Privacy Policy

Last updated: 29 April 2026

1. Who We Are

EUActReady Ltd. ("EUActReady", "we", "us", "our") operates the EUActReady platform and website. We are the data controller for personal data processed in connection with the Service.

Email: hello@euactready.ie

2. What Personal Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and password (stored in hashed form) when you register.
  • Assessment data: answers you provide through our compliance questionnaire, including information about your organisation and its AI systems.
  • Usage data: pages visited, features used, timestamps, and IP address.
  • Payment data: billing name and address; card details are processed directly by our payment provider (Stripe) and are not stored on our servers.
  • Communications: messages and enquiries you send to us via email or our contact form.
  • Cookie data: as described in our .

3. Legal Bases for Processing

We process your personal data on the following legal bases under the GDPR:

  • Contract performance (Art. 6(1)(b)): to provide the Service you have subscribed to, including generating assessments and compliance documents.
  • Legitimate interests (Art. 6(1)(f)): to improve the Service, detect and prevent fraud or abuse, and for internal analytics. We have assessed that these interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable law, including tax and accounting obligations.
  • Consent (Art. 6(1)(a)): for non-essential cookies and any direct marketing communications, where you have given consent.

4. How We Use Your Data

  • To create and manage your account;
  • To process your compliance assessments and generate documents;
  • To process payments and send billing-related communications;
  • To send service-related notifications (e.g., regulatory updates relevant to your profile);
  • To respond to your support enquiries;
  • To improve, maintain, and secure the Service;
  • To comply with legal and regulatory obligations.

5. Data Sharing and Transfers

We do not sell your personal data. We may share it with:

  • Supabase Inc.: our cloud database and authentication provider. Data is stored in the EU (Ireland) region.
  • Stripe Inc.: our payment processor. Stripe's privacy policy applies to data they collect.
  • Law enforcement or regulators: where required by applicable law or court order.

Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion we may retain certain data for up to 7 years where required for tax, legal, or fraud-prevention purposes.

Assessment data is retained for the duration of your subscription and deleted within 90 days of account closure, unless you request earlier deletion.

7. Your Rights

Under the GDPR you have the following rights:

  • Access: to obtain a copy of the personal data we hold about you.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): to request deletion of your data in certain circumstances.
  • Restriction: to request that we limit the processing of your data in certain circumstances.
  • Portability: to receive your data in a structured, machine-readable format.
  • Objection: to object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at hello@euactready.ie. We will respond within one month. You also have the right to lodge a complaint with the Data Protection Commission (Ireland): www.dataprotection.ie.

8. Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption at rest and in transit, access controls, and regular security reviews.

No method of transmission over the Internet is 100% secure. In the unlikely event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

9. Children

The Service is not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact Us

EUActReady Ltd.
Email: hello@euactready.ie

Assessed, documented, and audit-ready. EU AI Act & GDPR compliance simplified for SMEs.

Navigate

Resources

  • Guidance
  • Tools
  • Documentation

Legal

© 2026 EUActReady. The Expert Partner for SME Compliance Readiness. All rights reserved.

EUActReady provides automated compliance documentation based on user-supplied information and public EU regulatory guidance. Documents are not a guarantee of regulatory compliance and should be reviewed by qualified legal counsel before relying on them in a formal audit or regulatory context. This does not constitute legal advice.