Ruba
Privacy Policy
How Ruba collects, uses, protects, and shares your personal information across our checkout and billing infrastructure
1. Introduction and Scope
1.1. WRITE RUBA's FULL LEGAL NAME HERE and its affiliates ("Ruba", "we", "us", or "our") respect your personal privacy and are committed to safeguarding your personal data. This Privacy Policy explains our practices regarding the collection, processing, storage, and disclosure of personal information when you access our website, use our checkout system, or interact with our reseller and billing infrastructure platform (collectively, the "Services").
1.2. By accessing or utilizing our Services, you acknowledge that you have read this Privacy Policy and understand how we handle your information. This document is incorporated into and operates alongside our Seller Agreement and our Buyer Purchase Terms. Any capitalized term appearing here without definition carries the meaning assigned to it in those respective agreements.
1.3. Scope of Coverage: This Policy covers our treatment of "Personal Data" (also referred to as "personal information" or "personally identifiable information" under applicable privacy statutes), which means any data that identifies, relates to, describes, or can be reasonably linked to an identifiable natural person. This Policy does not apply to the independent data practices of third-party websites, software applications, or companies that Ruba does not own or control.
2. Information We Collect (Categories and Sources)
To deliver our Services effectively, we collect Personal Data from multiple sources. Over the preceding twelve (12) months, we have collected the following categories of Personal Data:
| Category | Examples of Data Collected | Primary Sources |
|---|---|---|
| Profile & Contact Details | First and last name, email address, telephone number, business name, and account login credentials. | Direct user input; third-party authentication providers. |
| Financial & Transaction Data | Payment card brand, last four digits of card number, expiration date, billing address, tax identification numbers, and purchase/subscription history. | Direct user input at checkout; Payment Processors. |
| Technical & Device Telemetry | Internet Protocol (IP) address, browser type and version, operating system, device hardware identifiers, and mobile advertising IDs. | Automated browser/device transmission; analytics scripts. |
| Usage & Interaction Metrics | Referring web pages, exit links, timestamps, clickstream patterns, page view durations, and non-identifiable API request logs. | Automated tracking tools; functional cookies. |
| Third-Party Identity Data | Email addresses, usernames, and profile metadata imported when logging in via GitHub, Discord, Google, or social networks. | External identity and OAuth providers. |
| Coarse Geolocation | Approximate geographic location derived from IP routing data. | Automated network routing analysis. |
A. Information You Provide Directly
- Account Creation & Checkout: When you register for a Seller Account or complete a purchase through Ruba Checkout, you input essential contact, billing, and identity details.
- Support & Communications: When you correspond with our support team, complete surveys, or submit feedback forms, we collect the contents of your messages and your contact details.
B. Information Collected Automatically
- Telemetry & Logs: Whenever you interact with our Website or APIs, our servers automatically record diagnostic logs, browser characteristics, network routing IPs, and device metadata.
- Cookies & Pixels: We utilize automated tracking tools, local storage, and web beacons to monitor user preferences and platform performance (detailed further in Section 5).
C. Information Obtained From Third Parties
- Authentication & Social Platforms: If you link an external account (such as Google, GitHub, or Discord) to authenticate into Ruba, we receive basic profile attributes permitted by your privacy settings on those platforms.
- Risk & Marketing Partners: We may receive supplemental data from fraud-prevention vendors, identity verification services, and commercial data enrichment partners to verify transactions and refine our marketing outreach.
3. How We Use Your Information (Business Purposes)
We process your Personal Data only for legitimate business and commercial objectives, including:
3.1. Service Delivery and Transaction Processing: Setting up and maintaining merchant profiles; routing payments; delivering purchased digital goods and software licenses; calculating tax liabilities; and issuing billing receipts.
3.2. Platform Security and Fraud Prevention: Monitoring checkout traffic to detect, investigate, and prevent fraudulent transactions, identity theft, unauthorized account access, and cyberattacks; debugging software errors; and maintaining platform integrity.
3.3. Product Optimization and Analytics: Analyzing user behavior and traffic trends to improve UI/UX design; testing new features; conducting technical research; and enhancing API performance.
3.4. Communications and Customer Support: Responding to merchant inquiries and buyer support requests; sending important transactional notices (such as order confirmations, subscription renewal alerts, and security updates); and delivering administrative messages.
3.5. Marketing and Promotional Outreach: Sending promotional emails, newsletters, and product updates regarding Ruba's Services (in accordance with your communications preferences and opt-out rights).
3.6. Legal Compliance and Agreement Enforcement: Satisfying statutory obligations (such as tax reporting and anti-money laundering regulations); responding to lawful court orders and subpoenas; enforcing our terms of service; defending legal claims; and resolving commercial disputes.
We will never collect supplemental categories of Personal Data or utilize your data for materially unrelated or incompatible purposes without providing advance notice and obtaining your consent where required by law.
