Cookie & Data Protection Policy

Effective Date: February 14, 2026

Last updated: February 18, 2026

1. Data Controller

The data controller responsible for the processing of personal data collected via cookies and similar technologies is:

Scale Media AI

Email: info@scalemedia.ai

Website: scalemedia.ai

2. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites function properly, remember your preferences, and provide information to the site owner. Some cookies are essential for the website to work, while others help us improve your experience.

3. Cookie Regulations

The use of cookies is regulated by the ePrivacy Directive (2002/58/EC) and the General Data Protection Regulation (GDPR). Under these regulations:

  • Strictly necessary cookies are exempt from consent requirements — they are essential for the Service to function (e.g., authentication, security).
  • All other cookies (functional, analytics, marketing) require your prior informed consent before being placed on your device.
  • Consent must be freely given, specific, informed, and unambiguous.
  • You may withdraw your consent at any time (see Section 6).

4. Cookies We Use

4.1 Strictly Necessary Cookies

These cookies are essential for the Service to function and cannot be disabled. No consent is required.

CookiePurposeLegal BasisDuration
sb-*-auth-tokenAuthentication session (Supabase Auth)EssentialSession / 1 year
sb-*-auth-token-code-verifierPKCE authentication flow verificationEssentialSession
cookie-consentStores your cookie consent preferenceEssential1 year

4.2 Functional Cookies

These cookies remember your preferences and settings to enhance your experience. They require your consent.

CookiePurposeLegal BasisDuration
theme-preferenceStores dark/light mode preferenceConsent1 year
sidebar-collapsedRemembers sidebar collapsed stateConsentSession

4.3 Analytics Cookies

We currently do not use third-party analytics cookies (e.g., Google Analytics). If we introduce analytics tools in the future, we will update this policy and request your consent before setting any analytics cookies.

4.4 Marketing / Advertising Cookies

We do not use any marketing or advertising cookies. We do not track you across other websites, share data with ad networks, or use retargeting pixels.

5. Local Storage & Session Storage

In addition to cookies, we use browser local storage and session storage to persist certain preferences and authentication state. These technologies function similarly to cookies but are managed differently by the browser. They are subject to the same policies described here.

6. Managing & Withdrawing Cookie Consent

You can manage or withdraw your cookie consent at any time using any of the following methods:

6.1 Cookie Banner

When you first visit our website, a cookie consent banner allows you to accept or decline non-essential cookies. You can update your preferences at any time by clicking the cookie settings link in the website footer.

6.2 Browser Settings

Most browsers allow you to control cookies through their settings. Here are instructions for common browsers:

  • Google Chrome — Settings → Privacy and Security → Cookies and other site data
  • Mozilla Firefox — Settings → Privacy & Security → Cookies and Site Data
  • Safari — Preferences → Privacy → Manage Website Data
  • Microsoft Edge — Settings → Cookies and site permissions → Manage and delete cookies

6.3 Device Settings

Mobile devices typically offer cookie management options within their privacy settings. iOS users can manage this via Settings → Safari → Advanced → Website Data. Android users can manage via Chrome → Settings → Privacy and Security → Clear Browsing Data.

Note: Blocking or deleting strictly necessary cookies (such as authentication tokens) may prevent the Service from functioning correctly. You may be unable to log in or use certain features.

7. Data Protection Measures

Scale Media AI implements comprehensive data protection measures to safeguard your personal information:

7.1 Encryption

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Data at rest is encrypted using AES-256 encryption.
  • Passwords are hashed using bcrypt with a cost factor of 10 and are never stored in plain text.

7.2 Access Controls

  • Row-Level Security (RLS) policies ensure that each user can only access their own data.
  • Administrative access is restricted to authorized personnel with role-based permissions.
  • API keys and credentials are stored in environment-level secrets, never in source code.

7.3 Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store, process, or have access to full credit card numbers. Payment forms are served directly by Stripe's secure infrastructure.

7.4 Infrastructure Security

  • Our database and authentication services are hosted on Supabase, which runs on AWS infrastructure within the EU.
  • Automatic backups are performed daily with point-in-time recovery capabilities.
  • Regular security patches and dependency updates are applied.

8. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours as required by GDPR Article 33.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Take immediate steps to contain the breach and mitigate its effects.
  • Document the breach, its effects, and the remedial actions taken.

9. Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf. These agreements ensure compliance with GDPR Article 28 requirements, including:

  • Processing only on our documented instructions.
  • Ensuring confidentiality of persons authorized to process the data.
  • Implementing appropriate technical and organizational security measures.
  • Assisting us in responding to data subject rights requests.
  • Deleting or returning all personal data at the end of the service relationship.

10. Your Rights

You have the right to access, rectify, erase, restrict, object to, and port your data. You also have the right to withdraw consent for non-essential cookies at any time. For a complete overview of your data protection rights, please refer to our Privacy Policy.

To exercise your rights, email info@scalemedia.ai with the subject line "DATA PROTECTION: RIGHTS REQUEST".

11. Changes to This Policy

We may update this Cookie & Data Protection Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, by notifying you via email. We encourage you to review this policy periodically.

12. Data Protection Contact

For questions related to data protection, cookies, or to exercise your data rights, please contact:

Scale Media AI — Data Protection

Email: info@scalemedia.ai

Website: scalemedia.ai

Terms of ServicePrivacy PolicyImprint← Back to Scale Media AI