Rulezet is an open-source, community-driven platform for sharing cybersecurity detection rules. This policy covers the official instance at rulezet.org. Anyone can also self-host Rulezet from its source code — if you are using a self-hosted instance, this default policy may have been customized by that instance's operator, who is responsible for it instead of the Rulezet project.
1. Information We Collect
- Account data — username, email address, and a securely hashed password (or your SSO identity, if you sign in that way).
- Content you submit — detection rules, bundles, comments, tags, votes, and reports you create or upload.
- API keys — if you generate one, it is stored to authenticate your programmatic requests. Treat it like a password.
- Activity logs — actions such as rule creation, edits, votes, and moderation events are logged for accountability and abuse prevention.
- Technical data — standard web server logs (IP address, browser user-agent, timestamps) generated automatically by any web request.
2. How We Use It
- To operate your account and let you create, edit, and share detection rules.
- To keep an audit trail of changes, for transparency and to resolve disputes or abuse.
- To protect the platform against spam, abuse, and unauthorized access.
- To send you account-related notifications (for example, comments on your rules).
- To compile anonymous, aggregate usage statistics (for example, total rule count) shown publicly on the site.
We do not sell your personal data, and we do not use it for third-party advertising.
3. Sharing & Federation
Any rule, bundle, or profile field you mark public is visible to every visitor, including anonymous ones. Content you keep private is visible only to you and platform administrators.
Rulezet supports optional "connectors" that let instance administrators sync public rules with other Rulezet instances. Only content you have made public can be replicated this way — private data is never federated.
4. Cookies
We use a small number of cookies that are strictly necessary to run the site: a session cookie to keep you signed in, a CSRF token to protect your forms, and a local preference for light/dark theme. We do not use third-party tracking or advertising cookies.
5. Data Retention
We keep your account and content for as long as your account is active. Deleted rules are first moved to a trash area (soft delete) and are permanently removed after the retention period configured by the instance, or sooner on request. Activity logs may be retained longer for security and audit purposes.
6. Your Rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data (for example, under the EU/UK GDPR or similar laws elsewhere). You can update most of your information directly from your account settings, or contact us to request a full export or deletion of your account.
7. Security
Passwords are stored using a salted hash, never in plain text. We apply role-based access control (anonymous / authenticated / administrator) throughout the platform and log administrative actions. No online service can guarantee absolute security, so please use a strong, unique password.
8. Changes to This Policy
We may update this policy as the platform evolves. Material changes will be announced on the project's GitHub repository. Continued use of Rulezet after an update means you accept the revised policy.
9. Contact
Questions about this policy or your data? Reach out via GitHub Discussions or open an issue on the rulezet-core repository.