Privacy Policy

1. Scope and Roles

This Privacy Policy applies to:

• Account holders - people who sign up for and use Ready ("Users").
• Meeting participants - people who join meetings hosted by Users that include the Ready AI assistant.
• Visitors - people who browse ready.app.

For meeting content (recordings, transcripts, AI outputs), Users act as the controller of that content for their meetings, and we process it on Users' behalf in order to provide the Service. Users are responsible for the lawfulness of the meetings they host and for obtaining any consents required from meeting participants (see our Terms of Use, Section 5). Where required by law, we will enter into a data processing agreement with Users.

For account information, billing data (where applicable), service operations, and security, we are the controller.

2. Information We Collect

2.1 Information You Provide

• Account information. When you sign up using Google or Microsoft OAuth, we receive your name, email address, profile image, and the unique account identifier from the provider, along with the OAuth scopes you authorize.
• Profile and configuration data. Settings, preferences, AI agent configurations, automation workflows, and any custom prompts or instructions you provide.
• Communications. Messages you send us (e.g., support emails, beta feedback).

2.2 Information from Connected Integrations

When you authorize Ready to connect to third-party services - including Google (Google Calendar and Gmail), Microsoft (Outlook Calendar and Outlook Mail), Linear, or other tools you connect - we access only the data and capabilities you grant via that service's OAuth consent flow, and only as needed to provide the features you use.

2.3 Meeting Content

Every Ready meeting is automatically recorded, transcribed, and processed by AI as a core function of the Service. As a result, we process:

• Audio and video captured from meetings the Service joins;
• Transcripts generated from that audio;
• Meeting metadata such as participant names, email addresses, timestamps, calendar event details, and meeting titles;
• AI outputs such as summaries, notes, Tasks, action items, extracted entities, coaching feedback, and other generated content;
• Files and content shared in the meeting if processed by the Service.

We process meeting content to provide the AI assistant during the meeting, generate transcripts and summaries, run post-meeting workflows you configure, and otherwise deliver the Service.

2.4 Usage, Device, and Log Information

• Device and technical information such as IP address, browser type, operating system, device identifiers, and language settings.
• Usage data such as features used, pages viewed, actions taken, and timestamps.
• Log and diagnostic data for security, debugging, abuse prevention, and reliability.

2.5 Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand usage. We do not use third-party advertising cookies or sell your data for advertising. You can control cookies through your browser settings, though some features may not work without them.

3. How We Use Information

We use the information described above to:

• Provide the core Service, including hosting meetings, recording, transcribing, generating summaries, running AI agents, and executing automated workflows;
• Authenticate Users and secure accounts;
• Maintain, debug, monitor, and improve the Service (including aggregate, de-identified usage analysis, prompt and reliability tuning, UX improvements, and safety measures);
• Communicate with you about the Service, including beta updates, bug responses, and important notices;
• Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Use;
• Comply with legal obligations, respond to lawful requests, and enforce our agreements.

We do not use customer meeting audio, video, transcripts, prompts, files, or AI outputs to train our own general-purpose AI models. We also configure our AI providers, where available, so that data sent via their APIs is not used to train their models.

We may use aggregate or de-identified data, logs, and feedback to improve the Service, refine prompts, improve reliability and UX, and improve safety - but not to train foundation models on user meeting content.

4. Legal Bases for Processing (EEA / UK Users)

If you are in the European Economic Area or United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

• Performance of a contract - to provide the Service you requested under our Terms of Use.
• Legitimate interests - to operate, secure, and improve the Service; prevent fraud and abuse; and communicate with Users about the Service. We balance these interests against your rights and freedoms.
• Consent - where required (for example, certain optional features or specific data uses). You may withdraw consent at any time.
• Legal obligation - where processing is required by applicable law.

For meeting content processed on a User's behalf, the User is responsible for establishing the legal basis for processing under applicable law, including obtaining any required consents from meeting participants.

5. Sub-processors and Third Parties We Share With

We rely on the following third-party providers ("sub-processors") to operate the Service. They process data only on our instructions and under contractual confidentiality and security obligations.

We may also share information:

• At your direction - for example, when you authorize an automated workflow to send an email, create a calendar event, or update a record in a connected service.
• With law enforcement or in response to legal process - where required by valid legal process or to protect rights, safety, property, or to comply with applicable law.
• In the event of a business transfer - if we transition the Service to a legal entity (for example, a future LLC or corporation formed to operate the Service) or transfer the Service to another operator, information may be transferred as part of that transaction, subject to confidentiality.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

This sub-processor list may change as the Service evolves. We will update this policy when we add or replace material sub-processors.

