Privacy Policy

Last updated: May 2025

CE Ready is operated by Applied AI Ltd, a company registered in England and Wales. This policy explains how we collect, use, and protect your personal data when you use ce-ready.com.

1. Data we collect

When you use CE Ready we may collect:

• Account data — name, email address, company name, and password (stored as a bcrypt hash).
• Assessment data — product descriptions and answers you provide when running a compliance assessment.
• Billing data — payment is handled by Stripe. We store your Stripe customer ID but never see full card numbers.
• Usage data — server logs including IP addresses and request timestamps, retained for up to 30 days for security purposes.
• Documents — files you upload to your project workspace are stored encrypted in Cloudflare R2.

2. How we use your data

• To provide and improve the CE Ready service.
• To process payments and manage your subscription.
• To send transactional emails (assessment completion, project activation, password reset). We do not send marketing emails unless you opt in.
• To comply with legal obligations.

3. Legal basis (UK GDPR)

We process your data on the basis of: (a) contract performance — to deliver the service you signed up for; (b) legitimate interests — to prevent fraud and improve security; and (c) consent — for any optional communications you agree to receive.

4. Data sharing

We do not sell your data. We share data only with:

• Stripe — for payment processing (their privacy policy applies).
• Resend — for transactional email delivery.
• Anthropic — assessment text is sent to Claude AI for analysis. Anthropic's API data processing terms apply; inputs are not used to train models.
• Cloudflare — for file storage and infrastructure.
• Neon — for database hosting (data is stored in EU regions).

5. Data retention

Account data is retained for as long as your account is active. You can request deletion at any time. Assessment data associated with paid projects is retained for the lifetime of the project workspace (12 months from payment, unless renewed). Billing records are retained for 7 years for legal compliance.

6. Your rights

Under UK GDPR you have the right to: access your data, correct inaccuracies, request deletion, restrict processing, and data portability. To exercise any right, email privacy@ce-ready.com.

7. Cookies

CE Ready uses a single session cookie to keep you signed in. We do not use tracking cookies or third-party advertising cookies. No consent banner is required for strictly necessary cookies.

8. Security

All data is transmitted over HTTPS. Passwords are hashed with bcrypt. Documents are stored with server-side encryption. Access to production systems is restricted to authorised personnel.

9. Contact

Applied AI Ltd · Data Controller
Email: privacy@ce-ready.com
For complaints you may also contact the ICO: ico.org.uk