Legal

Terms of Service

Effective March 19, 2026

These Terms of Service ("Terms") govern your access to and use of the RuleMesh platform, website, APIs, MCP server, and related services (collectively, the "Service") provided by Basically AB, a company registered in Stockholm, Sweden ("RuleMesh", "we", "us", or "our").

By creating an account or using the Service, you agree to be bound by these Terms. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.

1. Service Description

RuleMesh is a compliance infrastructure platform that translates GDPR regulations into structured engineering requirements for IT, security, and engineering teams. The Service includes:

  • Structured IT requirements derived from GDPR articles
  • Cloud control mappings for AWS, Azure, and GCP
  • Security framework mappings (OWASP Top 10, NIST CSF)
  • Jira integration for engineering backlog generation
  • MCP server access for AI-assisted compliance verification
  • GDPR Regulatory Intelligence (paid addon)

Important: RuleMesh provides structured technical requirements and implementation guidance. It does not provide legal advice. The Service is designed to help engineering teams implement compliance requirements, but it does not replace the need for qualified legal counsel. You are responsible for ensuring your organisation's overall compliance with applicable laws and regulations.

2. Account Registration

To access certain features of the Service, you must create an account. When registering, you agree to:

  • Provide accurate and complete registration information
  • Maintain the security of your account credentials
  • Promptly notify us of any unauthorised access to your account
  • Accept responsibility for all activity that occurs under your account

You must be at least 18 years old to create an account. We reserve the right to suspend or terminate accounts that violate these Terms or are used for fraudulent purposes.

3. Service Tiers

RuleMesh offers the following service tiers:

Free Tier

Available at no cost. Includes access to GDPR requirements, cloud control mappings (AWS, Azure, GCP), security framework mappings (OWASP Top 10, NIST CSF), Jira integration, and MCP server access. The Free tier is provided as-is with no service level guarantees.

INTEL Addon — GDPR Regulatory Intelligence ($299/year)

A paid subscription that includes weekly GDPR updates, regulatory change notifications, compliance insights, and email support with a 48-hour response SLA. Billed annually.

4. Billing and Payments

Paid subscriptions are processed through Stripe. By subscribing to a paid tier, you agree to the following:

  • Annual billing: Paid subscriptions are billed annually. The subscription period begins on the date of purchase.
  • Auto-renewal: Subscriptions automatically renew at the end of each billing period unless cancelled before the renewal date.
  • Payment method: You authorise us to charge your payment method on file for all applicable fees. You are responsible for keeping your payment information current.
  • Price changes: We may adjust pricing with at least 30 days' notice before your next renewal date. Continued use after a price change constitutes acceptance of the new pricing.
  • Taxes: Prices are exclusive of applicable taxes unless stated otherwise. You are responsible for any taxes associated with your subscription.

5. Cancellation and Refunds

  • 30-day money-back guarantee: If you are not satisfied with a paid subscription, you may request a full refund within 30 days of your initial purchase. Refund requests should be sent to hello@rulemesh.com.
  • Cancellation: You may cancel your subscription at any time through your account settings or by contacting us. Cancellation takes effect at the end of the current billing period. You retain access to paid features until the end of the period you have already paid for.
  • No partial refunds: Outside of the 30-day money-back guarantee, no refunds are provided for partial billing periods.
  • Downgrade: After cancellation, your account reverts to the Free tier. Your data and configuration are retained.

6. Intellectual Property

The Service, including the RuleMesh regulatory model, structured requirements, control mappings, compliance DSL, and all associated software, documentation, and content, is the proprietary property of Basically AB and is protected by applicable intellectual property laws.

  • License grant: We grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service in accordance with these Terms.
  • Restrictions: You may not copy, modify, distribute, sell, or lease any part of the Service or its content. You may not reverse-engineer or attempt to extract the source code of the Service, except where permitted by law.
  • Your content: You retain ownership of any data or content you upload to the Service. By using the Service, you grant us a limited licence to process your content as necessary to provide the Service to you.

7. Data Protection

We take data protection seriously. As a company that helps organisations implement GDPR, we hold ourselves to the same standard. Full details of how we collect, use, and protect your personal data are set out in our Privacy Policy.

