RUSO ("RUSO," "we," "us," or "our") is committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains how we collect, use, store, and protect personal data, and the rights you have, under the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).
This policy applies to our website and to the RUSO platform. Please read it alongside our Terms of Service.
1. Who we are
RUSO is a logistics operations platform based in Vantaa, Finland. For our full company registration details (legal entity name and business ID), contact us at info@ruso.app and we will be glad to provide them.
For any privacy-related question, request, or complaint, you can reach us at info@ruso.app. We act as the contact point for all data protection matters.
2. Controller and processor — an important distinction
Your relationship with RUSO determines our role under GDPR:
When we are the data controller. For data collected through our website, waitlist, and direct communications with you, RUSO decides why and how the data is processed. We are the controller for this data, and this Privacy Policy governs it.
When we are the data processor. When you use the RUSO platform as a customer, you enter operational data about your own business — including data about your staff, customers, drivers, orders, and shipments. For this data, you are the controller and RUSO is the processor. We process it only on your documented instructions, to provide the service. The handling of that data is governed by the Data Processing Agreement (DPA) referenced in our Terms of Service, not solely by this policy.
This section matters: it means you remain responsible for the lawful basis and notices owed to the people whose data you put into RUSO, and we remain responsible for processing it securely and only as instructed.
3. What personal data we collect
Data you give us directly:
Waitlist and enquiry data: your name, work email, company name, and information about your operation (team size, fleet size, the tools you currently use, and your approximate software spend).
Communications: the content of emails and messages you send us.
Data we collect when you use the platform (as processor, on your behalf):
Account and user data: names, work emails, and roles of the people you grant access.
Operational data: orders, shipments, inventory, staff schedules, fleet records, billing and customer records that you and your team enter.
Data collected automatically:
Basic website usage data through Framer's built-in analytics. This includes aggregated, largely anonymised information such as page views and general traffic patterns. We do not use Google Analytics or third-party advertising trackers.
Limited technical data necessary to operate and secure the site, such as your browser type and approximate region.
We do not knowingly collect special categories of personal data (such as health, religion, or political opinions) through our website, and we ask that you do not submit such data to us.
4. Why we process your data and our legal bases
Purpose Legal basis under GDPR Responding to enquiries and preparing your quote Consent / steps prior to entering a contract (Art. 6(1)(a)/(b)) Assessing pilot fit and contacting you about RUSO Consent and our legitimate interest in developing RUSO (Art. 6(1)(a)/(f)) Providing the RUSO platform to you Performance of a contract (Art. 6(1)(b)); as processor, your instructions Securing, maintaining, and improving the service Legitimate interest (Art. 6(1)(f)) Meeting legal, tax, and accounting obligations Legal obligation (Art. 6(1)(c))
Where we rely on consent, you may withdraw it at any time (see Section 9). Withdrawal does not affect processing carried out before withdrawal.
5. Cookies and tracking
Our website is built on Framer and uses Framer's built-in analytics and essential cookies needed for the site to function. We do not use advertising cookies or cross-site tracking.
You can control or block cookies through your browser settings. Blocking essential cookies may affect how the site works. Where required, we will ask for your consent to non-essential cookies before they are set.
6. Who we share data with (sub-processors and recipients)
We do not sell your personal data. We share it only as needed to run RUSO, and only with parties bound to protect it:
Framer — website hosting and built-in analytics.
n8n — processing of form submissions from our website (for example, waitlist data flowing into our systems).
Email and communication providers — to correspond with you.
These providers act as our sub-processors. We keep a current list and will provide it on request at info@ruso.app. We require each to provide appropriate data protection guarantees.
We may also disclose data where required by law, to comply with a legal obligation, or to protect the rights, safety, or property of RUSO, our customers, or others.
7. International data transfers
We aim to keep your data hosted within the European Union or European Economic Area. Where a provider processes data outside the EU/EEA, we ensure an appropriate safeguard is in place under GDPR — typically the European Commission's Standard Contractual Clauses (SCCs), together with any additional measures required. You can request information about these safeguards at info@ruso.app.
8. How long we keep your data
Waitlist and enquiry data: kept until you ask us to delete it, or until it is no longer needed for the purpose collected — and in any case reviewed at least once a year.
