← Back to home

Privacy Policy

Last updated: 24 April 2026

1. Who we are

CRAready ("we", "us", "our") is an early-stage service that helps small software vendors prepare for the EU Cyber Resilience Act. This page is the pre-launch waitlist and marketing site at craready.io. A full legal notice (company name, registered address, EU representative details) will appear here when the operating entity is incorporated, and in any event before we collect payment from any customer.

2. What data we collect

On this pre-launch site we only collect:

  • Email address — the address you enter into the waitlist form.
  • Waitlist metadata— the form position on the page ("source"), whether you ticked the "I'd pay" box, and any UTM parameters on the URL you arrived from.
  • Timestamp — when you joined the waitlist.
  • Privacy-friendly analytics — Plausible Analytics measures page views and goals (e.g. waitlist signups). Plausible does not set cookies, does not collect personal data, and is GDPR / ePrivacy compliant by design. See plausible.io/data-policy.
  • Google Ads conversion tracking — if you submit the waitlist form after clicking one of our Google Ads, a conversion event is recorded. This may involve a short-lived Google cookie; it is only set on form submission, never on page visit.

We do not collect: IP addresses for marketing, device fingerprints, cross-site browsing history, or any data from your computer other than what you voluntarily type into our form.

3. Why we process your data (legal basis under GDPR)

  • Consent (Art. 6(1)(a) GDPR) — you submit the waitlist form voluntarily, which constitutes clear affirmative action.
  • Legitimate interest (Art. 6(1)(f) GDPR) — minimal analytics to understand which marketing channels work, without identifying individuals.

We do not rely on pre-ticked boxes, inferred consent, or bundled consents.

4. How we use your data

  • To send you a single launch announcement when CRAready opens beta.
  • To invite you to early-access pricing if you ticked the "I'd pay" box.
  • To understand the effectiveness of our marketing (aggregate, not individual).
  • To detect and prevent waitlist abuse (e.g. signups from disposable emails).

We do not sell your data, share it with data brokers, run retargeting ad campaigns against you, or hand your email to any third party outside the specific processors listed below.

5. Who we share data with (sub-processors)

  • Supabase (database hosting — EU region where possible)
  • Vercel (web hosting)
  • Cloudflare (DNS + DDoS protection)
  • Plausible (analytics — EU-hosted, no personal data)
  • Google Ads (conversion measurement only, no retargeting)
  • Resend (transactional email for launch announcements)

Each processor operates under its own data processing agreement and standard contractual clauses for international data transfers where relevant.

6. How long we keep it

Waitlist emails are kept until 30 days after our public launch, or 12 months from signup — whichever is sooner — at which point we either convert you to an active customer or delete your record. You can ask us to delete your data at any time before then.

7. Your rights under GDPR

As an EU/UK resident you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your national data protection authority

To exercise any of these rights, email us at privacy@craready.io. We respond within 30 days.

8. EU representative (Art. 27 GDPR)

If we are established outside the EU when you read this, an EU Representative will be appointed before the commercial product launch and named here. Until then, you may direct any GDPR inquiry to privacy@craready.io and we will route it to the eventual representative within the statutory window.

9. Changes to this policy

We may update this policy as the product evolves. The "Last updated" date at the top of the page reflects the most recent material change. Significant changes that affect your rights will be communicated by email before they take effect.

10. Contact

Questions: privacy@craready.io