ReadyCheck logo ReadyCheck
Trust isn’t claimed — it’s demonstrated

Privacy & Security in the Age of AI

Every time you upload evidence or ask Certi a question you hand us responsibility. This page shows, in plain language, how ReadyCheck honors that trust: the guardrails we bake into the platform, how data moves, and what never happens to it.

We don’t

Sell, rent, or trade customer content
Use public AI endpoints
Train on raw evidence without explicit consent

We do

Encrypt data in transit and at rest
Isolate every tenant by design
Keep a clear, auditable trail for every call

You control

What we process, how long it lives, and whether it ever participates in our opt-in improvement program.

Purpose

Why ReadyCheck needs your data

Mapping controls, spotting gaps, and generating defensible artifacts relies on understanding your evidence. Certi interprets what you upload so we can connect the right practices to the right requirements — nothing more.

What this enables

  • Evidence-to-control mapping that is explainable and auditable.
  • On-demand recommendations from Certi that reflect your real environment.
  • Accurate readiness scoring for frameworks like CMMC Level 1 & 2.

What we refuse to do

  • No reselling, advertising, or "insights" marketplaces.
  • No training of general-purpose models on your identifiable content.
  • No sneaky third-party processors — everything runs inside ReadyCheck’s VPC.
Residence & access

Where your data lives (and where it can’t)

🔐

Encrypted edge-to-core

TLS everywhere in transit, tenant-scoped keys at rest, automated rotation, and no cross-tenant key reuse.

🧭

Signed, scoped requests

Every API call carries a cryptographically signed token that binds the request to a tenant ID and action.

🚫

Zero public endpoints

We do not ship your uploads to public AI APIs or shared embeddings services. Processing stays in ReadyCheck’s VPC.

Lifecycle

How evidence flows through ReadyCheck

Every interaction is predictable and observable. No hidden shortcuts, no silent retention.

  1. Upload & secure

    Your file or text is encrypted, tagged to your tenant, and isolated immediately.

  2. Sanitize

    We scan for malware and mask obvious identifiers before deeper analysis begins.

  3. Classify

    The content is typed (policy, log, plan…) so the right processing and controls attach.

  4. Encode

    Text becomes vector embeddings — mathematical fingerprints that can’t be turned back into paragraphs.

  5. Retrieve & reason

    Certi pulls only the snippets relevant to your question, reasons with them briefly, and discards the working memory.

  6. Return or remove

    Results persist only if you save them. Deletions propagate to storage, indexes, and caches.

Improvement

How AI gets better — with your control

Telemetry, not transcripts

We analyze interaction patterns: which controls are commonly asked about, which prompts fail, aggregate accuracy. We do not replay your evidence or conversations unless you explicitly invite us to during a guided program.

Improvement datasets are anonymized, redacted, and blended across multiple sources until they are untraceable to a single tenant.

Opt-in program
  • Requires a separate agreement and redaction workflow.
  • You can opt out at any time — new data stops flowing within two business days.
  • Existing anonymized entries remain only in aggregate benchmarks; no raw content is retained.
Default posture

If you do nothing, your evidence powers only your workspace. That’s it.

The reality of AI + compliance

Modern orchestration means data transforms as it moves: ingestion services, embedding engines, retrieval layers, reasoning models. Our job is to keep every hop transparent, logged, and minimal.

Want to see these flows for your tenant? We’ll gladly walk you through the architecture or share audit artifacts. Email support@readycheck.ai and we’ll schedule time.