Privacy Policy
What we collect, why, and how we protect it.
Last updated: 2026-07-05
This document may be updated from time to time; material changes are announced in the console.
MSP account data
- We process your team's account data (name, email, role, and a salted password hash) to authenticate users, enforce role-based access, and keep an operator audit trail.
- We record consent at signup (which terms version was accepted, and when) so there is a clear, verifiable agreement record.
Your managed customer tenants
- For the Microsoft tenants you manage, we store identifiers and connection state plus the operational data needed to do the job (deployments, baselines, drift findings, cost and posture summaries).
- Access to customer tenants uses app-only Microsoft access: a single multitenant application that each customer admin consents to, granted scoped Azure RBAC. We do not use GDAP or Lighthouse delegated access.
- We do not store your end-customers' user passwords or standing secrets. Where an automation needs a secret, it lives in Azure Key Vault and our database stores only a reference, never the value.
Tenant isolation
- Every record and operation carries a partner-and-customer scope. Partner isolation is hard: competing MSPs run side by side on the platform and never see each other's data.
- We do not pool, mine, or resell your or your customers' data. It is used only to provide and operate the service for you.
Infrastructure and sub-processors
We run rugged.sh on a small set of infrastructure providers who process data on our behalf under their own security and privacy commitments:
- Microsoft Azure — core compute, storage, secret management (Key Vault), and the Microsoft cloud your tenants run on.
- Neon — managed PostgreSQL database hosting for the control-plane data described above.
- Cloudflare — content delivery, DNS, and edge protection for the web console.
- We keep this list current and give notice of material changes. We do not add sub-processors that get standing access to your customers' tenant content.
How long we keep data
- We keep your account and operational data for as long as your account is active, and for a limited period afterward to support recovery, billing, and audit obligations, then delete or anonymize it.
- Audit and consent records may be retained longer where we are legally or contractually required to keep them.
Cookies and telemetry
- The console uses only the cookies needed to sign you in and keep your session secure — no third-party advertising or cross-site tracking cookies.
- We collect operational logs and metrics needed to run, secure, and support the platform. Self-hosted instances phone home with license and health telemetry (version, plan, instance health) — never your end-customers' content.
Your choices
- You can access, correct, or export your account data, and request deletion subject to our legal and contractual retention obligations.
- Privacy questions or requests: [email protected]. General support: [email protected].