Privacy Policy
This explains what data Scalerra processes, why, on what legal basis, and the controls you have over it.
Effective June 1, 2026
1. Who we are
Scalerra (operated by [COMPANY LEGAL NAME], [REGISTERED ADDRESS], [COUNTRY OF REGISTRATION]) is the data controller for the personal data described here. For any privacy question, contact us at [PRIVACY / DPO EMAIL]. Our data protection contact is [DATA PROTECTION OFFICER — name/email, if appointed].
2. What we collect
We collect only what we need to run the product:
- Account data — your name, work email, and authentication credentials (passwords are stored only as salted hashes; we never see them in plain text).
- Identity fuel you provide — e.g. a CV/LinkedIn export, company URL, or portfolio you choose to add so the product can prepare for your meetings.
- Work data you create — accounts, opportunities, stakeholders, meetings, and notes you enter or connect.
- Connected sources you authorize — calendar, email, or CRM data, only after you explicitly grant access, and only to the scope you grant.
- Limited technical data — session and security logs needed to keep the service running and safe.
We do not buy contact lists, scrape personal data about private individuals, or build profiles of people from third-party data brokers.
3. Why we process it (legal bases)
- To provide the service you asked for — performance of a contract (Art. 6(1)(b) GDPR).
- To keep it secure and prevent abuse — our legitimate interests (Art. 6(1)(f) GDPR).
- With your consent — for connecting optional sources like calendar or email (Art. 6(1)(a) GDPR). You can withdraw consent at any time.
4. AI processing
Scalerra uses AI models to prepare insights and draft suggestions. Your content may be sent to model providers (OpenAI, Anthropic, Google) via the Vercel AI Gateway purely to generate your result. Your data is never used to train our models or any provider's foundation models. See our AI Use & Limitations page for detail on accuracy, oversight, and the EU AI Act.
5. Who can see your data
If you work solo, your workspace is yours alone. If you join a team, the output of your work becomes visible to your manager so they can help you win — your shared-deal work state, your drafts and briefs, your skills read, and the debrief and summary of your practice sessions. What a manager never sees is the process behind that output: the raw practice transcript, your private personality read, your own private notes, or any record of your activity, logins, or clicks. We never sell your data.
6. Subprocessors
We rely on a small set of vetted providers who process data on our behalf:
- Vercel Inc. — Application hosting, edge network, deployment ([REGION]).
- Supabase — Managed Postgres database, authentication, file storage ([REGION]).
- Vercel AI Gateway — Routing prompts to underlying AI model providers ([REGION]).
- [EMAIL PROVIDER] — Transactional email (account, password reset) ([REGION]).
7. Where data is processed
Primary processing and storage take place in [PRIMARY HOSTING REGION — e.g. EU (Frankfurt)]. Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.
8. How long we keep it
We keep your data for as long as your account is active. When you delete your account, we delete or irreversibly anonymize your personal data, except where we must retain limited records to meet legal obligations.
9. Your rights
You can access, correct, export, or delete your data, and object to or restrict certain processing. We provide in-product export and deletion tools, and you can reach us at [PRIVACY / DPO EMAIL]. See Your GDPR Rights for the full list and how to exercise them.
10. Changes
If we make a material change, we will update this page and ask you to review and re-accept before you continue using the app.