Privacy Policy

1. Introduction

RuCoin ("we", "us", "our") is committed to protecting your privacy and the privacy of your organization's data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Enterprise Reward Management System ("Platform", "Service").

By using the Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use our services.

2. Information We Collect

2.1 Account and Registration Information

When you register for an account, we collect:

• Organization name, contact information, and billing details
• Administrator and user email addresses
• Authentication credentials (managed securely by the platform)
• Tenant identification and configuration data

2.2 Platform Usage Data

We automatically collect information about how you use the Platform:

• API request logs, including request IDs, timestamps, and response times
• Feature usage patterns and service interactions
• System performance metrics and error logs
• Authentication events and security audit trails
• IP addresses, device information, and browser types

2.3 Reward program data

As part of providing reward management services, we process data you upload or create:

• Customer reward account information and transaction history
• Point balances, reward points, and redemption records
• Voucher codes, catalog items, and redemption data
• Rule engine configurations and execution logs
• Tenant wallet balances and transaction records

2.4 Technical and Log Data

We collect technical information for security, performance, and compliance:

• System logs, error reports, and diagnostic information
• Security event logs and audit trails
• Network traffic metadata (excluding content)
• Cookie and tracking technology data

3. How We Use Your Information

We use the information we collect to:

• Provide and Maintain the Service: Operate the Platform, process transactions, manage multi-tenant isolation, and deliver reward management features
• Authentication and Security: Verify user identities, enforce access controls, detect and prevent fraud, and maintain platform security
• Service Improvement: Analyze usage patterns, optimize performance, develop new features, and enhance user experience
• Compliance and Legal: Comply with legal obligations, respond to legal requests, enforce our Terms of Service, and protect rights and safety
• Communication: Send service notifications, security alerts, support communications, and important updates about the Platform
• Billing and Account Management: Process payments, manage subscriptions, and handle account administration
• Support and Troubleshooting: Provide customer support, diagnose technical issues, and resolve service problems

4. Multi-Tenant Data Isolation

RuCoin operates on a multi-tenant architecture with strict data isolation:

• Each tenant's data is logically and physically isolated from other tenants
• Tenant-specific access controls prevent cross-tenant data access
• All data queries and operations are scoped to the authenticated tenant
• Backup and recovery processes maintain tenant data separation

We implement technical and organizational measures to ensure that your organization's data remains private and inaccessible to other tenants, even within shared infrastructure.

5. Data Security

We implement comprehensive security measures to protect your information:

• Authentication: Secure identity management with multi-factor authentication (MFA) support
• Encryption: AES-256 encryption for data at rest and TLS/SSL encryption for data in transit
• Access Controls: Role-based access control (RBAC), IP whitelisting, and API key management
• Monitoring: Continuous security monitoring, intrusion detection, and automated threat response
• Audit Logging: Comprehensive audit trails for all administrative and data access activities
• Regular Assessments: Security audits, vulnerability scans, and penetration testing
• Incident Response: Established procedures for detecting, responding to, and recovering from security incidents

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials and API keys.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or organizational data. We may share information only in the following circumstances:

6.1 Service Providers

We may share data with trusted third-party service providers who assist in operating the Platform:

• AWS (Amazon Web Services): Cloud infrastructure and data storage
• Email and SMS Providers: For sending notifications and transactional messages
• Payment Processors: For handling subscription and billing transactions
• Analytics Providers: For aggregated, anonymized usage analytics

All service providers are contractually obligated to protect your data and use it solely for providing services to RuCoin.

6.2 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations or respond to valid legal requests
• Protect the rights, property, or safety of RuCoin, our users, or others
• Enforce our Terms of Service or investigate potential violations
• Prevent or address fraud, security, or technical issues

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

7. Data Retention

We retain your information for as long as necessary to:

• Provide the Service and fulfill our contractual obligations
• Comply with legal, regulatory, or tax requirements
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When you terminate your account, we will retain your data for a reasonable period to allow for data export, then securely delete or anonymize it in accordance with our data retention policies and legal requirements. Audit logs and security records may be retained for longer periods for compliance purposes.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request access to your personal information and data stored in the Platform
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal and contractual obligations
• Portability: Request export of your data in a machine-readable format
• Objection: Object to certain processing activities, such as marketing communications
• Restriction: Request restriction of processing in certain circumstances
• Withdrawal of Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us at privacy@rucoin.in. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Note: Some rights may be limited for enterprise accounts where data processing is necessary for contract performance or legal compliance.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your authentication session and security preferences
• Remember your settings and preferences
• Analyze Platform usage and performance
• Provide personalized features and content

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Platform.

10. International Data Transfers

The Platform is hosted on AWS infrastructure that may be located in various geographic regions. By using the Platform, you acknowledge that your information may be transferred to and processed in countries other than your country of residence.

We ensure that appropriate safeguards are in place for international data transfers, including:

• Standard contractual clauses and data processing agreements
• Compliance with applicable data protection laws
• Security measures consistent with this Privacy Policy

11. Children's Privacy

The Platform is designed for enterprise use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@rucoin.in.

12. Data Breach Notification

In the event of a data breach that may affect your information, we will:

• Investigate and assess the scope and impact of the breach
• Take immediate steps to contain and remediate the breach
• Notify affected users and relevant authorities as required by law
• Provide information about the breach, affected data, and remediation steps

We will notify you without undue delay after becoming aware of a breach that poses a risk to your rights and freedoms.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Sending an email notification to your registered email address
• Displaying a notice within the Platform

Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Officer: privacy@rucoin.in
• General Support: support@rucoin.in
• Legal Inquiries: legal@rucoin.in

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection laws.

15. Effective Date

This Privacy Policy is effective as of January 2026 and was last updated on January 2026.