4. When and Why We Share Your Information
We do not sell your Personal Data to third parties for monetary compensation. However, we do share your information with trusted third parties to operate our business:
4.1. Service Providers and Infrastructure Partners: We disclose necessary data to third-party vendors who perform critical functions on our behalf, including cloud hosting, database management, email delivery, customer support ticketing, and cybersecurity monitoring.
4.2. Payment Processors: To execute financial transactions, we securely transmit payment details to our integrated payment processing partners (including Stripe, Inc.). Stripe collects and processes your card and banking information under its own strict security protocols. We encourage you to review Stripe's privacy terms to understand their data handling practices.
4.3. Analytics and Marketing Vendors: We share de-identified usage metrics and technical identifiers with analytics providers (such as Google Analytics) to evaluate platform traffic and campaign effectiveness. Where permitted by law, we may share basic contact data with marketing partners to promote Ruba's services.
4.4. Business Partners and Integrations: If you interact with third-party software integrations or joint promotional programs through our platform, we may share relevant operational data to facilitate that service.
4.5. Legal and Regulatory Authorities: We may disclose Personal Data to law enforcement, judicial bodies, or government regulators if we determine in good faith that disclosure is legally mandated, or is necessary to protect the safety, rights, or property of Ruba, our users, or the general public.
4.6. Corporate Transactions: If Ruba undergoes a merger, acquisition, corporate restructuring, asset sale, or bankruptcy proceeding, your Personal Data may be transferred to the acquiring entity. We will use reasonable efforts to notify you before your data becomes subject to materially different privacy rules.
4.7. Anonymized and Aggregated Data: We may strip Personal Data of all individual identifying characteristics to generate anonymized, aggregated statistical datasets. We freely share and use anonymized data for research, industry benchmarking, and product promotion, as it no longer constitutes Personal Data.
5. Cookies, Tracking Technologies, and Opt-Out Controls
5.1. What Are Cookies? We use cookies, clear GIFs, pixel tags, and local storage scripts (collectively, "Cookies") to recognize your browser, remember your preferences, secure your session, and evaluate traffic patterns. Cookies are small text files downloaded to your device when you visit our Website.
5.2. Categories of Cookies We Use:
- Essential Cookies: Vital for core platform operation, allowing you to log in securely, navigate checkout workflows, and access protected merchant tools. Disabling these renders the Services unusable.
- Functional Cookies: Remember your customized settings (such as language preference or account display options) to deliver a streamlined, personalized experience.
- Analytical & Performance Cookies: Measure visitor volume, page engagement, and loading speeds to help us optimize platform performance. For instance, we utilize Google Analytics to analyze web traffic. You can learn how Google processes analytics data by visiting www.google.com/policies/privacy/partners/ and you can opt out by installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
5.3. Managing Your Cookie Preferences: You can control or reset your Cookie settings at any time by clicking the "Cookie Preferences" link located in our website footer. Additionally, most web browsers allow you to block or delete Cookies through their privacy settings. Please note that blocking Essential or Functional Cookies may impair platform functionality. For comprehensive guidance on managing Cookies, visit www.allaboutcookies.org.
6. Data Security and Retention
6.1. Security Safeguards: We implement robust administrative, technical, and physical safeguards designed to protect your Personal Data against unauthorized access, destruction, loss, alteration, or disclosure. These measures include data encryption in transit and at rest, secure network architectures, strict access controls, and regular vulnerability assessments. However, no data transmission across the public internet or electronic storage infrastructure can be guaranteed as 100% secure. You share responsibility for security by protecting your login credentials and signing out of shared computers.
6.2. Retention Periods: We retain your Personal Data for as long as your account remains active or as needed to provide you with Services. Following account closure, we retain specific financial records, transaction logs, and tax documentation for extended periods where legally required by tax laws, accounting standards, or anti-fraud regulations (typically up to seven years). When Personal Data is no longer required for legal or operational purposes, we securely delete or permanently anonymize it.
7. Children's Privacy
Our Services are built for businesses and adult consumers and are strictly not directed toward children under thirteen (13) years of age. We do not knowingly solicit or collect Personal Data from children under 13. If you believe an underage child has provided us with personal information, please notify our team immediately at privacy@getruba.com, and we will promptly purge that information from our servers. Furthermore, we do not knowingly sell or share the Personal Data of consumers under sixteen (16) years of age without explicit statutory authorization.
8. U.S. State Privacy Rights (CCPA/CPRA and Other State Laws)
8.1. Applicability: If you reside in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, Montana, or other U.S. states with comprehensive privacy legislation (such as the CCPA/CPRA, VCDPA, CPA, CTDPA, or TDPSA), you hold specific statutory rights regarding your Personal Data.
8.2. Your Statutory Rights:
- Right to Know and Access: You may request details regarding the categories of Personal Data we collected, the sources of that data, our commercial purposes for collecting it, the categories of third parties with whom we shared it, and the specific pieces of Personal Data we hold about you over the past 12 months.
