Data Processing Addendum (DPA)
Version 1.0
This Data Processing Addendum (“DPA”) supplements the applicable subscription agreement, terms of service, order form, or other written agreement between Ready Console and the customer using Ready Console’s services (“Agreement”).
This DPA applies when Ready Console processes Customer Personal Data in connection with providing the Ready Console platform and related services.
Ready Console helps organizations manage operational compliance workflows, documents, deadlines, assignments, reminders, acknowledgements, and reporting. Ready Console does not provide legal, tax, insurance, HR, DOT, medical, or regulatory advice.
1. Scope and Roles
For purposes of this DPA:
“Customer” means the organization or business using Ready Console.
“Ready Console” means the Ready Console software platform and related services.
“Customer Data” means information submitted, uploaded, stored, configured, or generated by Customer or its Authorized Users in Ready Console.
“Customer Personal Data” means Customer Data that relates to an identified or identifiable individual.
“Authorized Users” means individuals authorized by Customer to access Ready Console.
Customer determines what data is entered into Ready Console, which users may access it, what requirements are tracked, which documents are uploaded, and how assignments, reminders, companies/entities, vendors, assets, credentials, locations, and reports are configured.
Ready Console processes Customer Data to provide, secure, support, maintain, and improve the Ready Console services.
Where applicable data protection law recognizes controller and processor roles, Customer is generally the controller or business responsible for Customer Personal Data submitted to Ready Console, and Ready Console acts as a processor or service provider processing Customer Personal Data on Customer’s behalf.
2. Details of Processing
2.1 Subject Matter
The subject matter of processing is Customer Data submitted to Ready Console in connection with compliance workflow organization and related operational management.
2.2 Duration
Ready Console processes Customer Data for the duration of the customer relationship and for any additional period required to provide the services, maintain records, support security, comply with applicable obligations, resolve disputes, enforce agreements, or as otherwise described in the Agreement.
2.3 Purpose
Ready Console processes Customer Data to provide services including:
- Compliance requirement tracking
- Document and evidence organization
- Company/entity management
- Vendor compliance tracking
- Vehicle and asset compliance tracking
- Credential and personnel tracking
- Location and facility compliance tracking
- Assignment and acknowledgement workflows
- Reminders and notifications
- Reporting and compliance visibility
- Account administration
- Support and troubleshooting
- Security, audit-minded activity logging, and abuse prevention
2.4 Nature of Processing
Processing may include collection, recording, organization, storage, retrieval, use, transmission, display, restriction, deletion, archiving, restoration, and other handling of Customer Data necessary to provide Ready Console.
2.5 Categories of Data Subjects
Customer Data may relate to:
- Authorized Users
- Customer employees or team members
- Managers, administrators, and assignees
- Vendor contacts
- Contractor contacts
- Credential holders or personnel
- Company/entity contacts
- Location/facility contacts
- Support contacts
- Other individuals whose information Customer chooses to enter into Ready Console
2.6 Categories of Data
Customer may submit or generate data such as:
- Names
- Work email addresses
- Phone numbers
- Company/entity names and contact details
- Vendor and contractor contact details
- User roles, permissions, and entity-scope settings
- Assignment and acknowledgement records
- Compliance requirement names and metadata
- Due dates, expiration dates, and renewal information
- Document metadata
- Uploaded documents and evidence files
- Vehicle, asset, location, credential, or facility records
- Reminder and notification metadata
- Audit/activity metadata
- Authentication and login-related metadata
- Support request information
- Other information Customer or its Authorized Users choose to submit
2.7 Sensitive or Regulated Data
Ready Console does not require customers to upload sensitive personal data, protected health information, special category data, or highly regulated personal information to use the core service.
Customer controls the information it chooses to enter or upload. Certain workflows, such as credential tracking, personnel records, professional licenses, healthcare practice operations, driver qualification records, or compliance evidence, may involve information that requires additional review.
