Scaler Audit
Start free assessment

Privacy Policy

Last updated: 2 June 2026

Who we are

Scaler Audit ("we", "us") provides AI-powered software vendor due diligence tools at scaleraudit.com (or your deployed domain). For privacy enquiries, contact us via our contact page.

What we collect

  • Account data: email address and profile details you provide.
  • Assessment data: vendor names, websites, contract context, and notes you submit for reports.
  • Files you upload (e.g. proposals) — stored in private storage linked to your account.
  • Payment data: processed by Stripe; we do not store full card numbers.
  • Technical data: essential cookies and server logs for security and reliability.

How we use your data

  • To authenticate you and deliver assessment reports.
  • To process credit purchases and manage your account.
  • To improve reliability, security, and product quality.
  • To respond to support requests you send us.

AI processing

Assessment content you submit is sent to our AI provider (OpenAI) to generate structured due diligence reports. Do not submit special category personal data or confidential third-party data you are not authorised to share. You are responsible for having appropriate rights and notices where required.

Legal basis (UK / EEA)

We process personal data to perform our contract with you (providing the service), for legitimate interests (security, fraud prevention, product improvement), and where required, with your consent (e.g. non-essential cookies if we add them later).

Retention

We retain account and assessment data while your account is active and as needed for legal, accounting, or dispute purposes. You may request deletion by contacting us; some records may be retained where required by law.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or port your data, and to object to certain processing. You may lodge a complaint with the ICO (UK) or your local supervisory authority.

Sub-processors

We use trusted providers including Supabase (hosting/database/auth), Vercel (hosting), Stripe (payments), and OpenAI (report generation). Data may be processed in the UK, EU, or US depending on provider configuration.