Privacy policy.

Future Ready is an AI-readiness diagnostic platform operated by Kanso Pty Ltd(“Kanso”, “we”, “us”, or “our”), an Australian company based in Victoria. This policy explains what personal information we collect when you use the Future Ready platform at getfutureready.app, what we do with it, and the choices you have. We've written it in plain English; please ask if anything is unclear.

Future Ready is committed to handling personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988(Cth). If you're in the European Union or United Kingdom, we also recognise your rights under the GDPR and UK GDPR — see Your rights below.

Kanso Pty Ltd is the data controller for the personal information described in this policy. You can contact us about anything privacy-related via the Kanso contact form.

Account information

When you create a Future Ready account, our authentication provider (Clerk) collects your email address and (optionally) your name. If you sign up via a third-party provider like Google or Microsoft, Clerk receives the profile information that provider chooses to share — typically your name, email, and profile picture URL.

We separately store a Kanso user record linked to your Clerk identity. That record includes your email, display name, email-verification status, your referral code, your credit balance, and timestamps. If you signed up via a referral link, we also store which user referred you (so credit can be attributed).

Content you submit

When you run a scan, the text you type into the intake (your job title, or your team / organisation context paragraph) is sent to our AI engine to generate a report. The text you submitted is stored as part of the scan record so you can see “what you told us” on the report. Follow-up questions you ask are stored alongside the report. Subject lines and message bodies for support requests sent via “Ask our team” are stored on our service-ticket system and visible to Kanso administrators.

Usage and technical data

We keep a ledger of credit transactions (signup bonus, referral, scan, follow-up, refund, admin grant). Our hosting and authentication providers log standard technical metadata — IP address, browser user-agent, timestamps — for security and abuse-prevention purposes.

Cookies and similar technologies

We use a small number of cookies and browser storage values, all functional:

• Clerk session cookies — required to keep you signed in.
• fr_ref— set when you arrive via a referral link; cleared once we've attributed the referral. 30-day lifespan, samesite=lax.
• localStorage values— used to remember preferences like whether you've dismissed the new-user welcome banner. These never leave your browser.

We don't use third-party advertising cookies or cross-site tracking pixels.

• To provide the service — generate scan reports, allocate credits, deliver follow-up answers, and surface your history in My Reports.
• To run the credit economy — grant signup and referral bonuses, debit credits when you use a scan or follow-up, process administrator grants (and, when payments ship, process purchases).
• To respond to your support requests— read the “Ask our team” tickets you submit and reply via the same interface.
• To keep the service secure — detect and block abuse, enforce rate limits, maintain an audit trail for credit movements, and investigate incidents.
• To improve the product — analyse aggregated, non-identifying usage patterns. We do not use the content of your scans, follow-ups, or tickets to train AI models, nor do we share that content with anyone other than the subprocessors listed below as needed to provide the service.

We use a small set of subprocessors to operate Future Ready. Each only sees the personal information they need to do their job.

• Anthropic — receives your scan input and follow-up question text to generate AI responses. Anthropic does not use API inputs to train its models (per their published policy).
• Clerk — handles sign-up, sign-in, email verification, session management, and bot protection.
• Neon — hosts our PostgreSQL database (Sydney region). Stores your account record, scans, follow-ups, tickets, and credit ledger.
• Vercel— hosts the application and processes inbound requests. Standard access logs are retained per Vercel's policies.
• Cloudflare — provides the Turnstile bot-protection challenge during sign-up (via Clerk).
• Upstash — provides a Redis cache used for rate limiting on cost-sensitive endpoints.
• Microsoft Entra ID, Google — only if you sign in via one of these identity providers; receives a sign-in request and returns your profile information to Clerk.

When we add payment processing, Stripe will join this list as the processor for billing data. We'll update this policy before that goes live.

Your primary account and content data is stored in our database (Neon) in Sydney, Australia. Some subprocessors (Anthropic, Clerk, Vercel, Cloudflare, Upstash) operate globally and may process data outside Australia in the course of providing their services. We choose subprocessors that publish meaningful security and privacy commitments.

We keep your account record, scans, follow-ups, and ticket history while your account is active. If you ask us to delete your account, we remove your Clerk identity and cascade-delete the linked records in our database (account row, scans, follow-ups, ticket history, and credit transactions). Backup snapshots taken by our hosting providers may persist for a short rolling window afterwards as part of normal operations.

Anonymous or aggregated metrics derived from usage may be retained indefinitely.

All traffic to the platform is served over HTTPS. The database is encrypted at rest. Access to administrative tools is restricted to email addresses on a server-side allowlist, enforced on every page load and every admin action. We rate-limit cost-sensitive endpoints to prevent abuse, and we hold an audit ledger of every credit movement to support investigation if anything goes wrong.

No system is perfectly secure. If we become aware of a breach affecting your personal information, we'll notify you and the relevant regulator in accordance with the Notifiable Data Breaches scheme.

You have rights over the personal information we hold about you. These vary by jurisdiction but generally include:

• Access — ask for a copy of the personal information we hold about you.
• Correction— ask us to correct information that's inaccurate or out of date. Most account details can be updated yourself via your Clerk account.
• Deletion — ask us to delete your account and the personal information associated with it. This is irreversible.
• Objection / restriction — for users in the EU, UK, and similar jurisdictions, you can object to or restrict certain processing.
• Complain— if you're unhappy with how we handle your data, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au), or to your local data protection authority if you're outside Australia. We'd also appreciate the chance to address it first.

To exercise any of these rights, contact us via the Kanso contact form. We'll respond within a reasonable timeframe (typically 30 days).

Future Ready is intended for use by adults (16+ at minimum, with full adult access from 18). We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we'll delete it.

We may update this policy from time to time. Material changes (new subprocessors, expanded uses of your data, jurisdiction shifts) will be communicated to signed-in users via an in-app notice or email before they take effect. The “Last updated” date at the top of this page always reflects the current version.

For privacy questions, deletion requests, or to update your information, please use the Kanso contact form.