Customer is responsible for determining whether the data it uploads is appropriate for Ready Console and whether additional contractual, legal, privacy, or security requirements apply.
Ready Console should not be used to store medical records, protected health information, highly sensitive personal information, or other regulated data unless a specific written agreement authorizing that use is in place.
3. Customer Instructions
Customer instructs Ready Console to process Customer Data as necessary to provide and support the Ready Console services.
Customer’s instructions include:
- The Agreement
- This DPA
- Customer’s configuration of the services
- Customer’s use of roles, permissions, entities, modules, assignments, documents, reminders, and reports
- Customer support requests
- Any other written instructions agreed by Ready Console
Customer is responsible for ensuring that its use of Ready Console and its instructions comply with applicable law.
Customer is responsible for:
• The accuracy and legality of Customer Data
• Obtaining any required notices, consents, or authorizations
• Deciding which users may access Customer Data
• Configuring roles and permissions appropriately
• Deciding which documents and records are uploaded
• Ensuring Customer Data is appropriate for the services
4. Confidentiality
Ready Console will use Customer Data only as necessary to provide, secure, maintain, support, and improve the services, or as otherwise permitted by the Agreement.
Ready Console will take reasonable steps to ensure that personnel or service providers authorized to access Customer Data are subject to confidentiality obligations or appropriate duties of confidentiality.
- Ready Console will not sell Customer Data.
- Ready Console will not use Customer Data to provide services to another customer.
- Ready Console will not disclose Customer Data to third parties except as necessary to provide the services, comply with legal obligations, use approved subprocessors, respond to authorized support requests, or as otherwise permitted by the Agreement.
5. Subprocessors
Ready Console may use third-party service providers and infrastructure providers to help provide the services.
Current infrastructure and service providers include:
| Provider | Purpose |
|---|---|
| Google LLC (GCP / Firebase) | User authentication (Firebase Auth), structured database storage (Firestore), document and evidence storage (Firebase Storage), container host compute (Cloud Run), and related server configurations. |
| Resend, Inc. | Transactional and system email dispatch, including Request Access form notifications, invites, password resets, reminders, assignment-related notifications, and related app emails (where enabled or configured). |
| Cloudflare, Inc. | Content delivery network (CDN), public website hosting through Cloudflare Pages, Pages Functions for routing request-access inquiries securely to Resend, custom domain verification, and secure HTTPS/SSL delivery for the public website. Optional edge security/WAF controls may be enabled if configured. |
| GitHub, Inc. | Private code repository hosting, version control, and automated deployment pipelines to Cloudflare Pages for the public website (does not store customer workspace data). |
| GoDaddy Inc. / DNS Provider | Domain registrar and DNS provider hosting the DNS records (contains the www CNAME pointing to Cloudflare Pages; does not process or store customer workspace data). |
Ready Console will maintain a public or available-upon-request subprocessor list at /subprocessors.
Ready Console may update its subprocessors as infrastructure evolves. Customers may request current subprocessor information by contacting:
requests@readyconsole.comReady Console will not intentionally grant subprocessors access to Customer Data beyond what is necessary to provide, maintain, secure, or support the services.
6. Security Measures
Ready Console is designed with security-minded and audit-minded operating practices.
Ready Console’s security approach may include:
- Authentication through Firebase Auth
- Role-based access controls
- Entity-scoped visibility
- Organization-scoped data access
- Secure document access patterns
- Firebase Storage for uploaded evidence and documents
- Firestore for structured application records
- Google Cloud / Cloud Run infrastructure for backend services where applicable
- Support access controls
- Activity and audit-minded logging where implemented
- Preservation of dormant data when modules are turned off or locked
- Administrative controls for users, assignments, and organization settings
- Separation of the public marketing website from the authenticated Ready Console application
Ready Console uses Google Cloud / Firebase infrastructure components where applicable. Google Cloud / Firebase provides underlying infrastructure controls for authentication, database, file storage, hosting, and cloud services.
