1. Introduction

This Privacy Policy ("Policy") describes how Scale Us Technologies LLP ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects information obtained from users ("you" or "User") of Scale Social (the "Service" or "Platform"). The Service enables users to create, schedule, manage, and publish content across multiple social media platforms including, but not limited to, LinkedIn, TikTok, Instagram, Facebook, X (formerly Twitter), YouTube, and Pinterest.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Policy, you must not use the Service.

This Policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), the UK Data Protection Act 2018, Brazil's LGPD, and other applicable data protection laws worldwide.

2. Data Controller Information

3. Information We Collect

3.1 Information You Provide Directly

 
• Account Registration Data: Full name, email address, phone number, company/organization name, job title, billing address, and payment information.

 
• Profile Information: Username, display name, profile picture, bio, and communication preferences.

 
• Content Data: Text, images, videos, links, captions, hashtags, and any other content you create, upload, schedule, or publish through the Platform.

 
• Communications: Messages, support tickets, feedback, survey responses, and correspondence you send to us.

3.2 Information from Connected Social Media Accounts

When you connect your social media accounts to the Platform, we access and collect information as authorized by you and permitted by each platform's API, including:

 
• Account Information: Social media user ID, username/handle, display name, profile picture, account type (personal/business/creator), follower/following counts, and account verification status.

 
• Page/Business Data: Pages you manage, business account details, page roles, and administrative permissions.

 
• Content and Publishing Data: Posts, stories, reels, videos, and other content published through the Service; scheduling metadata; publishing history and content performance.

 
• Engagement Analytics: Likes, comments, shares, reposts, saves, views, impressions, reach, click-through rates, follower demographics, and audience insights.

 
• Messaging (if authorized): Direct messages or inbox data only if the feature is enabled and you explicitly consent.

 
• OAuth Tokens and Permissions: Authentication tokens, access tokens, and refresh tokens required to interact with connected platforms on your behalf.

3.3 Information Collected Automatically

 
• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers, and screen resolution.

 
• Usage Data: Pages visited, features used, click patterns, session duration, referring URLs, and interaction timestamps.

 
• Cookies and Tracking Technologies: Session cookies, persistent cookies, pixel tags, web beacons, and similar technologies (see Section 10).

 
• Log Data: Server logs including access times, error logs, API call records, and system event data.

3.4 Information from Third Parties

 
• Social media platform APIs (as described in Section 3.2)

 
• Payment processors and billing partners

 
• Analytics and advertising partners

 
• Publicly available sources and business directories

 
• Integration partners (e.g., CRM, project management, or cloud storage services)

4. Legal Bases for Processing

We process your personal data on the following legal grounds under Article 6 of the GDPR and equivalent provisions under other applicable laws:

5. How We Use Your Information

5.1 Core Service Delivery

 
• To create and manage your account and authenticate your identity

 
• To connect to and interact with social media platforms via their APIs on your behalf

 
• To schedule, publish, edit, and manage content across connected platforms

 
• To provide analytics, reporting, and performance insights on published content

 
• To process payments, manage subscriptions, and maintain billing records

5.2 Service Improvement and Development

 
• To analyze usage patterns and improve platform features, user interface, and experience

 
• To conduct research and develop new features, products, and services

 
• To perform A/B testing and evaluate the effectiveness of platform changes

 
• To train and improve AI/ML features (only using anonymized or aggregated data, unless you explicitly consent otherwise)

5.3 Communication

 
• To send transactional notifications (account verification, password resets, billing confirmations, publishing confirmations)

 
• To provide customer support and respond to inquiries

 
• To send marketing communications and product updates (with your consent, where required)

5.4 Safety and Compliance

 
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues

 
• To enforce our Terms of Service and other policies

 
• To comply with applicable laws, regulations, legal processes, and government requests

6. Social Media Platform Permissions and Data Access

Our Platform requires specific permissions from each connected social media service to operate. The permissions we request are limited to what is necessary for the Service to function.

6.1 LinkedIn

 
• Profile access (r_liteprofile, r_emailaddress or equivalent OpenID scopes)

 
• Organization/page management (rw_organization_admin, w_member_social)

 
• Content posting (w_organization_social, ugcPost)

 
• Analytics access (r_organization_social, r_1st_connections_size)

6.2 Meta Platforms (Facebook & Instagram)

 
• Pages management (pages_manage_posts, pages_read_engagement, pages_show_list)

 
• Instagram business account access (instagram_basic, instagram_content_publish, instagram_manage_insights)

 
• Content publishing (publish_to_groups, pages_manage_metadata)

 
• Analytics and insights (read_insights, pages_read_user_content)

6.3 TikTok

 
• User profile information (user.info.basic, user.info.profile)

 
• Video publishing (video.publish, video.upload)

 
• Content management and analytics (video.list, data.analytics)

6.4 X (Twitter)

 
• Read and write access (tweet.read, tweet.write, users.read)

 
• Media upload (media.upload)

 
• Offline access for scheduled posting (offline.access)

6.5 YouTube

 
• Channel management (youtube.force-ssl, youtube.upload)

 
• Video upload and metadata editing

 
• Analytics access (yt-analytics.readonly)

You may revoke any of these permissions at any time through the settings of the respective social media platform or through Scale Social's account settings. Revoking permissions may limit or disable certain features of the Service.