Customer platform data: kept for as long as you use RUSO and for up to 90 days after your account closes, to allow for export and recovery, after which it is deleted or anonymised — unless you request earlier deletion or we are legally required to keep it.
Accounting and tax records: kept for the period required by Finnish law (currently six years).
Communications: kept for as long as needed to manage our relationship with you.
When data is no longer needed, we securely delete or anonymise it.
9. Your rights
Under GDPR, you have the right to:
Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data ("right to be forgotten") where it is no longer needed or consent is withdrawn.
Restrict processing in certain circumstances.
Object to processing based on legitimate interest, and to direct marketing at any time.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time where processing is based on consent.
To exercise any right, email info@ruso.app. We will respond within one month, as required by law. If you use RUSO as a customer and your request concerns operational data, you may need to direct it to the relevant data controller (your own organisation), and we will assist as processor.
You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) if you believe your data has been mishandled.
10. Automated decision-making and profiling
RUSO does not make decisions that produce legal or similarly significant effects about you based solely on automated processing. Any analytics or insights the platform produces are tools to support human decisions, not automated decisions about individuals.
11. Children's data
RUSO is a business tool not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child's data has reached us, contact info@ruso.app and we will delete it.
12. How we protect your data
We use appropriate technical and organisational measures, including:
Hosting on servers within the EU.
Encryption of data in transit.
Role-based access control, so people see only what they need.
Full audit logs of activity within the platform.
Limiting access to personal data to those who need it to do their work.
No system is perfectly secure, but we take protection seriously and review our measures as RUSO grows.
13. Data breaches
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Finnish Data Protection Ombudsman within 72 hours where required, and will inform affected individuals without undue delay where the risk is high. As a processor, we will notify the relevant controller (our customer) without undue delay after becoming aware of a breach affecting their data.
14. Changes to this policy
We will update this policy as RUSO develops. When we make material changes, we will post the new version here with an updated date and, where appropriate, notify you directly.
15. Contact
For any question or request about this policy or your data:
info@ruso.app RUSO — Vantaa, Finland
This document is provided in good faith and reflects how RUSO intends to handle personal data. It is not legal advice. RUSO should have this policy reviewed by a qualified legal professional against its actual data processing activities and applicable law before relying on it.
1. Who we are
RUSO is a logistics operations platform based in Vantaa, Finland. For our full company registration details (legal entity name and business ID), contact us at info@ruso.app and we will be glad to provide them.
For any privacy-related question, request, or complaint, you can reach us at info@ruso.app. We act as the contact point for all data protection matters.
2. Controller and processor — an important distinction
Your relationship with RUSO determines our role under GDPR:
When we are the data controller. For data collected through our website, waitlist, and direct communications with you, RUSO decides why and how the data is processed. We are the controller for this data, and this Privacy Policy governs it.
When we are the data processor. When you use the RUSO platform as a customer, you enter operational data about your own business — including data about your staff, customers, drivers, orders, and shipments. For this data, you are the controller and RUSO is the processor. We process it only on your documented instructions, to provide the service. The handling of that data is governed by the Data Processing Agreement (DPA) referenced in our Terms of Service, not solely by this policy.
This section matters: it means you remain responsible for the lawful basis and notices owed to the people whose data you put into RUSO, and we remain responsible for processing it securely and only as instructed.
3. What personal data we collect
Data you give us directly:
Waitlist and enquiry data: your name, work email, company name, and information about your operation (team size, fleet size, the tools you currently use, and your approximate software spend).
Communications: the content of emails and messages you send us.
Data we collect when you use the platform (as processor, on your behalf):
Account and user data: names, work emails, and roles of the people you grant access.
Operational data: orders, shipments, inventory, staff schedules, fleet records, billing and customer records that you and your team enter.
Data collected automatically:
Basic website usage data through Framer's built-in analytics. This includes aggregated, largely anonymised information such as page views and general traffic patterns. We do not use Google Analytics or third-party advertising trackers.
Limited technical data necessary to operate and secure the site, such as your browser type and approximate region.
We do not knowingly collect special categories of personal data (such as health, religion, or political opinions) through our website, and we ask that you do not submit such data to us.
