Privacy Policy

Last updated: June 17, 2026

1. Introduction

ComplyReady is an open beta service operated by its founder, Dragan, an individual based in Serbia. ComplyReady is not yet a registered company. In this Privacy Policy, "we", "us", and "our" refer to the founder operating ComplyReady. This policy explains how we collect, use, and protect your information when you use the Service, and it will be updated if a company is formed or paid plans are introduced.

2. Information We Collect

We collect the following types of information:

Account information: name, email address, company name, and password when you register.

Usage data: how you interact with the Service, features used, and actions taken within the platform.

Content you provide: security questionnaires, answers, policies, and company profile information you upload or create.

Connected-account data: read-only configuration and security findings from cloud and source-control accounts you choose to connect (see Section 4).

Technical data: IP address, browser type, device information, and cookies.

3. How We Use Your Information

We use your information to:

ComplyReady is free during open beta, so we do not collect or process any payment information. If paid plans are introduced, this policy will be updated to describe payment processing before any charges apply.

4. Connected Infrastructure Data

If you connect a cloud or source-control account — Amazon Web Services (AWS), Google Cloud, DigitalOcean, OpenStack, or GitHub — the Service reads from it to assess your security posture. This is a core part of how ComplyReady works, so we explain it clearly:

What we access: read-only configuration and metadata needed to run security checks — for example encryption settings, IAM and access configuration, logging configuration, and repository and branch-protection settings.

What we do not do: we never modify, create, or delete anything in your accounts; we do not access the application data or customer data stored inside those systems; and we do not store your cloud credentials. We store connection identifiers and role references (such as an IAM role ARN or external ID) and use short-lived, read-only access to perform each scan.

What we keep: the results of each scan — which checks passed or failed and the related resource references — so we can show you your posture over time and help answer security questionnaires from verified data.

Your control: you can disconnect a connected account at any time, which stops all further access. You can also revoke access directly in your provider.

5. AI Processing

Content you upload (security questionnaires and company profile information) is sent to Anthropic's API to generate draft answers and policies. We do not use your content to train AI models, and the content is processed only to provide the Service to you.

6. Service Providers and Data Sharing

We do not sell your personal data. We share data only with the providers that help us run the Service, and only as needed to provide it:

These providers process data on our behalf under their own data protection and security terms. We will add a payment processor to this list if and when paid plans launch. We may also disclose information where required by law, court order, or a governmental authority.

7. Data Storage and Security

Your account data and content are stored in a managed Supabase (PostgreSQL) database. ComplyReady is operated from Serbia. We apply security measures including encryption in transit and at rest and access controls limiting who can access data. For the specific hosting region, contact us at privacy@complyready.io.

8. Data Retention

We retain your data for the duration of your account plus 30 days after deletion. You may request deletion at any time by deleting your account in Settings or contacting us at privacy@complyready.io.

9. Your Rights (GDPR)

If you are located in the European Economic Area you have the right to:

To exercise these rights contact: privacy@complyready.io

10. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies. You can control cookies through your browser settings.

11. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email. The updated policy will be posted on this page with a new effective date.

13. Contact

For privacy questions or to exercise your rights: privacy@complyready.io

ComplyReady — an open beta service operated by its founder, Serbia.