6. Google API Services User Data Policy and Limited Use

Ready's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use Google user data only to provide or improve user-facing features of Ready that are prominent and requested by the User.
• We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with the User's consent.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data, except (a) with the User's affirmative agreement for specific messages, (b) as necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and de-identified for internal operations consistent with the User Data Policy.

The same principles apply to our handling of Microsoft user data.

7. International Transfers

We are based in the United States, and our sub-processors primarily process data in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and other countries that may have different data-protection laws than your country.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards permitted by applicable law, such as the European Commission's Standard Contractual Clauses (SCCs), the UK Addendum, or equivalent mechanisms offered by our sub-processors. You may request more information about these safeguards by contacting us.

8. Data Retention

We retain personal information only as long as needed for the purposes described in this policy, then delete or de-identify it. Specifically:

• Temporary audio and recording segments - retained only as long as needed to generate and improve transcripts, then automatically deleted. In any event, raw audio is deleted within 30 days.
• Transcripts, notes, Tasks, AI outputs, and meeting metadata - retained until the User deletes the meeting, deletes the workspace, deletes their account, or requests deletion. Users can delete this content at any time.
• Account information - retained while the account is active and deleted (or de-identified) within a reasonable period after account deletion, except where retention is required by law.
• Logs and diagnostic data - retained for up to 90 days for security, debugging, abuse prevention, and reliability.
• Backups - automated backups may persist for a limited additional period before standard deletion cycles complete; deleted data is not actively retrieved from backups but is overwritten in the normal course.

We may retain limited information longer where required by law, to resolve disputes, or to enforce our agreements.

9. Security

We use reasonable administrative, technical, and organizational measures to protect personal information, including encryption in transit (TLS), encryption at rest where supported by our sub-processors, access controls, OAuth-based authentication, and monitoring.

However, no system is perfectly secure. You should not transmit highly sensitive data (such as protected health information, regulated financial data, or government-classified information) through the Service. If you become aware of any security issue, please contact us at info@ready.app.

10. Your Rights

10.1 Rights Under GDPR / UK GDPR (EEA, UK, Switzerland)

If you are in the EEA, UK, or Switzerland, you have the following rights, subject to applicable limits:

• Access - request a copy of personal data we hold about you.
• Rectification - correct inaccurate or incomplete data.
• Erasure - request deletion of your data ("right to be forgotten").
• Restriction - limit how we process your data in certain circumstances.
• Portability - receive your data in a structured, commonly used, machine-readable format.
• Objection - object to processing based on legitimate interests.
• Withdraw consent - where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
• Lodge a complaint - with your local data protection authority (e.g., the UK ICO, the Irish DPC, or the authority in your country of residence).

To exercise these rights, contact us at info@ready.app. We may need to verify your identity before responding.

10.2 Rights Under California Law (CCPA / CPRA)

If you are a California resident, you have the following rights, subject to applicable limits:

• Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
• Right to access and portability - request a copy of your personal information.
• Right to delete personal information we hold about you.
• Right to correct inaccurate personal information.
• Right to limit use of sensitive personal information in certain circumstances.
• Right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information for cross-context behavioral advertising.
• Right to non-discrimination for exercising your rights.

You may exercise these rights by contacting us at info@ready.app. You may also designate an authorized agent to act on your behalf.

10.3 Rights for Other Jurisdictions

Residents of other jurisdictions (such as Virginia, Colorado, Connecticut, Texas, Brazil, and Canada) may have similar rights under applicable law. Contact us to exercise any rights you have.

10.4 Meeting Participants

If you are a meeting participant (not a Ready User) and want to exercise rights regarding meeting content, please contact the meeting host first, as they are the controller of that content. You may also contact us, and we will assist where required by law and where we can identify your data.

11. Children

The Service is not directed to, and we do not knowingly collect personal information from, anyone under 18 years of age. If you believe a child has provided personal information through the Service, contact us and we will delete it.

12. Automated Decision-Making and AI

The Service uses AI to generate transcripts, summaries, Tasks, suggestions, drafted communications, and other outputs. These outputs are intended to assist you and are not solely automated decisions producing legal or similarly significant effects on you within the meaning of GDPR Article 22. AI output may be inaccurate, incomplete, or biased - you are responsible for reviewing it before relying on it. See our Terms of Use, Section 7.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and, where appropriate, notify you by email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact

For questions, concerns, or to exercise any rights described in this policy:

Email: info@ready.app
Operator: Individual operator of Ready (ready.app)