4. Why we process your data and our legal bases
Purpose Legal basis under GDPR Responding to enquiries and preparing your quote Consent / steps prior to entering a contract (Art. 6(1)(a)/(b)) Assessing pilot fit and contacting you about RUSO Consent and our legitimate interest in developing RUSO (Art. 6(1)(a)/(f)) Providing the RUSO platform to you Performance of a contract (Art. 6(1)(b)); as processor, your instructions Securing, maintaining, and improving the service Legitimate interest (Art. 6(1)(f)) Meeting legal, tax, and accounting obligations Legal obligation (Art. 6(1)(c))
Where we rely on consent, you may withdraw it at any time (see Section 9). Withdrawal does not affect processing carried out before withdrawal.
5. Cookies and tracking
Our website is built on Framer and uses Framer's built-in analytics and essential cookies needed for the site to function. We do not use advertising cookies or cross-site tracking.
You can control or block cookies through your browser settings. Blocking essential cookies may affect how the site works. Where required, we will ask for your consent to non-essential cookies before they are set.
6. Who we share data with (sub-processors and recipients)
We do not sell your personal data. We share it only as needed to run RUSO, and only with parties bound to protect it:
Framer — website hosting and built-in analytics.
n8n — processing of form submissions from our website (for example, waitlist data flowing into our systems).
Email and communication providers — to correspond with you.
These providers act as our sub-processors. We keep a current list and will provide it on request at info@ruso.app. We require each to provide appropriate data protection guarantees.
We may also disclose data where required by law, to comply with a legal obligation, or to protect the rights, safety, or property of RUSO, our customers, or others.
7. International data transfers
We aim to keep your data hosted within the European Union or European Economic Area. Where a provider processes data outside the EU/EEA, we ensure an appropriate safeguard is in place under GDPR — typically the European Commission's Standard Contractual Clauses (SCCs), together with any additional measures required. You can request information about these safeguards at info@ruso.app.
8. How long we keep your data
Waitlist and enquiry data: kept until you ask us to delete it, or until it is no longer needed for the purpose collected — and in any case reviewed at least once a year.
Customer platform data: kept for as long as you use RUSO and for up to 90 days after your account closes, to allow for export and recovery, after which it is deleted or anonymised — unless you request earlier deletion or we are legally required to keep it.
Accounting and tax records: kept for the period required by Finnish law (currently six years).
Communications: kept for as long as needed to manage our relationship with you.
When data is no longer needed, we securely delete or anonymise it.
9. Your rights
Under GDPR, you have the right to:
Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data ("right to be forgotten") where it is no longer needed or consent is withdrawn.
Restrict processing in certain circumstances.
Object to processing based on legitimate interest, and to direct marketing at any time.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time where processing is based on consent.
To exercise any right, email info@ruso.app. We will respond within one month, as required by law. If you use RUSO as a customer and your request concerns operational data, you may need to direct it to the relevant data controller (your own organisation), and we will assist as processor.
You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) if you believe your data has been mishandled.
10. Automated decision-making and profiling
RUSO does not make decisions that produce legal or similarly significant effects about you based solely on automated processing. Any analytics or insights the platform produces are tools to support human decisions, not automated decisions about individuals.
11. Children's data
RUSO is a business tool not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child's data has reached us, contact info@ruso.app and we will delete it.
12. How we protect your data
We use appropriate technical and organisational measures, including:
Hosting on servers within the EU.
Encryption of data in transit.
Role-based access control, so people see only what they need.
Full audit logs of activity within the platform.
Limiting access to personal data to those who need it to do their work.
No system is perfectly secure, but we take protection seriously and review our measures as RUSO grows.
13. Data breaches
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Finnish Data Protection Ombudsman within 72 hours where required, and will inform affected individuals without undue delay where the risk is high. As a processor, we will notify the relevant controller (our customer) without undue delay after becoming aware of a breach affecting their data.
14. Changes to this policy
We will update this policy as RUSO develops. When we make material changes, we will post the new version here with an updated date and, where appropriate, notify you directly.
15. Contact
For any question or request about this policy or your data:
info@ruso.app RUSO — Vantaa, Finland
This document is provided in good faith and reflects how RUSO intends to handle personal data. It is not legal advice. RUSO should have this policy reviewed by a qualified legal professional against its actual data processing activities and applicable law before relying on it.