Privacy Policy

Last updated: April 2026

1. Introduction

Rud1 (“we”, “us”, or “our”) operates the platform available at rud1.es (the “Service”). This Privacy Policy explains what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Spanish data-protection law.

By creating an account or using the Service you agree to the practices described in this document. If you do not agree, please stop using the Service and contact us to delete your account.

2. Data We Collect

We collect only the data necessary to provide, secure, and improve the Service.

Account information

Name, email address, and a hashed copy of your password when you register. We never store passwords in plain text.

Device telemetry

Heartbeat signals sent by Rud1 hardware units: CPU usage, memory usage, temperature, VPN connection state, uptime, and USB device inventory. This data is tied to your device and organisation, not to an individual person.

Usage data

Log-ins, dashboard interactions, API key usage, and feature adoption metrics. We use this to understand how the product is used and where to improve it.

Audit logs

Actions taken within your organisation — device provisioning, config changes, invitations — are recorded with a timestamp and user ID for security and compliance purposes.

Cookies and session tokens

We set a secure, HttpOnly session cookie upon sign-in. We do not use third-party advertising cookies.

3. How We Use Your Data

To create and maintain your account and organisation.
To provide the core features of the Service: device management, VPN, USB-over-IP, firmware updates, and alerting.
To send transactional emails — registration confirmation, password reset, invitation, and alert notifications.
To detect and prevent fraud, abuse, and security incidents.
To comply with legal obligations (Spanish law, EU regulations).
To improve the Service through aggregated, anonymised analytics.

We do not sell your data to third parties. We do not use your data for advertising.

4. Data Storage & Security

All data is stored in the European Union. We use industry-standard security measures including TLS in transit, encrypted-at-rest database storage, and strict access controls. Only employees who require access to personal data to perform their job are authorised to do so.

Passwords are hashed with bcrypt before storage. Session tokens are cryptographically random and invalidated on sign-out.

5. Third-Party Sub-processors

We share minimal data with the following sub-processors to run the Service:

Vendor	Purpose	Region
Neon (Neon Inc.)	Serverless Postgres database hosting	EU
Vercel Inc.	Web application hosting and CDN	EU / Global
Resend	Transactional email delivery	EU

Each sub-processor is bound by a Data Processing Agreement and is GDPR-compliant.

6. Your Rights (GDPR)

Under the GDPR you have the following rights:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — request deletion of your account and associated data (“right to be forgotten”).
Restriction — ask us to limit processing while a dispute is resolved.
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interests.

To exercise any of these rights, email us at support@rud1.es. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish data-protection authority (AEPD) at www.aepd.es.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account we will erase your personal data within 30 days, unless we are required to retain it for legal or compliance reasons (e.g., billing records for tax purposes are kept for 7 years).

Device telemetry is retained for 90 days by default and automatically purged thereafter. Audit logs are retained for 12 months.

8. Contact

For privacy enquiries, data requests, or to report a concern:

Rud1

rud1.es

Email: support@rud1.es