Privacy Policy

Introduction

This notice relates to Scalign AS (Org no. 934 915 755, Edvard Storms gate 2, 0166 Oslo, Norway) and the Scalign service it owns and controls, including the Scalign.ai website referred to as the “Service.”

Data we collect and receive

• Signup information required to complete account creation, including your legal full name and a valid email address.
• Payment information for paying accounts.
• Content and materials you store in your account, which are deleted upon account cancellation.
• Data exchanged with third‑party services you choose to integrate (the Service may retrieve data from and send data to those services to provide functionality).

Purposes and how we use personal data

• To operate and provide the Service, including use of third‑party vendors and hosting partners
  for hardware, software, networking, storage, and related technology.
• To provide optional integrations you enable, which require retrieving data from and sending
  data to the relevant third‑party services under their terms and privacy policies.
• To ensure stable operation and control costs, including the ability to impose reasonable limits
  or require plan changes where usage is significantly above typical patterns.

Cookies and tracking technologies

The Scalign website and the Service use cookies and similar technologies (including browser storage and analytics identifiers) to ensure proper functionality, improve user experience, and understand how the Website and Service are used.

Cookies are small text files stored on your device. Similar technologies may include local storage, session storage, pixels, and analytics identifiers.

We use the following categories of technologies:

Strictly necessary technologies (no consent required)

These technologies are required for core functionality, security, and reliability of the Website and Service. They do not track users across unrelated websites.

Sentry is used for error monitoring and diagnostics. Its purpose is to maintain service reliability and detect technical issues. Sentry does not use persistent storage on the user’s device. Data is processed within the EU, with infrastructure located in Frankfurt, Germany.

Vercel / Infrastructure Services are used for website delivery, performance optimization, and service security. These services may rely on transient technical mechanisms necessary for operation, but do not involve intentional persistent storage on the user’s device. Data is handled within the EU.

These technologies are always active as they are necessary for the operation and security of the Service.

Analytics and performance technologies (consent required)

These technologies help us understand how visitors and users interact with the Website and Service, measure usage patterns, and improve product performance.

They are only activated after you provide consent via the cookie banner.

Google Analytics is used for website traffic measurement, aggregated usage statistics, and performance insights. It relies on cookies and analytics identifiers to function. Data processing may involve transfers or processing outside the EU/EEA, depending on Google’s infrastructure and configuration.

Mixpanel is used for product usage analytics, feature interaction analysis, and service improvement. It uses browser-based storage mechanisms such as local storage and identifiers. Data is processed within the EU using Mixpanel’s EU instance.

These providers may collect information such as:

• Pages visited
• Device and browser information
• Approximate location derived from IP
• Interaction and usage events
• Session and engagement metrics

Consent management

When you first visit the Website, you will be presented with a cookie banner requesting your consent for non-essential technologies. You may:

• Accept all cookies
• Reject non-essential cookies
• Adjust your preferences

You can withdraw or modify your consent at any time through the cookie settings interface or your browser settings.

Cookie retention

The lifespan of cookies and identifiers varies depending on purpose. Some cookies expire when you close your browser, while others may remain for longer periods.

Details about specific cookies may be provided in the cookie banner or preferences center.

Lawful bases for processing

We rely on the following legal bases under the GDPR:

Legitimate Interest (Article 6(1)(f) GDPR)

To operate, secure, and maintain the Website and Service, including essential technical functionality, error monitoring, fraud prevention, and infrastructure security.

Consent (Article 6(1)(a) GDPR)

For analytics, performance, and tracking technologies that are not strictly necessary, including Google Analytics and Mixpanel. These technologies are only activated after you provide explicit consent.

Performance of a Contract (Article 6(1)(b) GDPR)

To provide the Service, manage user accounts, process payments, and fulfill contractual obligations.

Recipients and disclosure

• Third‑party vendors and hosting partners that support operation of the Service (hardware,
  software, networking, storage, and related technology).
• Third‑party services and platforms you choose to integrate with, under those third parties’
  terms and privacy policies.

Security

We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include access controls, encryption in transit, monitoring, and security hardening practices appropriate to the nature of the Service.

Access to customer data

Scalign processes Customer data primarily through automated systems to provide the functionality of the Service.

We do not access or review Customer workspace content in the ordinary course of business.

In limited situations, access to Customer data may be required to:

• Provide support requested by the Customer
• Diagnose or resolve technical issues

Investigate security incidents or Service malfunctions

• Any such access:
• Is performed only by authorized personnel with a legitimate business need
• Is limited to the data reasonably necessary for the specific purpose
• Is subject to confidentiality obligations and access controls

Where technically feasible, such access is logged and protected by internal security procedures.

International data transfers

Where integrations are enabled, personal data may be retrieved from or sent to those third‑party services in accordance with their terms and privacy policies.

Retention

• If you cancel your account, all of your content is immediately deleted from the Service and cannot be recovered.
• Inactive accounts will be deleted after 90 days. An account is considered inactive if no user has logged in and no API/integration activity has occurred for 90 consecutive days. Before deleting an inactive account, we will send notice to the account owner at least 14 days in advance. Paid subscriptions are not deleted for inactivity.
• Following termination of the Service, only aggregated and anonymised data are retained for machine learning and statistics, which do not constitute personal data under applicable laws.
  

Children

The Service is intended only for professional users who are at least 18 years old; Scalign does not knowingly collect or process personal data of individuals under 18.

Your rights

Rights under GDPR (access, rectification, erasure, restriction, objection, portability) can be exercised by contacting Scalign at: hello@scalign.ai

You also have the right to lodge a complaint with your local data protection authority if you believe your rights under data protection law have been infringed.

Changes

We may update this Privacy Notice from time to time. We will notify you of any material changes by posting the updated notice on our website or by contacting you directly.