Skip to content
Scan a label

Legal

Privacy Policy

Effective 1 June 2026

This Privacy Policy explains how Kvagga s.r.o. processes personal data when you use the EU Readiness service at eureadiness.com. We act as the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 ("GDPR").

1. Controller

Kvagga s.r.o., registered office at Pražská 675/10, Bosonohy, 642 00 Brno, Czech Republic, company ID 215 36 414, VAT ID CZ21536414, registered in the Commercial Register at the Regional Court in Brno, file no. C 139334. Contact: hello@kvagga.com. We have not appointed a Data Protection Officer; we are not required to do so under Article 37 GDPR.

2. What data we process

  • Label photographs you upload (front, back, side panels). These may incidentally contain personal data printed on the packaging (e.g. name and contact details of the food business operator).
  • Scan metadata: selected EU target markets, product type indicated by you, technical timestamps.
  • Device data: browser type, approximate region derived from IP, basic interaction events for product analytics.
  • Contact data if you write to us by email.

We do not request, and ask you not to submit, special categories of personal data within the meaning of Article 9 GDPR.

3. Why we process it (purpose and legal basis)

  • Performing the audit you requested — Article 6(1)(b) GDPR (performance of a service requested by you).
  • Service operation, security, abuse prevention, debugging — Article 6(1)(f) GDPR (legitimate interest).
  • Communicating with you when you contact us — Article 6(1)(f) GDPR.
  • Compliance with legal obligations (accounting, tax, response to lawful requests) — Article 6(1)(c) GDPR.

4. Who receives your data

We use the following processors and sub-processors:

  • Anthropic, PBC (USA) — provides the large language model that performs the visual analysis of your uploaded photographs. Photos are transmitted to Anthropic's API for inference. Anthropic does not use API inputs to train its models. See anthropic.com/legal/privacy.
  • Cloudflare, Inc. (USA/EU) — hosting, DNS, CDN, edge runtime.
  • Lovable — application platform.

We do not sell personal data and we do not share it for advertising purposes.

5. International transfers

Transfers to providers in the United States rely on the EU–US Data Privacy Framework where the recipient is certified, and on the European Commission's Standard Contractual Clauses (SCCs) supplemented by appropriate organisational and technical measures otherwise. You may request a summary of the transfer impact assessment at hello@kvagga.com.

6. Retention

  • Uploaded photographs: not stored on our servers after the audit run completes. They are streamed to the AI provider, analysed, and discarded. A short-lived cache hash may be retained for up to 24 hours to prevent duplicate billing.
  • Audit results on your device: stored only in your browser's local storage for up to 7 days, then automatically deleted. You can clear them at any time from the "Recent scans" panel.
  • Email correspondence: kept while needed and for up to 3 years thereafter for evidentiary purposes.
  • Accounting records: retained for periods set by Czech law (typically 5–10 years).

7. Your rights

Under Articles 15–22 GDPR you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data. You may withdraw consent where processing is based on consent without affecting prior lawful processing. To exercise these rights write to hello@kvagga.com. You may also lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.cz) or your local supervisory authority.

8. Automated decision-making

The audit output is generated by an AI model and is intended as decision support, not as an automated decision producing legal effects on you within the meaning of Article 22 GDPR. You retain full discretion over whether and how to act on the report.

9. Cookies and analytics

We use strictly necessary storage (your browser's localStorage) to remember your recent scans on your device. We collect limited interaction events to improve the product. We do not use third-party advertising or cross-site tracking cookies.

10. Children

The service is intended for business users. We do not knowingly process personal data of children under 16.

11. Changes

We may update this policy. Material changes will be announced on this page with a revised effective date.