  • GDPR compliance: We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection law.
  • Data we collect: Account information (email, name), usage data, and payment information (processed by Stripe). We do not sell your personal data to third parties.
  • Data processing: Your data is processed for the purpose of providing and improving the Service. We use EU-hosted infrastructure for data storage.
  • Your rights: Under GDPR, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent. You can exercise these rights via your Data & Privacy settings or by contacting privacy@rulemesh.com.
  • Data controller: Basically AB, Stockholm, Sweden is the data controller for personal data processed through the Service.
  • Privacy Policy: Our full Privacy Policy describes the categories of data collected, purposes, legal bases, sub-processors, retention periods, and how to exercise your rights.

8. API and MCP Server Usage

Access to the RuleMesh API and MCP server is subject to the following terms:

  • API keys: API keys are personal to your account and must not be shared. You are responsible for all activity conducted with your API keys.
  • Rate limits: We may impose rate limits on API and MCP server usage to ensure fair access for all users. Current rate limits are documented in our API documentation.
  • Acceptable use: You may not use the API or MCP server to build a competing product, scrape or bulk-download our regulatory model, or engage in any activity that degrades the Service for other users.
  • MCP verification: Compliance verification through the MCP server provides verification assistance, not automatic compliance certification. MCP outputs are implementation signals that require human review as part of your governance workflow.

9. Service Availability

  • Free tier: Provided on a best-effort basis with no uptime guarantees or SLA. We aim for high availability but do not guarantee uninterrupted access.
  • INTEL tier: Includes email support with a 48-hour response SLA during business days.
  • Maintenance: We may perform scheduled or emergency maintenance that temporarily affects Service availability. We will make reasonable efforts to notify users in advance of planned maintenance.
  • Modifications: We reserve the right to modify, suspend, or discontinue any part of the Service at any time. For paid features, we will provide reasonable notice before discontinuing functionality.

10. Limitation of Liability

RuleMesh provides compliance guidance, not legal advice. Our structured requirements, control mappings, and verification outputs are tools to support your compliance efforts. They are not a substitute for professional legal advice, and using the Service does not guarantee compliance with any law or regulation.

  • Evidence signals: Evidence and compliance signals generated by the Service are implementation records, not legal proof of compliance. They support your governance workflow but do not replace independent legal or audit assessment.
  • Human review: Compliance decisions should always involve human review. The Service is designed to assist, not replace, your compliance team's judgment.
  • As-is basis: The Service is provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
  • Liability cap: To the maximum extent permitted by applicable law, Basically AB's total liability to you for any claims arising from or related to the Service shall not exceed the amount you paid us in the 12 months preceding the claim, or EUR 100, whichever is greater.
  • Exclusions: We shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill, regardless of whether we were advised of the possibility of such damages.

11. Acceptable Use

You agree not to use the Service to:

  • Violate any applicable law or regulation
  • Infringe on the intellectual property rights of others
  • Interfere with or disrupt the Service or its infrastructure
  • Attempt to gain unauthorised access to any part of the Service
  • Use automated means to scrape, crawl, or extract data from the Service beyond what is provided through our APIs
  • Resell, redistribute, or sublicence the Service or its content without our written consent

12. Changes to Terms

We may update these Terms from time to time. When we make material changes, we will:

  • Post the updated Terms on this page with a revised effective date
  • Notify registered users by email at least 30 days before the changes take effect
  • Provide a summary of what has changed

Your continued use of the Service after the effective date of updated Terms constitutes your acceptance of the changes. If you do not agree to the updated Terms, you should stop using the Service and cancel any paid subscriptions.

13. Governing Law and Disputes

These Terms are governed by and construed in accordance with the laws of Sweden, without regard to its conflict of law provisions.

Any disputes arising from or relating to these Terms or the Service shall be resolved by the courts of Stockholm, Sweden. For EU consumers, this does not affect any mandatory consumer protection rights under the laws of your country of residence.

14. Termination

  • By you: You may terminate your account at any time by contacting us at hello@rulemesh.com or through your account settings.
  • By us: We may suspend or terminate your access to the Service if you violate these Terms, engage in fraudulent activity, or if required by law. We will provide reasonable notice where possible.
  • Effect of termination: Upon termination, your right to use the Service ceases. Sections that by their nature should survive termination (including Intellectual Property, Limitation of Liability, Governing Law, and Data Protection) will survive.
  • Data after termination: We will retain your data for a reasonable period after termination to allow you to export it. After that period, we will delete your data in accordance with our data protection obligations.

15. Contact

If you have any questions about these Terms, please contact us:

Basically AB

Stockholm, Sweden

Email: hello@rulemesh.com

Website: rulemesh.com