- Right to Correction (Rectification): You may request that we correct inaccurate or incomplete Personal Data maintained in our records.
- Right to Deletion (Erasure): You may request that we delete your Personal Data, subject to legally permissible retention exceptions (such as completing financial transactions, detecting fraud, or complying with tax laws).
- Right to Opt-Out of "Sales" or "Sharing" for Targeted Advertising: While Ruba does not sell personal information for cash, certain third-party advertising cookies utilized on our Website may qualify as a "sale" or "share" for cross-context behavioral advertising under state laws. You can opt out of this tracking at any time via our "Cookie Preferences" footer link or by emailing privacy@getruba.com.
- Right to Non-Discrimination: We will never deny you Services, charge higher rates, or degrade service quality because you exercise your privacy rights.
8.3. Treatment of Sensitive Personal Information: Where we process sensitive data (such as financial account credentials or government identifiers), we do so strictly to perform essential checkout and billing services, prevent fraud, or satisfy legal duties. We do not use sensitive personal information to infer individual characteristics or for behavioral profiling.
8.4. Submitting Requests and Appeals: To exercise your rights, contact us at privacy@getruba.com. We will verify your identity before processing your request. If we decline to fulfill a privacy request, we will provide a written explanation. You may appeal our decision by replying directly to the denial notice or emailing privacy@getruba.com. If your appeal is denied, you have the right to file a complaint with your State Attorney General.
9. European Union (EEA) and United Kingdom Privacy Rights (GDPR / UK GDPR)
9.1. Scope and Roles: If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, your data processing is governed by the GDPR and UK GDPR. Under these regulatory frameworks:
- Ruba as Processor: When we process consumer checkout data on behalf of our merchants, we operate primarily as a Data Processor executing instructions for the seller.
- Ruba as Controller: When we collect merchant account details, website visitor telemetry, or direct support inquiries, we operate as a Data Controller.
9.2. Lawful Bases for Processing: We process EEA/UK Personal Data only under valid legal bases:
| Processing Activity | Lawful Basis Under GDPR / UK GDPR |
|---|---|
| Account Creation & Checkout Fulfillment | Performance of a Contract (Article 6(1)(b)). |
| Fraud Mitigation & Security Monitoring | Legitimate Interests in safeguarding platform integrity (Article 6(1)(f)); Legal Obligation (Article 6(1)(c)). |
| Platform Optimization & Technical Analytics | Legitimate Interests in improving software functionality (Article 6(1)(f)). |
| Marketing Outreach & Newsletters | Legitimate Interests (for existing business customers) or Opt-In Consent (Article 6(1)(a)). |
| Cookie Placement & Tracking Pixels | Explicit Opt-In Consent (Article 6(1)(a)) or Legitimate Interests (for Essential/Functional cookies). |
| Tax Reporting & Regulatory Compliance | Compliance with Legal Obligations (Article 6(1)(c)). |
9.3. Your European Data Subject Rights:
- Right of Access & Portability: You may request a copy of your Personal Data in a structured, commonly used, machine-readable format and ask us to transmit it to another controller.
- Right to Rectification & Erasure: You may request that we update inaccurate records or delete your Personal Data ("Right to be Forgotten"), subject to mandatory financial retention rules.
- Right to Restriction & Objection: You may ask us to restrict processing or object to our reliance on legitimate interests (especially regarding direct marketing activities).
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
- Right to Lodge a Complaint: You have the right to file a formal complaint with your local Data Protection Authority (DPA). An official directory of European DPAs is accessible at https://edpb.europa.eu/about-edpb/board/members_en, and the UK Information Commissioner's Office (ICO) is accessible at https://ico.org.uk/.
9.4. International Data Transfers: Because Ruba operates globally, your Personal Data may be transferred to and stored on servers located in the United States or other jurisdictions outside the EEA/UK that may not maintain equivalent statutory data protection laws. Whenever we transfer European Personal Data internationally, we ensure appropriate legal safeguards are established, such as executing the European Commission's approved Standard Contractual Clauses (SCCs), implementing UK International Data Transfer Addendums, or relying on formal adequacy decisions.
10. Policy Updates and Contact Information
10.1. Modifications: As our software infrastructure evolves and privacy regulations change, we may update this Privacy Policy from time to time. When material changes occur, we will post a prominent alert on our Website, update the effective date at the top of this page, and/or send an electronic notification to registered merchants. Your continued interaction with our Services following the posting of updated terms constitutes your acknowledgment and acceptance of the revised Policy.
10.2. Contact Us: If you have questions, feedback, or formal requests concerning this Privacy Policy or our data processing practices, please reach out to our privacy team:
WRITE RUBA's FULL LEGAL NAME HERE
[REGISTERED ADDRESS]
Email: privacy@getruba.com
Support: support@getruba.com