Security
Last updated: 27 May 2026
Security is fundamental to AI Ready. This page describes the measures we take to protect your account, your data, and the website content you submit. It is informational and does not form part of any contract. For data-handling details, see our Privacy Policy.
The statements below should reflect your actual production setup. Markers tagged
[CONFIRM]indicate where you must verify or replace details before publishing.
Data we handle
AI Ready processes three kinds of data: account and billing data, website content you submit for analysis, and analysis outputs such as summaries, scores, and test results. We collect only what is needed to run the Service and we minimize retention where practical.
Data in transit
All traffic between your browser, our servers, and third-party providers is encrypted using TLS. We do not transmit submitted content or credentials over unencrypted connections.
Data at rest
Data stored by the Service is encrypted at rest. Credentials are stored using salted, one-way hashing and are never stored in plaintext.
Infrastructure and hosting
The Service runs on established cloud infrastructure with physical and network security managed by our hosting providers. Production environments are isolated from development and testing environments.
Third-party AI providers
To test how AI systems understand and cite your content, the Service sends submitted page content to third-party AI providers, which may include OpenAI, Anthropic, Google, and Perplexity. We send only the content required for the requested operation, over encrypted connections. Each provider processes data under its own security and privacy commitments. A current list of sub-processors is available on request.
Access controls
Access to production systems and customer data is restricted to authorized personnel on a least-privilege basis. Administrative access requires multi-factor authentication. We log access to sensitive systems.
Application security
We follow secure development practices, including code review, dependency management, and rate limiting on automated operations such as crawling and provider testing. We pin third-party SDK versions and monitor for breaking changes and known vulnerabilities.
Monitoring and logging
We monitor the Service for availability and suspicious activity and maintain logs to support troubleshooting and incident response.
Incident response
We maintain an incident response process to detect, investigate, and respond to security events. If a security incident affects your data, we will notify affected users and relevant authorities as required by applicable law.
Data retention and deletion
We retain data only as long as needed to provide the Service and meet legal obligations. You can request deletion of your account and associated data; see the Privacy Policy for details.
Compliance
We align our practices with recognized security standards and applicable data-protection laws, including the GDPR and CCPA where relevant. We do not currently hold formal certifications such as SOC 2 or ISO 27001.
Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@aiready.cat with details and steps to reproduce. We ask that you:
- Give us a reasonable opportunity to investigate and remediate before public disclosure.
- Avoid accessing or modifying data that does not belong to you.
- Avoid actions that could degrade the Service for others, such as denial-of-service testing.
We will acknowledge valid reports and work to resolve confirmed issues promptly. We do not currently operate a paid bug bounty program.
Contact
For security questions or to report a vulnerability:
Email: security@aiready.cat