Privacy Policy

We collect information you provide directly to us and information generated through your use of Scalit.

Account & Organization Data

• Name, email address, job title, and phone number when you register or update your profile.
• Organization name, slug, address, and website URL.
• Billing information processed securely through our payment provider (we do not store full card details).

Advertising & Platform Data

• Campaign, ad set, and ad performance metrics synced from connected platforms (Facebook Ads, Google Ads) via OAuth.
• Ad account identifiers and OAuth access tokens, stored encrypted at rest.

Website Analysis Data

• Publicly accessible content from your organization's website, crawled solely to classify your industry and improve benchmark accuracy.

Usage & Technical Data

• Log data such as IP address, browser type, pages visited, and timestamps.
• Cookies and session tokens used to authenticate and maintain your session.

We use the information we collect to:

• Provide, operate, and improve the Scalit platform.
• Analyze campaign performance and generate AI-powered optimization recommendations.
• Classify your organization's industry to apply relevant benchmarks.
• Authenticate your identity and maintain secure sessions.
• Send transactional communications (e.g., account changes, security alerts).
• Respond to your support requests and inquiries.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data to third parties. We do not use your advertising data to train general-purpose AI models shared with other organizations.

We may share your information only in the following circumstances:

• Service Providers: Trusted vendors who help us operate Scalit (e.g., cloud hosting, email delivery, payment processing). They are contractually bound to process data only on our behalf.
• AI Providers: Campaign and website data may be sent to third-party AI providers (such as Google Gemini or OpenAI) to generate classification results and recommendations. These providers operate under their own data processing agreements.
• Legal Requirements: When required by applicable law, regulation, or valid legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before this occurs.
• With Your Consent: In any other case where you have explicitly authorized sharing.

We retain your personal data for as long as your account is active or as needed to provide our services. You may request deletion of your account and associated data at any time by contacting us at privacy@scalit.com. Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytics and benchmarking purposes. Advertising platform data is deleted within 90 days of disconnecting an integration.

We take the security of your data seriously and implement industry-standard measures, including:

• Encryption of data in transit using TLS 1.2+.
• Encryption of sensitive credentials (OAuth tokens) at rest using Fernet symmetric encryption.
• Hashed password storage using bcrypt with a configurable cost factor.
• Opaque refresh tokens stored as SHA-256 digests — plaintext is never persisted.
• Tenant data isolation: each organization's data is stored in a dedicated PostgreSQL schema.

No method of transmission or storage is 100% secure. If you discover a potential security issue, please disclose it responsibly to privacy@scalit.com.

We use the following types of cookies:

• Strictly Necessary: Session and authentication cookies required for you to log in and use the platform. These cannot be disabled.
• Functional: Cookies that remember your preferences (e.g., theme selection).
• Analytics: Anonymized usage data to understand how the platform is used and improve it.

You can control non-essential cookies through your browser settings. Disabling cookies may affect platform functionality.

Scalit integrates with third-party advertising platforms (Facebook, Google) via OAuth. By connecting these integrations, you authorize us to access and sync data from those platforms on your behalf. Each platform's own privacy policy governs how they handle your data. You can disconnect integrations at any time from the Integrations page, which revokes our access.

Depending on your location, you may have rights regarding your personal data, including:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain processing activities, including direct marketing.
• Withdrawal of Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@scalit.com. We will respond within 30 days.

Scalit is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where changes are material, notify you via email or an in-app notice. Continued use of Scalit after changes take effect constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us at privacy@scalit.com.