Scalaro ("we", "us", "our") operates the website at scalaro.io and the AI sales automation platform accessible via that site (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights.
1. Information we collect
1.1 Information you provide
- Account data: name, work email, company name, role, password (hashed).
- Billing data: processed by Stripe; we do not store full card numbers.
- Configuration data: ideal customer profile, sequences, scripts, brand assets you upload.
- Integration credentials: API keys for Google, ElevenLabs, Twilio, DataForSEO, etc. — encrypted at rest.
1.2 Information we generate on your behalf
- Lead lists sourced from public business directories (Google Maps, Apollo, Apify).
- Email drafts, voice call transcripts, content drafts produced by our AI agents.
- Campaign analytics, ROI calculations, health scores.
1.3 Information collected automatically
- Device, browser, IP address, language, referrer.
- Product usage events to improve the Service.
- Cookies (essential for sign-in; optional for analytics).
2. How we use information
- To provide, maintain, and improve the Service.
- To process billing, send invoices, and manage subscriptions.
- To send transactional emails (sign-in, billing, security alerts).
- To run AI models that generate leads, copy, and analytics on your behalf.
- To detect abuse, fraud, and policy violations.
3. How we share information
We share data only with sub-processors strictly necessary to run the Service:
- Hosting: Contabo (EU servers).
- Payments: Stripe.
- AI providers: OpenAI, Anthropic, Google, Perplexity (no training on your data).
- Communications: ElevenLabs, Twilio, Vapi for voice; Resend / SendGrid for email.
- Analytics: Google Analytics (anonymized).
We never sell personal information.
4. Data retention
We retain account data for the life of your subscription plus 90 days. You may export or delete your data at any time via Settings, or by emailing privacy@scalaro.io.
5. Your rights (GDPR / CCPA)
- Right to access, correct, delete, or export your data.
- Right to object to or restrict processing.
- Right to withdraw consent.
- Right to lodge a complaint with a supervisory authority.
To exercise any right, email privacy@scalaro.io. We respond within 30 days.
6. Security
TLS 1.2+ in transit, AES-256 at rest, role-based access, tenant isolation by tenant_id, encrypted backups. We follow industry best practices but no method is 100% secure.
7. Children
The Service is not directed to anyone under 16. We do not knowingly collect data from children.
8. International transfers
Data may be processed in countries outside your own. We rely on Standard Contractual Clauses where applicable.
9. Changes to this policy
We will notify you via email and in-product banner at least 14 days before material changes take effect.
10. Contact
Privacy questions: privacy@scalaro.io
General: info@scalaro.io