ScaleLens AI
Scan

Privacy Policy

Last updated: 6/19/2026

1. Who We Are

This Privacy Notice is issued by ScaleLens AI Technologies (trading as "ScaleLens AI", "we", "us"), the data controller responsible for personal data processed via the ScaleLens AI service (the "Service"). For privacy questions, contact privacy@scalelens.ai.

2. Data We Collect

Account data (email, name, OAuth profile), scan inputs (URLs you submit), scan outputs (AI-generated audits), support correspondence, usage/telemetry, device identifiers and IP address, and payment metadata (transaction IDs, plan, amount — we never receive or store card numbers).

3. Purposes & Legal Bases

We process personal data on the following GDPR/UK GDPR legal bases:

  • Contract performance — creating your account, delivering audits, providing customer support.
  • Legitimate interests — securing the Service, preventing fraud/abuse, improving features, aggregated analytics.
  • Legal obligation — tax, accounting, and responding to lawful requests.
  • Consent — where required (e.g. optional marketing communications); withdrawable at any time.

4. Subprocessors & Data Sharing

We share data with the following categories of recipients only as needed to deliver the Service:

  • Hosting & database — Lovable Cloud / Supabase.
  • AI inference — Google and OpenAI (via the Lovable AI Gateway).
  • Web scraping — Firecrawl, used to fetch publicly available pages you submit.
  • Merchant of Record (payments)Paddle.com Market Ltd ("Paddle") acts as the reseller and Merchant of Record for all orders. Paddle handles checkout, billing, subscription management, payments, tax compliance, invoicing, refunds and related customer service. Paddle is an independent controller for the payment data it collects directly from you; see Paddle's Privacy Notice.
  • Professional advisers — legal, accounting and auditors, under confidentiality.
  • Authorities — where required by law or to protect rights and safety.

We never sell your personal data.

5. International Transfers

Some recipients may process data outside the UK/EEA. Where this happens, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, the UK Addendum, or adequacy decisions.

6. Cookies

We use first-party cookies and local storage strictly for authentication and essential service functionality. We do not use third-party advertising trackers.

7. Security

Data is encrypted in transit (TLS) and at rest. Access is restricted via row-level security policies and least-privilege controls. We apply appropriate technical and organisational measures proportionate to the risk.

8. Retention

We retain scan and account data while your account is active. On deletion, data is purged within 30 days except where retention is legally required (e.g. financial records).

9. Your Rights

Subject to applicable law, you may request access, rectification, erasure, restriction, portability, or object to processing, and withdraw consent where processing relies on it. We aim to respond within one month. You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Children

The Service is not directed to children under 13.

11. Changes

We will notify users of material changes. Continued use constitutes acceptance.

12. Contact

ScaleLens AI Technologies — privacy@scalelens.ai.

Home