Trust & Security

Trust & Security Centre

Welcome to RuleWise’s Trust Centre. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture.

To request our security documentation please contact us.

Contact Us

Risk Profile

Data Access Level
As a SaaS vendor selling to an enterprise customer, we may need access to the following type of data.
Internal (i.e. information may be shared only internally or with external parties under an NDA)
Impact Level
What is the potential impact to an enterprise customer if the data and/or functionality that RuleWise, as the vendor, are supposed to manage, is compromised?

Low

Recovery Time Objective
What is RuleWise’s recovery time objective in case of critical failure? (e.g., our DB is deleted)
Immediate
Recovery Point Objective
What is RuleWise’s recovery point objective in case of critical failure? (e.g., our DB is deleted)
Immediate
Critical Dependence
Will our RuleWise solution be a system that our enterprise customer critically depends on? (e.g., our system is mission critical)
No
Third Party Dependence
Does RuleWise make use of other third-party services to manage or support our customers?
Yes
Hosting
Are RuleWise hosted only on one of the major cloud providers or do we have any on-premise systems?
YES. We are hosted by major cloud providers, specifically Azure, and Google.

Product Security

Data Security

RuleWise solutions feature:

  • Support for multi-factor authentication and enforcement
  • Automatic logout after a certain period of no activity
  • Custom password policies
  • Customer-specific data retention policies
Integrations

Our product provides an industry leading suite of integrations including ChatGPT Team, ChatGPT Enterprise, and can be further extended by Zaps.

Multi-Factor Authentication

All user accounts are protected by Multi-Factor Authentication for all RuleWise services. 

Architecture Description

Our network architecture is described here

Architecture Diagram

Our Architecture Diagram can be viewed here.

Service-Level Agreement

We offer a Service Level Agreement for our RuleWise solutions. The SLA can be downloaded by clicking here.

SSO

We do not make use of SSO, or SAML.

Team Management

Our RuleWise solutions support team management capabilities to help administrators manage user needs and permissions.

Data Security

Access Monitoring

RuleWise solution (the modules known as Insight, Discovery, Resilience, and Academy) are all customised and finely tuned versions of OpenAI’s ChatGPT. They are only available for RuleWise supplied ChatGPT Team accounts.

Assisstants API: RuleWise develops custom AI solutions using the OpenAI Assistants API. Each custom solution has a unique name. OpenAI may securely retain API inputs and outputs for up to 30 days to provide the services and to identify abuse. After 30 days, API inputs and outputs are removed from our systems, unless we are legally required to retain them. You can also request zero data retention (ZDR) for eligible endpoints if you have a qualifying use-case.

Backups Enabled

We conduct backups on a regular basis in the event of an incident that causes data loss.

Encryption-at-rest

All customer data is encrypted at-rest using AES-256.

Encryption-in-transit

All customer data is encrypted in-transit using TLS 1.2 or higher.

Physical Security

Physical security of our infrastructure is managed by Azure. For more information, please see this overview: https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security

App Security

Responsible Disclosure

Security is essential to RuleWise’s mission. We value the input of hackers acting in good faith to help us maintain a high standard for the security and privacy for our users and technology. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.

Credential Management

All user credentials are securely salted, hashed, and stored by Auth0. We use a secure key vault to manage infrastructure secrets.

Software Development Lifecycle

Our Software Development Life-Cycle (SDLC) Policy includes peer review, automated testing, and static code analysis prior to deployment into production.

Click here to read our SDLC policy.

ESG

Anti-Bribery and Corruption

RuleWise will publish its ESG policies shortly. Please email info@rulewise,.net for further information.

Anti-Competitive Practices

RuleWise will publish its ESG policies shortly. Please email info@rulewise,.net for further information.

Anti-Modern Slavery

To view our policy

Please click HERE ->

Carbon Neutrality, Emissions Management

RuleWise will publish its ESG policies shortly. Please email info@rulewise,.net for further information.

Diversity, Equity, and Inclusion

RuleWise will publish its ESG policies shortly. Please email info@rulewise,.net for further information.

Legal

Subprocessors

Our RuleWise modules make use of ChatGPT Team, which provides natural language access to OpenAI LLMs.

Company: OpenAI
Purpose: Provision of LLM
Location: USA
Web: https://openai.com

Privacy Policy

Our Privacy Policy can be viewed by clicking here.

Service-Level Agreement

In effect we have two SLAs.

  1. One SLA controls our relationship with our customers and covers our support and training. This can be downloaded by clicking here.
  2. The other SLA is implied by the use of ChatGPT Team which controls all access to the RuleWise modules themselves.

Data Privacy

Cookies

We do not make use of Cookies.

Data Into System

Our SaaS requires email address for OAUTH account authentication. We do not ingest any other information.

RuleWise does not use data submitted by customers via our solutions to train our models or improve RuleWise’s service offering.

Data Privacy Officer

You can contact our data protection officer at privacy@rulewise.net in matters related to Personal Information processing.

Employee Privacy Training

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, Phishing, GDPR, EU AI Act.

Access Control

Access Control

Access is tightly monitored and controlled at RuleWise. We are happy to provide more details about our access control practices upon request.

Infrastructure

Infrastructure

We take great care to work with best-in-class infrastructure providers that provide secure computing and storage. We are happy to provide more details about our infrastructure upon request.

Endpoint Security

Disk Encryption

Full-disk encryption is used to protect employee endpoints.

DNS Filtering

Employee endpoints are protected from malicious web traffic.

Threat Detection

RuleWise’s Security Defense and Intelligence team proactively monitors for known attacker TTPs, known malicious binaries, and suspicious activity in the environment. They also review anomalous activity and hunt for unknown threats on a regular cadence.

Network Security

Network Security

We protect our corporate and R&D networks against external & internal threats.

Corporate Security

Corporate Security

We implement internal measures and practices to maintain a high standard of security.

Policies

Policies

We are currently working with experts to complete our company policies. Please contact us for more details.

Reports

Network Diagram

To view our network diagram (overview detail)

Click HERE ->

Security Whitepaper

Available from this link