Privacy Policy

1. Introduction

vidaReady ("we", "our", "us") provides an EU VAT automation platform for businesses using Stripe. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service at vidaready.com.

By using vidaReady, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Data We Collect

Account Information

• Name, email address, and profile picture (provided via Clerk authentication)
• Organization name and business details
• Billing information (processed by Stripe, not stored by us)

Transaction Data

• EU transaction records synced from your Stripe account (charges, invoices, customers)
• Customer VAT IDs and their VIES validation results
• Transaction classifications (B2B, B2C, Reverse Charge)
• Generated VAT reports and export history

Technical Data

• IP address, browser type, and device information
• Usage patterns and feature interactions
• Cookies and similar tracking technologies

3. How We Use Your Data

We use the collected data to:

• Provide and maintain the vidaReady service
• Classify your EU transactions and validate VAT IDs via the VIES API
• Generate OSS-ready VAT reports
• Process subscription payments and manage your account
• Send transactional emails (account updates, billing notifications)
• Improve our service and develop new features
• Comply with legal obligations

4. Data Storage & Security

Your data is stored on secure servers with encryption at rest and in transit (TLS 1.2+). We implement industry-standard security measures including:

• Encrypted database storage
• Restricted API key access (read-only Stripe permissions)
• Regular security audits and vulnerability assessments
• Access controls and audit logging

We never store your Stripe secret keys in plain text. Payment card data is handled entirely by Stripe and never passes through our servers.

5. Third-Party Services

We integrate with the following services, each with their own privacy policies:

• Stripe — payment processing and transaction data sync
• Clerk — user authentication and session management
• Resend — transactional email delivery
• VIES (EU Commission) — VAT ID validation

We only share the minimum data necessary for each service to function. We do not sell your data to third parties.

6. Your Rights (GDPR)

As a user in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Portability — receive your data in a structured, machine-readable format
• Restriction — request restriction of processing
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@vidaready.com. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently remove your personal data and transaction records within 30 days, except where retention is required by law (e.g., tax records may be retained for up to 7 years as required by applicable legislation).

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Analytics cookies, if used, are anonymized and privacy-respecting.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For any questions or concerns about this Privacy Policy or our data practices, contact us at:

• Email: privacy@vidaready.com
• Address: vidaReady, Tirana, Albania