Privacy Policy
Last updated: February 25, 2026
1. Who We Are
rrule.net ("the Service") is operated by an individual based in France. For any privacy-related questions, you can reach us at contact@rrule.net.
We act as the data controller for the personal data collected through the Service, as defined by the EU General Data Protection Regulation (GDPR).
2. Data We Collect
Account data
When you create an account, we collect:
- Email address (via Google, GitHub, or email OTP authentication)
- Display name and avatar (if provided by your OAuth provider)
Schedule data
When you use the API or dashboard, we store:
- Schedule rules (RRule, Cron, or natural language input)
- Timezone preferences
- Webhook URLs and delivery metadata (status codes, timestamps)
Note: Webhook headers you provide are stored encrypted and are never returned by the API after creation.
Usage data
We collect basic usage data for rate limiting and service monitoring: IP addresses, request counts, and timestamps. This data is not used for tracking or advertising purposes.
3. How We Use Your Data
We use your data exclusively to:
- Provide and operate the scheduling service
- Authenticate your identity and secure your account
- Deliver webhook notifications on your behalf
- Send transactional emails (schedule paused, delivery failures)
- Enforce rate limits and prevent abuse
- Improve the reliability and performance of the Service
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Legal Basis (GDPR)
We process your data under the following legal bases:
- Contract performance — processing necessary to provide the Service you signed up for (Art. 6(1)(b))
- Legitimate interest — rate limiting, abuse prevention, and service monitoring (Art. 6(1)(f))
5. Third-Party Services
The Service relies on the following third-party processors:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication | Email, account data, schedules |
| Cloudflare | API hosting, CDN | IP addresses, request metadata |
| Brevo | Transactional emails | Email address |
| Anthropic (Claude) | Natural language parsing | Schedule input text (no personal data) |
6. Data Retention
- Account data — retained while your account is active, deleted within 30 days of account deletion
- Schedule data — retained while the schedule exists, deleted with the schedule
- Execution logs — retained for 90 days, then automatically purged
- Usage data (IP, request logs) — retained for 30 days maximum
7. Your Rights
Under the GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a structured, machine-readable format
- Restriction — request we limit processing of your data
- Objection — object to processing based on legitimate interest
To exercise any of these rights, contact us at contact@rrule.net. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In France, the relevant authority is the CNIL.
8. Cookies
The Service uses only essential cookies required for authentication and session management. We do not use analytics cookies, tracking cookies, or third-party advertising cookies.
9. Security
We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), encrypted storage of sensitive data (webhook headers), and access controls (Row-Level Security). However, no system is completely secure, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the dashboard. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For any privacy-related questions or requests, contact us at contact@rrule.net.