Legal

Privacy Policy

Last updated: 15 February 2026

RiskReady ("we", "us", "our") operates the riskready.cloud website and the RiskReady compliance platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

RiskReady is an AI-powered Governance, Risk, and Compliance (GRC) platform that helps organisations achieve and maintain compliance with frameworks such as ISO 27001, SOC 2, DORA, and NIS2.

1. Information We Collect

We collect the following categories of information:

Waitlist and Account Information

When you join our waitlist or create an account, we collect your name, email address, and company name. This information is provided directly by you through our waitlist form or registration process.

Compliance Data

When you use the RiskReady platform, you may store compliance-related data including risk registers, controls, policies, evidence artefacts, audit reports, and organisational context. This data is entered and managed by you and your authorised users.

Usage Data

We automatically collect technical information such as your IP address, browser type, operating system, pages visited, and interaction patterns. This helps us improve the platform and diagnose issues.

AI Interaction Data

When you use RiskReady's AI features, we process the prompts and context you provide to generate compliance recommendations. AI proposals are recorded alongside your approval or rejection decisions, forming part of your audit trail.

2. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain the RiskReady platform
  • To process your waitlist registration and communicate service availability
  • To generate AI-powered compliance recommendations, risk assessments, and policy drafts
  • To maintain audit trails of all actions and AI proposals within your account
  • To send service-related communications, including security alerts and product updates
  • To improve our platform, including analysing usage patterns and performance
  • To respond to your enquiries and provide customer support
  • To comply with legal obligations and enforce our terms

3. Data Storage and Security

All data is processed and stored within the European Union. We implement industry-standard technical and organisational measures to protect your data, including encryption at rest and in transit, access controls, and regular security assessments.

Instance Isolation

All paid customers receive dedicated, isolated instances. Your compliance data — including risks, controls, policies, and evidence — is logically and physically separated from other customers' data. Community Edition users who self-host retain full control of their own data.

4. Third-Party Services

We use the following third-party services to operate our platform:

  • Anthropic (Claude) — powers our AI compliance features via the Model Context Protocol (MCP). Prompts and context are sent to generate recommendations; Anthropic's data usage policies apply to API interactions.
  • Cloud Infrastructure Providers — we use EU-based hosting for data storage and processing.
  • Email Services — for transactional and waitlist communications.
  • Analytics — for understanding website usage and improving our services.

We do not sell your personal data to third parties. We only share data with service providers who are contractually bound to process it on our behalf and in accordance with this policy.

5. Cookies

We use cookies and similar technologies to maintain session state, remember your preferences, and analyse site usage. These include:

  • Essential Cookies — required for the platform to function, including authentication and session management.
  • Analytics Cookies — help us understand how visitors interact with our website so we can improve the experience.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — request a copy of the personal data we hold about you.
  • Right to Rectification — request correction of inaccurate or incomplete data.
  • Right to Erasure — request deletion of your personal data, subject to legal retention obligations.
  • Right to Restrict Processing — request that we limit how we use your data.
  • Right to Data Portability — receive your data in a structured, machine-readable format.
  • Right to Object — object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@riskready.cloud. We will respond to your request within 30 days.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specifically:

  • Waitlist data — retained until you gain platform access or request removal.
  • Account data — retained for the duration of your account and for a reasonable period after closure for legal and audit purposes.
  • Compliance data — retained as long as your subscription is active. Upon termination, you may export your data before it is deleted in accordance with our data retention schedule.
  • Audit trails — retained for the period required by applicable compliance frameworks and regulations.

8. Children's Privacy

RiskReady is a business-to-business platform and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

We encourage you to review this policy periodically to stay informed about how we protect your data.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@riskready.cloud

Website: riskready.cloud

Limited Availability

Apply for
Founding Member Access

Only 22 of 30 spots remaining. Get early access, shape the product, and lock in launch pricing forever.

From $7.2K/year vs $200K+ CISO salary

Founding member benefits:

Lock in launch pricing forever
Direct access to product team
Shape the roadmap
30-day money-back guarantee
Typical costs without RiskReady:
CISO salary$200-350K/yr
Consulting firms$150-500K
RiskReadyFrom $7.2K/yr