PRIVACY POLICY: RATIO READY
Last updated: March 3, 2026
Version: 2.0
1. Introduction and Scope
This Privacy Policy describes how Your Brand Assistant LLC ("RatioReady," "we," "us," or "our") collects, protects, and processes personal information through our website (ratioready.com), our REST API, and our associated image-processing services. We act as the Data Controller for your account information and a Data Processor for the images and metadata you upload.
2. Legal Basis for Processing (GDPR/UK GDPR)
In accordance with Article 6 of the GDPR, we process your data under the following legal bases:
- Contractual Necessity: To provide the image-upscaling and ratio-conversion services you purchase.
- Legitimate Interests: To protect our Service from fraud, prevent competitive "scraping," and ensure the security of our Hetzner-based infrastructure.
- Consent: For marketing communications (which you may withdraw at any time).
- Legal Obligation: For tax reporting and compliance with the EU AI Act's transparency requirements.
3. Comprehensive Data Categorization
We collect and process the following categories of data:
| Category | Specific Data Points | Purpose of Processing |
|---|---|---|
| Identity Data | Email address, User ID, Auth tokens. | Account management and security. |
| Financial Data | Transaction ID, Credit balance, Billing history. | Payment verification via Fungies Inc. |
| Technical Data | IP address, Browser type, Time zone, Device ID. | Bot detection and infrastructure optimization. |
| Signup Geography | Approximate country of origin at account creation (2-letter ISO code, derived from IP). Your IP address is not stored. | Aggregate analytics only (e.g. understanding which regions our users come from). Lawful basis: legitimate interest. Never used for targeting or sold to third parties. |
| Content Data | Uploaded images, PSD templates, SEO strings. | Temporary processing only. Deleted within 24h. |
| Usage Data | API endpoints hit, Processing logs, Error rates. | Debugging and preventing service abuse. |
4. AI Transparency & Automated Processing
4.1 AI Disclosure
In compliance with the EU AI Act, we disclose that RatioReady utilizes Generative AI and Machine Learning models for image upscaling and noise reduction.
4.2 Automated Decision-Making
We use automated systems (Cloudflare Bot Management) to detect and block malicious traffic. If your account is flagged, you have the right to request a human review of the decision by contacting support.
4.3 No Model Training
We strictly guarantee that User Content is never used to train foundational AI models. Your intellectual property is processed in an isolated environment and purged immediately.
5. Data Residency and Global Transfers
5.1 EU Hosting
Our primary database and application servers are located in Germany (EU) at Hetzner Online GmbH.
5.2 Sub-processors
To provide global-scale AI processing, we utilize the following trusted partners:
| Partner Category | Location | Function |
|---|---|---|
| Identity & Auth | US / EU | Secure login & JWT management. |
| Cloud Database | EU | Account & credit metadata storage. |
| AI Inference | US (Encrypted) | GPU-accelerated upscaling logic. |
| Object Storage | Global (Edge) | Temporary storage for ZIP batch delivery. |
5.3 Safeguards
For transfers to the US, we rely on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework to ensure your data receives an equivalent level of protection to that provided within the EEA.
6. Google Drive Integration (Optional)
If you choose to connect your Google Drive account via the Integrations page, the following additional processing applies:
- Scope: We request only the
drive.filescope, which allows RatioReady to create and manage files it creates in your Drive — we cannot access, read, or modify any pre-existing files in your Drive. - Tokens stored: Your Google OAuth access token (short-lived) and refresh token are stored securely in our database. The refresh token is encrypted at rest using AES-256-GCM; the access token is stored in plaintext and rotated automatically.
- Use of tokens: Tokens are used solely to upload your processed batch files to the folder structure you authorise (
RatioReady/{batch-name}/). We never read, modify, or delete any other Drive content. - Revocation: You may disconnect Google Drive at any time via the Integrations page. This immediately deletes your stored tokens and revokes our access on Google's side. Processed files already uploaded to Drive are yours and remain untouched.
- Retention: OAuth tokens are deleted when you disconnect the integration, when your account is deleted, or if Google revokes access (e.g., you removed RatioReady from your Google account security page). We detect revocation and surface it in the UI within 24 hours.
8. Retention and Purge Policy
We adhere to the principle of Data Minimization:
- Image Assets: Deleted automatically 30 minutes after successful processing.
- Batch ZIPs: Deleted automatically after 24 hours.
- Account Data: Retained for the duration of your active subscription.
- Financial Records: Retained for 7 years as required by international tax laws.
9. Your Rights and Controls
Depending on your jurisdiction (GDPR, CCPA, etc.), you have the following rights:
- Right to Know/Access: Request a report of what data we hold about you.
- Right to Erasure: Request that we delete your account and all associated metadata.
- Right to Portability: Request a machine-readable export of your usage history.
- Global Privacy Control (GPC): Our systems are configured to recognize and honor GPC signals from your browser.
- Do Not Sell/Share: RatioReady does not sell or share your personal information with third-party advertisers.
10. California-Specific Disclosures (CCPA/CPRA)
- Sensitive Information: We do not collect "Sensitive Personal Information" (e.g., SSNs, biometric data, or precise geolocation).
- Notice at Collection: We collect the categories of data listed in Section 3 for the business purposes described in Section 2.
- Opt-Out: Since we do not sell data, there is no "Opt-Out of Sale" link required; however, you may limit our use of usage data by contacting support.
11. Security Architecture
We implement an "Encryption-First" policy:
- In-Transit: All API calls and web traffic use TLS 1.3.
- At-Rest: Databases are encrypted using AES-256.
- Infrastructure: Our Hetzner environment is protected by hardware firewalls and isolated VPCs.
- Access: We utilize the "Principle of Least Privilege" (PoLP) for our internal support team.
12. Contact and Data Protection Officer
For any inquiries regarding your data, or to lodge a formal complaint, please contact:
Data Protection Officer
Your Brand Assistant LLC
Email: support@ratioready.com