Privacy Policy

1. Overview

This Privacy Policy explains what personal information Scayled (“Scayled”, “we”) collects when you use our website and product, how we use it, and the rights you have over it. We operate in the United States, Australia, and New Zealand and comply with applicable laws in those jurisdictions (including the GDPR where it applies).

2. Information we collect from you

• Account details — name, email, company, and password hash when you sign up.
• Listing content — addresses, sizes, asking rates, and any notes you add to your listings or CRM.
• Billing details — handled by our payment processor (Stripe). We receive the last four digits of the card and billing country; we never store full card numbers.
• Usage logs — IP address, browser, pages viewed, scans run, and actions taken, kept for security and product improvement.

3. Information we collect about third parties (lead data)

When you run a scan, Scayled aggregates contact information about the businesses near your listing. This data comes from public sources (company websites, registrars, business directories) and licensed third-party enrichment providers. We act as a processor of that data on your behalf for the limited purpose of building your lead list.

If you’re a subject of such data and want to request access, correction, or deletion of your record from Scayled, email privacy@scayled.com. We handle these requests within the timeframes required by applicable law (30 days under GDPR; 30 days under the Australian Privacy Act; 20 working days under the New Zealand Privacy Act).

4. How we use information

• Operating the product — running scans, building CRM entries, sending transactional emails.
• Billing and account administration.
• Product improvement — aggregated analytics on which features are used and how the scan pipeline performs.
• Security — detecting abuse, preventing fraud, enforcing our Terms.
• Communications you’ve opted into (product updates, outreach templates).

We don’t sell your data. We don’t use it to train third-party AI models.

5. Who we share data with

• Infrastructure providers— Supabase (database & auth), Vercel (hosting), Stripe (payments), Resend (transactional email). These vendors process data on our behalf under contracts that require them to protect it.
• Enrichment providers — we query third-party services to enrich and verify contact data. These queries go out as domain / person lookups, not as bulk exports of your account data.
• Legal— if we’re required to disclose data by a valid legal process, or to protect rights, safety, or property.

6. Where data is stored

Our primary databases are hosted in the United States. By using Scayled you consent to your information being transferred to and processed there. For AU and NZ users, we rely on Standard Contractual Clauses and equivalent cross-border safeguards.

7. Retention

We keep account and listing data for as long as your account is active. After you delete your account, we remove operational data within 30 days and retain billing records for the period required by tax law in your jurisdiction. Backup archives are purged on a rolling 90-day schedule.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to withdraw consent for marketing. To exercise any of these rights, email privacy@scayled.com from the address associated with your account. You also have the right to complain to your local data-protection regulator (e.g. the OAIC in Australia, the Privacy Commissioner in New Zealand, the ICO in the UK where applicable).

9. Cookies

Scayled uses a small number of first-party cookies: one to keep you signed in, one to remember your region pick, and analytics to measure page performance. We don’t run ad-tracking cookies. You can clear cookies in your browser at any time without losing account data.

10. Children

Scayled is a B2B tool and is not intended for anyone under 18. We don’t knowingly collect data from children.

11. Changes to this policy

If we change this policy in a way that affects how we use your data, we’ll email you or post a notice in-app at least 14 days before the change takes effect.

12. Contact

Privacy questions and data-subject requests: privacy@scayled.com. Everything else: hello@scayled.com.