Privacy Policy | CRAReady

Last updated: 15 April 2026

1. Who we are

CRAReady ("we", "us", "our") operates the CRAReady platform at craready.com. We are the data controller for personal data processed through the platform.

2. Data we collect

We collect information you provide directly, including:

Account registration details (name, email, organisation)
Product and compliance data you enter into the platform
Vulnerability disclosure submissions (which may include technical details)
Payment information (processed via our payment provider — we do not store card numbers)

We also collect usage data automatically, including IP addresses, browser type, and pages visited, via server logs and analytics tools.

3. How we use your data

We use your data to:

Provide and operate the CRAReady platform
Send deadline alerts and compliance notifications you have opted into
Respond to support enquiries
Improve platform features and performance
Meet our legal obligations

4. Data sharing

We do not sell your personal data. We share data only with service providers who help us operate the platform (hosting, email delivery, payment processing) and only to the extent necessary for those services. We may disclose data if required by law.

5. Your rights

Under GDPR, you have the right to access, correct, export, or delete your personal data. You can request a data export from within your account settings, or contact us at privacy@craready.com.

6. Cookies

We use essential cookies required for the platform to function and optional analytics cookies. You can manage your cookie preferences via the banner shown on your first visit.

7. Data retention

We retain account data for as long as your account is active, plus 90 days following account closure (to allow recovery). Anonymised analytics data may be retained indefinitely.

8. Contact

For privacy-related questions, contact us at privacy@craready.com.