Skip to main content
ReadyRule homepageReadyRule

Privacy Policy

Last updated

Privacy quick actions

Introduction

ReadyRule (“we,” “our,” or “us”) operates the website https://www.readyrule.com and provides public-record search, optional email communications, and engagement services for paid customers. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

Information we collect

Information you provide

  • Email address: Required for newsletter subscription
  • ZIP code: Used to determine service availability in your area
  • Facility number: Optional, for personalized content
  • Phone number: Required for SMS compliance alerts (optional feature). Verified via one-time code before SMS can be enabled.
  • Payment information: Processed securely through Stripe for Pro subscriptions
  • AI chat data: Questions and messages you submit through our Compliance Chat Assistant, along with facility context used to generate responses

Information we collect automatically

  • Usage data: How you interact with our website and emails
  • Device information: Browser type, IP address, and device identifiers
  • Analytics: We use PostHog to understand user behavior and improve our service

How we use your information

  • Send you email communications you opted into
  • Provide personalized content based on your facility information
  • Process payments for Pro subscriptions
  • Generate AI-powered compliance responses through our Chat Assistant
  • Improve our service and user experience
  • Comply with legal obligations

Information sharing

We do not sell or rent your personal information. We may share your information with:

  • Service providers: Stripe (payments), Resend (emails), Supabase (database), PostHog (analytics), OpenAI (AI chat processing), Twilio (SMS messaging)
  • Legal requirements: When required by law or to protect our rights

AI data handling

Our Virtual Admin application includes AI-powered features that process your data through third-party AI providers. Here is how your data is handled:

What data is sent to OpenAI

When you use the Compliance Chat Assistant, the following information is sent to OpenAI’s API for processing:

  • Your chat messages and questions
  • Relevant facility context (facility number, type, and compliance data) to generate personalized responses
  • Relevant regulatory text retrieved from our database to provide accurate answers

OpenAI data policies

  • We use OpenAI’s API, which does not use your data to train their models
  • OpenAI may retain API inputs and outputs for up to 30 days for abuse monitoring purposes, after which they are deleted
  • We do not send your email address, payment information, or account credentials to OpenAI

Chat history storage

  • Your chat conversations are stored in our database (hosted on Supabase) to provide conversation history and continuity
  • Chat history is associated with your account and facility for personalization
  • You may request deletion of your chat history at any time by contacting us or deleting your account

SMS data and consent

If you opt in to receive SMS Compliance Alerts, we collect your mobile phone number and SMS consent status. This information is used solely to deliver the messages you have requested.

We do not share, sell, or distribute your SMS opt-in data, phone number, or messaging consent with any third parties for marketing or any other purpose. Text messaging originator opt-in data and consent will not be shared with any third parties.

SMS messages are delivered through our messaging provider, Twilio. Twilio processes your phone number solely for message delivery and does not use it for their own marketing purposes.

Data security

We implement appropriate security measures to protect your personal information. Payment information is processed securely through Stripe and is not stored on our servers. AI chat data is transmitted securely via encrypted connections to our AI providers.

California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose
  • Right to delete: You can request deletion of your personal information, subject to certain exceptions
  • Right to opt out: You have the right to opt out of the sale of your personal information (we do not sell personal information)
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your CCPA rights:

General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the GDPR:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data (“right to be forgotten”)
  • Right to restriction: Request limited processing of your personal data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Not be subject to solely automated decision-making

Legal basis for processing:

  • Consent: When you subscribe to our newsletter
  • Contract: To provide our services to you
  • Legitimate interests: To improve our services and communicate with you
  • Legal obligations: To comply with applicable laws

Your rights

Regardless of your location, you have the following rights:

  • Access and update your personal information
  • Unsubscribe from our newsletter at any time
  • Request deletion of your personal data
  • Opt out of analytics tracking
  • Lodge a complaint with your local data protection authority
We will respond to your privacy rights requests within 30 days (or 45 days for complex requests, with notice).

Data retention

We retain your personal information only as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Active subscribers: We retain your data while you maintain an active subscription
  • Unsubscribed users: Basic records may be retained for up to 3 years for legal compliance
  • Payment records: Retained for 7 years for tax and accounting purposes
  • Deletion requests: Audit logs of deletion requests are retained for 3 years for compliance verification
  • AI chat data: Chat conversations are retained while your account is active. OpenAI retains API data for up to 30 days for abuse monitoring

Children’s privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

Contact us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

Email: privacy@readyrule.com

Data Protection Officer: dpo@readyrule.com

Mailing address: ReadyRule, 2120 University Ave, Berkeley, CA 94704

Phone: 510-906-2395

This Privacy Policy is effective as of February 6, 2026 and will remain in effect except with respect to any changes in its provisions in the future.