES, OR ADVERSE RESULTS ARISING FROM YOUR USE OF THE SERVICE OR ANY CONTENT, RULES, ANALYSIS RESULTS, CONFIGURATIONS, OR OUTPUTS GENERATED BY THE SERVICE. ALL GENERATED CONTENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. WE MAKE NO GUARANTEES REGARDING THE ACCURACY, RELIABILITY, COMPLETENESS, SUITABILITY, SAFETY, OR EFFECTIVENESS OF ANY GENERATED OUTPUT. YOU ACKNOWLEDGE THAT THE SERVICE USES AUTOMATED PROCESSES AND THIRD-PARTY AI MODELS, AND THAT ANY OUTPUT MAY CONTAIN ERRORS, INACCURACIES, SECURITY VULNERABILITIES, OR OMISSIONS THAT COULD ADVERSELY AFFECT YOUR PROJECTS, SYSTEMS, OR DATA.

17. User Responsibility

You are solely responsible for reviewing, validating, testing, and independently verifying any content, rules, analysis results, or configurations generated by the Service before integrating them into any project, codebase, or production environment. You assume all risk associated with the use of generated content. We strongly recommend independent professional review of any generated output before deployment or distribution. Aurora Algorithm Inc. shall not be held liable for any damages, losses, security breaches, data loss, system failures, or other consequences resulting from your reliance on or implementation of any content produced by the Service.

18. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, AURORA ALGORITHM INC. SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM: (A) YOUR ACCESS TO OR USE OF (OR INABILITY TO ACCESS OR USE) THE SERVICE; (B) ANY CONTENT, RULES, ANALYSIS RESULTS, CONFIGURATIONS, OR OUTPUTS GENERATED BY THE SERVICE; (C) UNAUTHORIZED ACCESS TO OR USE OF OUR SERVERS AND/OR ANY PERSONAL INFORMATION STORED THEREIN; (D) ANY INTERRUPTION OR CESSATION OF THE SERVICE; (E) ANY ERRORS, BUGS, VIRUSES, OR VULNERABILITIES IN GENERATED CONTENT OR THE SERVICE; OR (F) THE CONDUCT OF ANY THIRD-PARTY SERVICES OR AI MODELS USED BY THE SERVICE. IN JURISDICTIONS THAT DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, OUR LIABILITY SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW. NOTHING IN THIS POLICY SHALL EXCLUDE OR LIMIT LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

19. Indemnification

You agree to indemnify, defend, and hold harmless Aurora Algorithm Inc. and its owners, operators, directors, officers, employees, contributors, and affiliates from any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Service; (b) your implementation or distribution of generated content; (c) your violation of this Privacy Policy or our Terms and Conditions; (d) your violation of any third-party rights, including privacy, intellectual property, or data protection rights; or (e) any claim that content generated through the Service caused damage to a third party or their systems.

20. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time. For material changes, we will make reasonable efforts to notify registered users via email or through a notice on the Service. Changes will be effective immediately upon posting on the Service unless a longer notice period is required by applicable law. We will indicate the date of the last update at the top of this page. It is your responsibility to review this Privacy Policy periodically for changes. Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of such changes. If you do not agree to the updated Privacy Policy, you must discontinue use of the Service.

21. Contact Us

If you have questions or concerns about this Privacy Policy, want to exercise your data protection rights, or wish to file a complaint, please contact us:

Aurora Algorithm Inc.

Canada

Privacy inquiries: privacy@agentrulegen.com

GitHub: github.com/ArekEfimenko/agent-rules-builder

For complaints regarding data protection in Canada, you may also contact the Office of the Privacy Commissioner of Canada. For complaints in the EU, you may contact your local Data Protection Authority.