• Ready Console does not currently claim SOC 2 certification, HIPAA compliance, ISO certification, PCI certification, or similar third-party certification unless separately stated in official trust documentation.
• Ready Console does not make “military-grade encryption” claims.
• Customer-specific security requirements, audit rights, incident notification commitments, and enterprise security terms should be addressed in the applicable Agreement.
7. Support Access
Ready Console support access, where available, is intended to be limited to authorized support, implementation, troubleshooting, account review, or customer-requested assistance.
Support access should be controlled, purpose-based, and audit-minded. Ready Console may maintain internal support records, activity logs, or notes related to support interactions. Ready Console does not intend support access to be used for unnecessary review of Customer Data.
Customer Support requests
support@readyconsole.comLegal, Privacy, Data, DPA & Subprocessors
requests@readyconsole.com8. Security Incidents
If Ready Console becomes aware of a confirmed security incident involving unauthorized access to Customer Personal Data, Ready Console will take reasonable steps to investigate and respond.
Where legally required or contractually agreed, Ready Console will notify affected customers without undue delay after confirming the incident and determining relevant details.
Ready Console’s response may include investigation, containment, remediation, restoration, and communication activities, along with reasonable cooperation.
This section does not apply to incidents caused by Customer, Customer’s Authorized Users, compromised customer credentials, misconfigured customer permissions, or Customer’s misuse of the services. Formal security incident notification obligations may be further described in the Agreement.
9. Privacy, Data, Accessibility, and Legal Requests
Privacy, data, accessibility, DPA, subprocessor, and legal-document requests should be sent to: requests@readyconsole.com
Suggested subjects include:
- Ready Console Privacy Request
- Ready Console Data Request
- Ready Console Accessibility Request
- Ready Console DPA Request
- Ready Console Subprocessor Request
- Ready Console Legal Request
Requests may include questions related to access, correction, deletion, restriction, data portability, accessibility feedback, subprocessor information, DPA, or security/trust logs.
Ready Console may need to verify the requester’s identity, authority, and relationship to the relevant Customer before acting on a request. If Ready Console receives a privacy or data request relating to Customer Data, Ready Console may direct the requester to the Customer if Customer is responsible for the underlying data.
10. Data Return, Deletion, Retention, and Archiving
Ready Console may retain Customer Data for the duration of the customer relationship and for any additional period needed to provide the services, support account administration, maintain security, preserve audit records, comply with legal obligations, resolve disputes, or enforce agreements.
Customer may request export, return, deletion, or review of Customer Data according to the Agreement and available product functionality. Certain records may be retained where needed for audit, security, legal, billing, backup, dispute resolution, or compliance reasons.
Ready Console’s product design may preserve historical or archived compliance evidence rather than casually deleting it, because compliance evidence and operational records may need to remain available for reporting, audit, diligence, renewal history, or operational continuity.
11. U.S.-Focused Processing
Ready Console is currently intended for U.S.-focused operations unless otherwise agreed in writing. Ready Console may process Customer Data in the United States and through U.S.-based infrastructure providers.
Ready Console does not claim certification under international data transfer frameworks unless separately verified and documented. If Customer requires international data transfer terms, standard contractual clauses, jurisdiction-specific terms, or other international data processing provisions, those must be reviewed and agreed in writing before use.
12. Customer Responsibilities
- Determining whether Ready Console is appropriate for Customer’s intended use
- Ensuring Customer Data is lawful and appropriate
- Configuring user roles and permissions appropriately
- Managing Authorized Users and protecting credentials
- Obtaining any required consents or notices
- Determining whether sensitive or regulated data may be uploaded
- Maintaining its own legal, tax, insurance, HR, DOT, medical, and regulatory compliance obligations
- Reviewing exported reports, reminders, and requirements for accuracy
- Ensuring Ready Console is used as an operational tracking tool, not as legal advice
13. Relationship to the Agreement
This DPA supplements the Agreement between Ready Console and Customer. If there is a conflict between this DPA and the Agreement, the Agreement will control unless the Agreement states otherwise.
