PRIVACY POLICY: RATIO READY
Last updated: March 3, 2026
Version: 2.0
1. Introduction and Scope
This Privacy Policy describes how Your Brand Assistant LLC ("RatioReady," "we," "us," or "our") collects, protects, and processes personal information through our website (ratioready.com), our REST API, and our associated image-processing services. We act as the Data Controller for your account information and a Data Processor for the images and metadata you upload.
2. Legal Basis for Processing (GDPR/UK GDPR)
In accordance with Article 6 of the GDPR, we process your data under the following legal bases:
- Contractual Necessity: To provide the image-upscaling and ratio-conversion services you purchase.
- Legitimate Interests: To protect our Service from fraud, prevent competitive "scraping," and ensure the security of our Hetzner-based infrastructure.
- Consent: For marketing communications (which you may withdraw at any time).
- Legal Obligation: For tax reporting and compliance with the EU AI Act's transparency requirements.
3. Comprehensive Data Categorization
We collect and process the following categories of data:
| Category | Specific Data Points | Purpose of Processing |
|---|---|---|
| Identity Data | Email address, User ID, Auth tokens. | Account management and security. |
| Financial Data | Transaction ID, Credit balance, Billing history. | Payment verification via Fungies Inc. |
| Technical Data | IP address, Browser type, Time zone, Device ID. | Bot detection and infrastructure optimization. |
| Content Data | Uploaded images, PSD templates, SEO strings. | Temporary processing only. Deleted within 24h. |
| Usage Data | API endpoints hit, Processing logs, Error rates. | Debugging and preventing service abuse. |
4. AI Transparency & Automated Processing
4.1 AI Disclosure
In compliance with the EU AI Act, we disclose that RatioReady utilizes Generative AI and Machine Learning models for image upscaling and noise reduction.
4.2 Automated Decision-Making
We use automated systems (Cloudflare Bot Management) to detect and block malicious traffic. If your account is flagged, you have the right to request a human review of the decision by contacting support.
4.3 No Model Training
We strictly guarantee that User Content is never used to train foundational AI models. Your intellectual property is processed in an isolated environment and purged immediately.
5. Data Residency and Global Transfers
5.1 EU Hosting
Our primary database and application servers are located in Germany (EU) at Hetzner Online GmbH.
5.2 Sub-processors
To provide global-scale AI processing, we utilize the following trusted partners:
| Partner Category | Location | Function |
|---|---|---|
| Identity & Auth | US / EU | Secure login & JWT management. |
| Cloud Database | EU | Account & credit metadata storage. |
| AI Inference | US (Encrypted) | GPU-accelerated upscaling logic. |
| Object Storage | Global (Edge) | Temporary storage for ZIP batch delivery. |
5.3 Safeguards
For transfers to the US, we rely on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework to ensure your data receives an equivalent level of protection to that provided within the EEA.
6. Retention and Purge Policy
We adhere to the principle of Data Minimization:
- Image Assets: Deleted automatically 30 minutes after successful processing.
- Batch ZIPs: Deleted automatically after 24 hours.
- Account Data: Retained for the duration of your active subscription.
- Financial Records: Retained for 7 years as required by international tax laws.
7. Your Rights and Controls
Depending on your jurisdiction (GDPR, CCPA, etc.), you have the following rights:
- Right to Know/Access: Request a report of what data we hold about you.
- Right to Erasure: Request that we delete your account and all associated metadata.
- Right to Portability: Request a machine-readable export of your usage history.
- Global Privacy Control (GPC): Our systems are configured to recognize and honor GPC signals from your browser.
- Do Not Sell/Share: RatioReady does not sell or share your personal information with third-party advertisers.
8. California-Specific Disclosures (CCPA/CPRA)
- Sensitive Information: We do not collect "Sensitive Personal Information" (e.g., SSNs, biometric data, or precise geolocation).
- Notice at Collection: We collect the categories of data listed in Section 3 for the business purposes described in Section 2.
- Opt-Out: Since we do not sell data, there is no "Opt-Out of Sale" link required; however, you may limit our use of usage data by contacting support.
9. Security Architecture
We implement an "Encryption-First" policy:
- In-Transit: All API calls and web traffic use TLS 1.3.
- At-Rest: Databases are encrypted using AES-256.
- Infrastructure: Our Hetzner environment is protected by hardware firewalls and isolated VPCs.
- Access: We utilize the "Principle of Least Privilege" (PoLP) for our internal support team.
10. Contact and Data Protection Officer
For any inquiries regarding your data, or to lodge a formal complaint, please contact:
Data Protection Officer
Your Brand Assistant LLC
Email: [email protected]