Privacy Policy

Last updated: June 16, 2026

This Privacy Policy explains how AuditReady AI ("we", "us", "our") collects, uses, and protects personal information when you use our Service. We act as a Service Provider under the California Consumer Privacy Act (CCPA/CPRA) — we do not sell or share your personal information for cross-context behavioral advertising.

1. Information We Collect

Category	Examples	Source
Account info	Name, email, profile photo	GitHub / Google / Slack OAuth
Authentication tokens	OAuth access tokens	GitHub / Google / Slack
Compliance scan data	Branch protection status, security policy files, repo metadata	GitHub API (read-only)
Evidence you upload	Links, file names, notes you add to controls	You, directly
Billing info	Payment method, billing address	Stripe (we never see full card numbers)
Usage data	Pages visited, feature usage, login events	Automatically collected

2. How We Use Your Information

To provide and operate the Service, including running compliance scans and generating reports.
To process subscription payments via Stripe.
To send service-related communications (e.g., scan results, billing notices).
To improve the Service and develop new features.
To detect, prevent, and respond to fraud, abuse, or security incidents.

3. Data Security

All data is stored using encrypted, access-controlled infrastructure. Evidence and account data at rest are encrypted (AES-256 equivalent) by our infrastructure providers. OAuth tokens are stored server-side and are never exposed to other users. We minimize the personal data we retain from connected integrations — for example, GitHub scans read repository configuration signals (e.g., whether branch protection is enabled) rather than file contents wherever possible.

4. Evidence You Upload

Files, links, and notes you add to the Evidence Locker are stored to support your own compliance tracking. We do not scan, sell, or share this content with third parties. You are responsible for not including unnecessary personal data (e.g., employee SSNs, passwords) in evidence you upload — only upload what's needed to demonstrate a control.

5. Third-Party Service Providers

We use the following processors to operate the Service:

Stripe — payment processing
Upstash — encrypted data storage (Redis)
Vercel — hosting and infrastructure
Groq — AI model inference for report and policy generation (no data retained for training)
GitHub, Google, Slack — authentication and integration scanning, per the scopes you authorize

These providers are contractually restricted from using your data for any purpose other than providing services to us.

6. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose.
Delete your personal information, subject to certain exceptions.
Correct inaccurate personal information.
Opt out of the sale or sharing of personal information — we do not sell or share your data, so there is nothing to opt out of.
Non-discrimination — we will not deny you service or charge different prices for exercising these rights.

To exercise any of these rights, email vladavetisian@icloud.com. We will verify your identity before fulfilling requests.

7. Data Retention

We retain your account and compliance data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legal, billing, or fraud-prevention purposes.

8. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

9. International Users

Our infrastructure is hosted in the United States. By using the Service, you consent to the transfer and processing of your data in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the Service or email.

11. Contact Us

Questions, requests, or concerns about this Privacy Policy? Contact us at vladavetisian@icloud.com.