Rulebooks will never use the data for purposes other than your legal operations practice, and we are determined to make sure nobody else ever will. All customer data that requires storage is located in the Google data center in Europe, with the highest security and operational reliability levels. When data-sharing occurs with applications or tools that enhance our product, this happens in compliance with the EU Data Protection Act. That means that the shared information is limited and does not expose sensitive personal data.
We treat all data in our application carefully, securely, and confidentially. Data processing is done exclusively by existing guidelines of existing laws and regulations. Using our application, one agrees to use his or her data as described in our privacy statement.
General Data Protection Regulation
The new General Data Protection Regulation (GDPR) went live on May 25th, 2018. This has implications for Rulebooks and its services. Since the 1st of February, we have employed a compliance and risk officer dedicated to rolling out this project. Of course, the compliance officer is registered at the Dutch Data Protection Authority and will inform all those involved as accurately as possible.
Rulebooks use the services of other companies. Think about data centers, product development systems, and support solutions. In legal terms, these parties are called subprocessors. You can find a list of all our subprocessors at https://rulebooks.ai.
How do we secure your data?
Rulebooks have taken measures to make Rulebooks both secure and convenient for our partners and users. We use several application, infrastructure, and user monitoring tools that alert our operations team to act in critical situations. For the complete picture, the Rulebooks IT whitepaper explains the efforts and policies that help secure our data.
Data traffic to our servers is controlled 24/7 from a central control room. Within 30 minutes, Rulebooks will respond to unauthorized attempts to access the web service, irregular traffic, or other attempts to subvert Rulebooks. The Rulebooks infrastructure is protected by a Firewall managed by hosting partners that continuously identify potential threats. Each server is accessible from the Internet (web servers) and protected by an extra Operating System Firewall.
The client/Server communication is done with HTTPS, which guarantees data integrity and prevents data tampering. The Rulebooks certificate uses 2048-bit encryption. The HTTPS transport layers use a standard TLS without fallback to SSLv2/SSlv3, which are disabled for security reasons. Internet users can recognize the SSL-secured status by the lock icon before the website URL and Extended Validation SSL-secured websites by the green address bar.
Rulebooks offers a range of policies for password requirements, including options for periodical password resets and pin codes. Furthermore, Two-factor authentication provides an optional second authentication level. Rulebooks does not store users' passwords in the database, but instead, a salted hash of the password. This prevents password stealing even with database access.
Every user has a whitelist with approved IP addresses to access the system. When users access the system from a new IP address, an email is sent to verify the new IP. It is also possible to restrict access to Rulebooks to a list of IPs or IP ranges. This measure helps to prevent third parties from entering Rulebooks accounts from alien locations and devices.
Who verifies our quality?
Rulebooks consults external parties to verify our operational excellence, procedures, and methodologies. Rulebooks maintains compliance certifications that provide independent verification of our quality.
ISAE 3402 Type II
Rulebooks has produced an ISAE 3402 report. One of the purposes of this ISAE 3402 Type II report is to provide Rulebooks customers with information to understand the design and implementation of controls implemented by Rulebooks, which are relevant to the control of the user organization’s internal processes for auditing their financial statements. Find out more information about the report right here.
What policies do we deploy?
A number of legal documents is important to both us at Rulebooks and our customers, our prospects, and users of our application. To make it easy to find the information you’re looking for, we’ve assembled them under one roof and provided a quick rundown of the individual regulations.
Data Processing Agreement
A processor agreement concerns an agreement about confidentiality, security, privacy, data elimination, and other obligations. We have included this in our general terms and conditions if you are a (new) customer looking for our standard processor agreement. You agree to these conditions when you subscribe for a Free Trial and again when you give the order confirmation.
Responsible Disclosure Policy
In the unfortunate event that a user or hacker identifies a vulnerability in our product, the Responsible Disclosure Policy provides instructions that ensure that information about the weakness will be handled confidentially and investigated with high priority. Find out more about this policy right here.
How can we work even safer?
To be an online software means that online crime is a risk to our service. Cybercriminals may attempt to obtain sensitive information by accessing individual accounts or using our names and image. We believe that shared knowledge is the most forceful weapon against this form of crime. Therefore, we aim to provide all our users and partners with clear knowledge and instructions on dealing with possible attempts at online crime.
Phishing and malicious emails
Phishing is a deceptive form of online fraud. For example, criminals send out misleading emails or messages appearing to come from Rulebooks or another trusted sender to acquire confidential information. However, Rulebooks will never request sensitive information, So do not leave your data under any circumstance. Furthermore, a phishing mail might request the login credentials of your Rulebooks account. Make sure to fill in this login information only within a Rulebooks domain with recognizable SSL encryption. Additionally, the government website provides valuable information on identifying phishing emails.