Any liability, indemnity, warranty, exclusion, or limitation provisions in the Agreement apply to this DPA unless otherwise stated in the Agreement.
14. Updates to This DPA
Ready Console may update this DPA as the services, infrastructure, subprocessors, legal requirements, or operational practices evolve. Requests for current trust, privacy, security, accessibility, DPA, or subprocessor information should be sent to: requests@readyconsole.com.
15. Definitions
Authorized User
Means a person authorized by Customer to access Ready Console.
Customer Data
Means data submitted, uploaded, configured, stored, or generated by Customer or its Authorized Users in Ready Console.
Customer Personal Data
Means Customer Data that identifies or could reasonably identify an individual.
Processing
Means operations performed on Customer Data, such as collection, storage, organization, retrieval, use, transmission, display, deletion, archiving, or other handling necessary to provide the services.
Subprocessor
Means a third-party provider that processes Customer Data on behalf of Ready Console to support the services.
Services
Means the Ready Console software platform and related support, communication, and operational services.
Appendix A — Subprocessors
| Subprocessor | Purpose |
|---|---|
| Google Cloud / Firebase | Authentication, database, storage, backend/cloud infrastructure, application services, and related cloud services |
| Resend | Transactional email delivery for account, invite, password reset, reminder, assignment, acknowledgement, support, and operational communications |
| Public website host/CDN | Static website hosting for www.readyconsole.com, if applicable |
| DNS/domain/firewall provider | DNS, domain management, CDN, WAF, or geo-blocking configuration, if applicable |
Requests for current subprocessor information should be sent to: requests@readyconsole.com
Appendix B — Security Measures and Controls
Ready Console’s security measures are intended to support a security-minded SaaS operating model.
1. Authentication
Ready Console uses Firebase Auth for user authentication where applicable. Authentication methods may include email/password and supported identity providers.
2. Role-Based Access
Ready Console supports organization roles and permissions (e.g., administrator, manager, user, view-only) intended to control what users may view or manage.
3. Entity-Scoped Visibility
Ready Console is designed to support visibility controls across companies, entities, vendors, assets, credentials, locations, and related records.
4. Document Access
Uploaded compliance documents are stored through Firebase Storage. Document access is restricted through active authentication and organization scope.
5. Structured Application Records
Ready Console uses Firestore to store records, including organizations, entities, users, memberships, compliance items, vendors, assets, and locations.
6. Activity & Audit Logs
Ready Console maintains activity logs for system events, administrative changes, and acknowledgements to ensure traceability and history.
7. Support Access Controls
Support access is purpose-based and limited to authorized troubleshooting, onboarding, billing requests, or implementation assist requests.
8. Email Notifications
Ready Console uses Resend or similar infrastructure to dispatch transaction/alert messages, invitations, and password resets safely.
9. Public Website Separation
The public website (www.readyconsole.com) remains strictly separate from the authenticated application (app.readyconsole.com).
10. Geo-Blocking Controls
Any limits placed by geography are handled strictly at the CDN, DNS, or firewall layers (e.g., Cloudflare WAF, etc.).
Appendix C — Contact Routing
| Purpose | Email Routing Address |
|---|---|
| Request Access / Product Access Inquiry | access@readyconsole.com |
| Request Pricing / Sales Inquiry | access@readyconsole.com |
| Customer Support / General Help | support@readyconsole.com |
| Privacy & Data Deletion Request | requests@readyconsole.com |
| Accessibility Review Request | requests@readyconsole.com |
| Security & Trust Inquiries | requests@readyconsole.com |
| DPA & Subprocessor Questions | requests@readyconsole.com |
| Corporate Legal Reviews | requests@readyconsole.com |