7. Data Sharing and Disclosure

We do not sell your personal data. We share information only in the following circumstances:

7.1 Social Media Platforms

Content you create and publish through the Service is transmitted to the respective social media platforms according to their terms. Once published, that content is governed by the privacy policies of those platforms.

7.2 Service Providers and Sub-Processors

We engage trusted third-party service providers to assist in delivering the Service, including:

 
• Cloud hosting and infrastructure (e.g., AWS, Google Cloud, Azure)

 
• Payment processing (e.g., Stripe, PayPal)

 
• Email and communication services

 
• Analytics and monitoring tools

 
• Customer support platforms

All service providers are bound by Data Processing Agreements (DPAs) and are contractually required to process personal data only on our instructions and in compliance with applicable data protection laws.

7.3 Legal Requirements

We may disclose personal data if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or uses of your personal data.

7.5 With Your Consent

We may share information with third parties when you have given us your explicit consent to do so.

8. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your jurisdiction.

Where we transfer personal data internationally, we implement appropriate safeguards, including:

 
• Standard Contractual Clauses (SCCs) approved by the European Commission

 
• Adequacy decisions recognized by relevant authorities

 
• Binding Corporate Rules (BCRs) where applicable

 
• Supplementary technical and organizational measures as necessary

 
• Compliance with the UAE PDPL requirements for cross-border transfers

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect usage data. Categories of cookies include:

 
• Strictly Necessary Cookies: Essential for the operation of the Service (session management, authentication, security). These cannot be disabled.

 
• Functional Cookies: Enable enhanced features and personalization (language preferences, remembered settings).

 
• Analytics Cookies: Help us understand how users interact with the Service (page views, feature usage, error tracking).

 
• Marketing/Advertising Cookies: Used to deliver relevant advertising and measure ad effectiveness (only with your consent).

You can manage cookie preferences through our cookie consent banner, your browser settings, or by contacting us. Disabling certain cookies may affect functionality.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, please contact us at contact@scaleus.in. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

 
• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)

 
• Multi-factor authentication and role-based access controls

 
• Regular security assessments, penetration testing, and vulnerability scanning

 
• Secure coding practices and regular code reviews

 
• Encrypted storage of OAuth tokens and API credentials

 
• Incident response and breach notification procedures

 
• Employee training on data protection and security best practices

 
• Data minimization and pseudonymization where feasible

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected individuals and relevant authorities of any breach as required by law.

13. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

14. Third-Party Links and Services

The Service may contain links to third-party websites, services, or social media platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing personal data. Content published through our Service to social media platforms is subject to the privacy policies of those platforms.

15. Automated Decision-Making and AI Features

The Service may include features powered by artificial intelligence or machine learning, such as content suggestions, optimal posting time recommendations, or performance predictions. These features:

 
• Process aggregated and/or anonymized usage data unless you explicitly consent otherwise

 
• Do not make decisions that produce legal or similarly significant effects on you

 
• Can be disabled through your account settings where applicable

You have the right to request human review of any automated decision that significantly affects you.

16. California-Specific Disclosures (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

 
• Right to Know: You can request disclosure of the categories and specific pieces of personal information collected, the sources, the business purpose, and the categories of third parties with whom it is shared.

 
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

 
• Right to Opt-Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.

 
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

 
• Authorized Agent: You may designate an authorized agent to make requests on your behalf, subject to identity verification.

17. UAE-Specific Provisions (PDPL)

For users located in the United Arab Emirates, the following provisions apply in addition to the general terms of this Policy:

 
• We process personal data in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations.

 
• Cross-border transfers are conducted in accordance with PDPL requirements, including obtaining necessary approvals and ensuring adequate protection.

 
• You may lodge complaints with the UAE Data Office regarding any data processing concerns.

 
• Sensitive personal data (including health, biometric, and religious data) is processed only with explicit consent and where strictly necessary.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

 
• Posting the updated Policy on the Platform with a revised "Last Updated" date

 
• Sending email notification to registered users for material changes

 
• Displaying an in-app notification or banner

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU residents, you may also contact your local Data Protection Authority. For UAE residents, complaints may be directed to the UAE Data Office.

20. Consent and Acknowledgment

By using Scale Social and connecting your social media accounts, you acknowledge and consent to the following:

 
1. You have read and understood this Privacy Policy in its entirety.

 
2. You consent to the collection, processing, and use of your personal data as described herein.

 
3. You authorize the Platform to access and interact with your connected social media accounts in accordance with the permissions you have granted.

 
4. You understand that you may withdraw consent or disconnect accounts at any time through your account settings.

 
5. You acknowledge that published content is subject to the respective social media platform's terms and privacy policies.