This Privacy Policy explains how Super Easy EOOD ("we", "us", "our"), a company registered in Bulgaria (EIK 207122172, str. Iskurska 14, s. Negovan, Sofia), collects, uses, and protects your personal data when you use GenReady (genready.ai).
We take your privacy seriously. We collect only what we need, we don't sell your data, and we give you full control over your information.
1. Who we are
| Company | Super Easy EOOD (Супер изи ЕООД) |
| EIK | 207122172 |
| Address | str. Iskurska 14, s. Negovan, Sofia, Bulgaria |
| Owner | Kristiyan Lukanov |
| Contact | kris@genready.ai |
For the purposes of the EU General Data Protection Regulation (GDPR), Super Easy EOOD is the data controller for the personal data described in this policy.
2. What data we collect
2.1 Account information
When you create an account, we collect:
- Email address - to identify your account and send service-related communications
- Username - to personalize your experience
- Password (hashed) - if you register with email/password
- Google account ID - if you sign in with Google OAuth
- Profile avatar - if you upload one
2.2 Scan and analysis data
When you scan a website, we collect and store:
- The URL you submitted for analysis
- Extracted text and HTML content from the scanned page
- Analysis results, including AI readiness scores, recommendations, and metadata (author, publish date, schema markup)
- Page screenshot captured during analysis
This data is stored in your account so you can review your scan history and track improvements over time.
2.3 Support messages
When you submit a support ticket, we collect your name, email address, and the content of your message. This is sent to us via email and used solely to respond to your inquiry.
2.4 Analytics
We use Umami, a privacy-focused, cookie-less analytics tool that we self-host. It collects anonymous, aggregated usage data such as page views, referral sources, and device types. No cookies are set, no personal data is collected, and no data is shared with third parties. Individual visitors cannot be identified.
2.5 Security data
To protect the service from abuse, we may log IP addresses in connection with rate limiting and automated attack detection. This data is used solely for security purposes.
3. How we use your data
We use your personal data to:
- Provide the service - run scans, generate reports, and display your history
- Authenticate you - verify your identity when you log in
- Communicate with you - respond to support requests and send essential service notifications (e.g. password resets)
- Protect the service - detect and prevent abuse, fraud, and security threats
- Improve the service - understand usage patterns through anonymous analytics
We do not use your data for advertising, profiling, or automated decision-making that produces legal effects.
4. Legal basis for processing (GDPR)
We process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b)) - processing necessary to provide the service you signed up for
- Legitimate interest (Art. 6(1)(f)) - security, fraud prevention, and service improvement through anonymous analytics
- Consent (Art. 6(1)(a)) - where you voluntarily provide data, such as when submitting a support ticket
5. Third-party services
We use the following third-party services to operate GenReady:
| Service | Purpose | Data shared |
|---|---|---|
| Hetzner (EU company, US servers) | Hosting infrastructure | All data is stored on Hetzner servers |
| Neon | Managed PostgreSQL database | Account data, scan results |
| Google OAuth | Social sign-in | Google account ID (only if you choose Google sign-in) |
| Cloudflare Turnstile | Bot protection (CAPTCHA) | Browser signals for verification |
| Resend | Transactional email | Email address (for password resets and support replies) |
| AI providers (OpenAI, Anthropic, Google, Groq) | Content analysis | Extracted page text (for analysis only, not stored by providers for training) |
| Polar (polar.sh) | Payment processing (merchant of record) | Email address, billing information, payment details |
We do not sell, rent, or trade your personal data to anyone.
6. International data transfers
Our servers are hosted in the United States by Hetzner, a European company headquartered in Germany. Some third-party services may also process data outside the European Economic Area (EEA).
Where data is transferred outside the EEA, we rely on:
- The EU-U.S. Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
7. Data retention
We retain your personal data indefinitely for as long as your account is active. When you delete your account, we delete all associated personal data, including scan reports and analysis history.
Security logs (IP-based rate limiting data) are retained for up to 90 days and then automatically purged.
8. Your rights
Under the GDPR, you have the right to:
- Access - request a copy of the personal data we hold about you
- Rectification - ask us to correct inaccurate data
- Erasure ("right to be forgotten") - ask us to delete your data
- Portability - receive your data in a structured, machine-readable format
- Restriction - ask us to limit how we process your data
- Objection - object to processing based on legitimate interest
- Withdraw consent - where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, email us at kris@genready.ai. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP) at cpdp.bg.
9. Cookies
GenReady uses a single essential cookie (auth-token) to keep you logged in. This is a strictly necessary cookie and does not require consent under GDPR.
We do not use tracking cookies, advertising cookies, or any third-party cookies. Our analytics solution (Umami) is fully cookie-less.
10. Age requirement
GenReady is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete it.
11. Security
We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, rate limiting, and automated attack detection. However, no method of electronic transmission or storage is 100% secure.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by posting a notice on the site or sending you an email. The "Last updated" date at the top reflects the latest revision.
13. Contact
If you have any questions about this Privacy Policy or how we handle your data, contact us:
- Email: kris@genready.ai
- Support page: genready.ai/support
- Company: Super Easy EOOD (Супер изи ЕООД), EIK 207122172, str. Iskurska 14, s. Negovan, Sofia, Bulgaria