GDPR Compliance Statement

1. Overview

AgentReady is fully committed to compliance with the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679. As a European-based company, we process all data within the European Union and adhere to the highest standards of data protection and privacy.

2. Data Controller and Processor

2.1 Data Controller

For the personal data you provide directly to us (account information, billing details), agentfyo.com acts as the Data Controller. We determine the purposes and means of processing this data.

2.2 Data Processor

For your store data (product catalogs, pricing, metadata) that you authorize us to access through Shopify, AgentReady acts as a Data Processor. We process this data solely according to your instructions to provide AI readiness analysis and optimization services.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR:

• Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our services under our Terms of Service
• Legitimate Interest (Article 6(1)(f)): For security, fraud prevention, and service improvement purposes
• Consent (Article 6(1)(a)): For marketing communications and non-essential cookies (where applicable)
• Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations

4. Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

4.1 Right to Access (Article 15)

You have the right to request confirmation of whether we process your personal data and access to that data, including information about processing purposes, categories of data, and recipients.

4.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

4.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

4.4 Right to Restrict Processing (Article 18)

You have the right to request restriction of processing when you contest the accuracy of the data, processing is unlawful, or we no longer need the data but you require it for legal claims.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

4.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interest, including profiling for direct marketing purposes.

4.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at privacy@agentready.io. We will respond to your request within 30 days of receipt. We may request additional information to verify your identity before processing your request.

6. Data Transfers Outside the EU

AgentReady primarily processes all data within the European Union. When we transfer data to third-party service providers located outside the EU/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries recognized by the EU as providing adequate data protection
• Binding Corporate Rules where applicable

7. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security audits and penetration testing
• Employee training on data protection
• Incident response procedures
• EU-based data centers with ISO 27001 certification

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority where required.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account data: Retained while your account is active, then deleted within 30 days of account closure
• Scan results: Retained for 12 months to provide historical analysis
• Billing records: Retained for 7 years to comply with tax and accounting requirements
• Security logs: Retained for 90 days for security monitoring purposes

10. Special Category Data

AgentReady does not collect or process special category data (sensitive personal data) as defined in Article 9 of GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

11. Children's Data

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected such data without parental consent, we will take steps to delete it immediately.

12. Third-Party Processors

We engage the following third-party processors, all of whom have appropriate data processing agreements in place:

• Clerk: Authentication and identity management
• Stripe: Payment processing
• Shopify: Store data access via API (with your authorization)
• Cloud Infrastructure Providers: EU-based hosting services

13. GDPR Representative

For customers located outside the European Union who require a GDPR representative, we have appointed a representative within the EU. Contact us at privacy@agentready.io for details.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of GDPR occurred. Our primary supervisory authority is:

15. Contact Information

For all GDPR-related inquiries, including requests to exercise your rights, please contact: