Effective Date: February 14, 2026
Last updated: June 12, 2026
Scale Media AI ("we," "us," or "our") operates the Scale Media AI platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Service. By using the Service you agree to the practices described in this policy.
In accordance with the General Data Protection Regulation (GDPR), the data controller responsible for the processing of your personal data is:
If you have any questions about how your personal data is processed, or if you wish to exercise your data subject rights, please contact us using the details above with the subject line "DATA PROTECTION: REQUEST".
When you connect social media accounts via our integration partners, we receive limited profile information (account name, profile picture, platform identifiers) necessary to publish content on your behalf. We do not access private messages or contact lists. When you publish content through the Service, we also retrieve performance metrics for your published posts (such as impressions, likes, comments, and follower counts) from your connected accounts via our publishing partners, in order to display analytics in your dashboard.
During onboarding and brand setup, you may provide website URLs and social media profile URLs. We use automated tools (including Firecrawl and social media scraping APIs) to extract publicly available information such as brand colors, tone, logos, images, and text content from these sources. This processing is performed:
We do not retain raw scraped data beyond what is necessary to build your brand profile. Extracted data is processed and stored in a structured format within your workspace and is subject to the same security measures and retention policies described in this Privacy Policy.
We do not sell your personal data to third parties.
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Account & Brand Data | Contract | Delivering the Service |
| Payment Data | Contract | Processing subscriptions & billing |
| Usage & Device Data | Legitimate Interest | Analytics, security, service improvement |
| Marketing emails | Consent | Promotional communications |
| Non-essential cookies | Consent | See Cookie Policy |
| Billing records | Legal Obligation | Tax & accounting compliance |
We share data only with the following categories of service providers, under strict data-processing agreements:
| Provider | Purpose | Data Framework |
|---|---|---|
| Supabase (AWS EU) | Database, auth, storage | EU-hosted, SOC 2 |
| Google (Gemini API) | AI content & image generation | EU-US Data Privacy Framework |
| Stripe, Inc. | Subscription billing | PCI DSS Level 1 |
| Social Media Platforms | Content publishing via APIs | Platform-specific DPAs |
| Resend | Transactional & notification emails | SOC 2, SCCs |
| Firecrawl | Website scraping during onboarding | SCCs |
| OpenRouter | Fallback AI content generation | EU-US Data Privacy Framework |
| Vercel, Inc. | Application hosting, edge network, and privacy-focused web analytics | EU-US Data Privacy Framework, SCCs |
| Cloudflare, Inc. | Bot protection / CAPTCHA (Turnstile) on authentication forms | EU-US Data Privacy Framework, SCCs |
| ScrapeCreators | Extraction of publicly available data from social media profiles you submit during onboarding | SCCs |
| Zernio | Social media account connection and scheduled content publishing on your behalf | SCCs |
| bundle.social | Social media account connection, scheduled content publishing, and retrieval of post performance analytics on your behalf | SCCs |
| Google Ads | Advertising conversion measurement — loaded only after you grant marketing consent via the cookie banner | EU-US Data Privacy Framework |
| Meta Platforms (Facebook) | Advertising measurement via the Meta Pixel and the Meta Conversions API — both used only after you grant marketing consent | EU-US Data Privacy Framework |
Prompts and outputs sent to AI providers are processed but not used to train third-party models. Apart from the consent-based advertising measurement described above and in our Cookie Policy, we do not share your data with advertisers, data brokers, or any party for purposes unrelated to operating the Service. Where key account events (such as sign-up or subscription) are reported to advertising platforms for conversion measurement — which happens only if you have granted marketing consent — personal identifiers (such as your email address) are hashed (SHA-256) before transmission.
You have the following rights regarding your personal data:
To exercise any of these rights, email us at info@scalemedia.ai with the subject line "DATA PROTECTION: RIGHTS REQUEST". We will verify your identity and respond within 30 days. If we cannot fulfill your request, we will explain why.
Scale Media AI uses AI algorithms to generate content and personalize your experience. However, we do not use automated decision-making or profiling in a way that produces legal effects or similarly significantly affects you. AI-generated content is provided as suggestions only — all publishing decisions remain under your full control.
In compliance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), we provide the following transparency information about how AI processes your personal data:
For comprehensive details about our AI systems, please see our AI Transparency Notice.
We implement industry-standard security measures to protect your data, including:
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
Our primary infrastructure is hosted within the European Union. Where data is transferred outside the EEA (e.g., to AI processing services in the United States), we ensure appropriate safeguards are in place, including:
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at info@scalemedia.ai.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will notify you via email or through a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the revised policy.
If you are located in the EU/EEA and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs can be found at edpb.europa.eu.
When you use our public demo at scalemedia.ai/demo to generate sample posts from a URL, we additionally process: (i) the URL you submit, (ii) your IP address, (iii) your browser user-agent, and (iv) the timestamp of submission, together with the exact text of the consent statement you accepted. This information is retained for up to 12 months for fraud-prevention and dispute-resolution purposes. Generated sample images and any content scraped during the demo are deleted within 7 days of generation. By using the demo you confirm that you are the owner of, or are explicitly authorized to use, the URL you submit; submitting URLs you do not own or are not authorized to use may constitute a breach of our Terms of Service.
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: