Data Protection Policy

1. Our Commitment

ScaleFury is committed to protecting the personal data of our customers, their end users, and website visitors. We process data lawfully, fairly, and transparently, and we implement robust technical and organizational measures to safeguard it.

This Data Protection Policy outlines our approach to data security, compliance frameworks, and the rights of data subjects.

2. Compliance Frameworks

2.1 GDPR Compliance

ScaleFury is fully GDPR compliant. We adhere to the principles of the General Data Protection Regulation, including lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

• We process personal data only with a valid legal basis (consent, contract, legitimate interest, or legal obligation).
• We maintain records of processing activities as required under Article 30.
• We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
• We have appointed a data protection point of contact to oversee compliance.

2.2 SOC 2 Type 2

ScaleFury is nearing completion of its SOC 2 Type 2 audit with MHM CPA. This audit validates our security, availability, processing integrity, confidentiality, and privacy controls over an extended period.

2.3 California Privacy Rights (CCPA/CPRA)

We comply with the California Consumer Privacy Act and the California Privacy Rights Act. California residents have the right to know, delete, correct, and opt out of the sale of their personal information. We do not sell personal data.

3. Data Ownership

Your data belongs to you. ScaleFury customers retain full ownership of all data they create, import, or generate within the platform. This includes contacts, campaigns, content, analytics, and any other business data.

• You can export your data at any time in standard formats.
• You can delete your data at any time.
• Upon account termination, we delete your data within 90 days unless retention is legally required.
• We never sell, rent, or trade your data to third parties.

4. Security Measures

4.1 Technical Safeguards

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access controls: Role-based access control (RBAC) ensures employees access only the data necessary for their role.
• Infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure with redundancy, automatic failover, and regular backups.
• Monitoring: Continuous security monitoring, intrusion detection, and automated alerting for suspicious activity.
• Vulnerability management: Regular penetration testing, vulnerability scanning, and timely patching of identified issues.

4.2 Organizational Safeguards

• Employee training: All employees complete security awareness training upon hire and annually thereafter.
• Background checks: Employees with access to customer data undergo background verification.
• Vendor management: Third-party vendors are assessed for security and compliance before engagement.
• Incident response plan: Documented procedures for identifying, containing, and resolving security incidents.

5. Data Breach Procedures

In the event of a data breach that affects your personal data, ScaleFury will:

• Notify affected individuals within 72 hours of becoming aware of the breach, as required by GDPR.
• Notify relevant supervisory authorities as required by applicable law.
• Provide a clear description of the breach, the data affected, and the steps being taken to mitigate it.
• Implement corrective measures to prevent recurrence.
• Document the breach and our response for audit and compliance purposes.

6. International Data Transfers

When personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Transfers to countries with an adequacy decision from the European Commission.
• Binding Corporate Rules where applicable.

7. Data Subject Rights

We respect and facilitate the exercise of data subject rights. You may request access, rectification, erasure, restriction, portability, or object to processing by contacting us. We will respond to all valid requests within 30 days.

For full details on your rights, see our Privacy Policy.

8. Sub-Processors

ScaleFury uses carefully vetted sub-processors to deliver our Services. Each sub-processor is bound by data processing agreements that require them to protect your data to the same standard we do. A list of current sub-processors is available upon request.

9. Contact

For data protection inquiries or to exercise your rights: