Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

We may collect the following information when you create an account, enroll in courses, or interact with the Service:

• Name (first and last)
• Email address
• Password / authentication data
• Profile details (role, organization, optional fields)
• Contact details (phone number or address if provided)
• Educational data (course enrollments, progress, scores, certificates)
• User-generated content – assignments, messages, uploaded files, discussions
• Payment information – billing data (handled by secure third-party processors)

1.2 Automatically Collected Information

When you use the Service, we automatically collect:

• Usage data: pages visited, time spent, features used
• Device data: browser, OS, screen size, device type
• Log files: access time, errors, diagnostic reports
• Cookies & tracking technologies (see Section 8)

1.3 Information Provided by Organizations

If your account is created by an employer, school, or organization ("Customer"), they may provide:

• User lists
• Course assignments
• Organizational structure
• Metadata related to training or compliance

Such data is controlled by the Customer, not Scaleapp.

2. How We Use Your Information

2.1 To Provide and Operate the Service

• Account creation and authentication
• Access to courses and educational materials
• Progress tracking and reporting
• Certificates and completion records

2.2 To Improve the Service

• Usage analytics
• Product development and feature optimization
• Troubleshooting and bug resolution

2.3 Communications

• Administrative notifications
• System alerts and service updates
• Optional marketing emails (only with consent)

2.4 Payments

• Billing, invoices, and subscription management

2.5 Security and Compliance

• Detecting fraud or unauthorized access
• Enforcing Terms of Service
• Meeting legal and regulatory obligations

3. Legal Bases for Processing (GDPR)

For individuals in the EU/EEA, we process personal data under the following bases:

• Contract: to provide the LMS service
• Legitimate interests: improving security, analytics, platform optimization
• Consent: marketing communications and optional cookies
• Legal obligation: financial records, law enforcement requests

When we act as a Data Processor, the legal basis is determined by the Customer (the Data Controller).

4. How We Share Information

We do not sell personal information.

4.1 Service Providers (Sub-Processors)

Trusted third parties supporting our operations, such as:

• Hosting providers
• Database services
• Email delivery tools
• Analytics tools
• Payment processors

Only necessary data is shared, and all providers follow strict security and contractual requirements.

4.2 Course Instructors & Organizations

If you join an organization's LMS workspace, that organization (and its administrators/instructors) may view:

• Your name
• Email
• Course enrollments
• Progress, results, and activity

4.3 Legal and Safety Requirements

We may disclose information if required by:

• Law or regulation
• Court order
• To protect rights, safety, or prevent fraud

4.4 Business Transfers

If Scaleapp is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

5. Data Security

We implement commercially reasonable technical and organizational measures to protect data, including:

• TLS encryption for data in transit
• Encryption at rest where applicable
• Secure authentication and password hashing
• Role-based access controls
• Logging and monitoring
• Regular backups
• Security reviews and vendor assessments

No system is 100% secure, and we cannot guarantee absolute protection.

6. Data Retention

We retain personal data only as long as necessary to:

• Deliver the Service
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Organizations may request deletion of user data at any time. After contract termination, Customer Data may be deleted within 30–90 days, except where required for legal retention.

7. Your Privacy Rights

Depending on your jurisdiction (e.g., EU, UK, California), you may have rights such as:

• Access – request a copy of your personal data
• Correction – update inaccurate information
• Deletion – request removal of your data
• Portability – receive data in a structured format
• Restriction – limit certain processing
• Objection – opt out of processing (e.g., analytics, marketing)
• Withdraw consent – for optional tracking or marketing

To exercise rights, contact us at privacy@joinscaleapp.com.

We will respond within the timeframes required by law.

8. Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Authentication
• Session management
• Preferences
• Analytics
• Performance measurement

Where required by law (EU/EEA), we request consent before placing non-essential cookies.

You can control cookies via your browser settings.

9. Children's Privacy

The Service is not intended for children under 13 (or the minimum age permitted in your jurisdiction). We do not knowingly collect personal data from children under this age.

If you believe a child has provided information, contact us to request deletion.

10. International Data Transfers

Scaleapp is based in Sweden and may process data in:

• EU/EEA data centers
• Other regions where service providers operate

Transfers outside the EU/EEA are protected using:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Other lawful safeguards

11. Third-Party Links

The Service may contain links to third-party websites. We do not control and are not responsible for their privacy practices. We encourage you to review their policies.

12. Changes to This Privacy Policy

We may update this Policy from time to time. The updated version will be indicated by the "Last updated" date above.

Material changes will be communicated through email or platform notifications.

13. Contact Information

If you have questions or requests about this Privacy Policy, please contact: