Data We Collect

​

We may collect and process the following categories of data:

• Identity and contact details: name, company, job title, email address, phone number.

• Billing and payment details: billing address, VAT number, payment confirmations (via Stripe or Revolut Business).

• Business information: project data you share for consulting, mentoring, or strategic sessions.

• Technical information: IP address, browser type, cookies, device data.

• Communications: emails, chat transcripts, bookings, and reviews.

We only collect data relevant to the purpose of delivering our services.

 

 

How We Use Your Data

​

We process your personal data for the following purposes:

• To provide consulting, mastermind, training, and strategy services.

• To process bookings and payments (via Stripe, Revolut Business).

• To manage client projects (using Miro, email, and other collaboration tools).

• To communicate with you about services, events, or updates.

• To collect reviews (via Trustpilot or other platforms).

• To operate chatbots and automations (via Leeloo AI).

• To analyse and improve our website and services.

 

 

Use of AI Tools

​

We may use AI-powered tools (including OpenAI ChatGPT, Perplexity AI, and others) to support our services.

• Purpose: drafting, structuring, analysing, or summarising documents; generating strategic options; enhancing communication.

• Zero Trust Approach: AI tools are used in sandboxed, isolated environments with no permanent data storage.

• Data Minimisation: we only process what is strictly necessary.

• Human Oversight: all AI outputs are reviewed and validated by our human experts before delivery.

• No Automated Decision-Making: AI is never used to make final decisions impacting clients.

 

 

Cookies, Tracking & Consent

​

We use cookies and similar technologies to run our site, understand usage, and improve performance. With the Consentik GDPR Cookie Banner (our Consent Management Platform), you can granularly control consent per category and per language.

​

Cookie categories:

​

• Essential (strictly necessary; cannot be disabled).

• Functional (preferences, multilingual support).

• Analytics (e.g., aggregated usage, GA4 with IP anonymization).

• Advertising/Remarketing (e.g., Google Ads, Meta Ads, LinkedIn Ads; cross-site identifiers).

 

You can manage or withdraw consent at any time via the Cookie Settings link in our footer. We honor Google Consent Mode v2 and Global Privacy Control (GPC) signals where applicable. Third-party cookies are subject to the policies of the respective providers.

 

​

Data Sharing (No Sale of Personal Information)

​

We do not sell your personal information. We share data only as described below:

• Processors/Service Providers acting on our instructions (e.g., Wix, Stripe, Revolut Business, Gmail/Google Workspace, Trustpilot, Leeloo AI, Miro, analytics/ads vendors).

• Advertising & Remarketing: we may use pseudonymous identifiers for ad measurement and audience matching. Under some US laws (e.g., CPRA), this may be deemed “sharing for cross-context behavioral advertising.” You can opt out via Cookie Settings and the “Do Not Sell or Share My Personal Information” link in the footer.

• Legal: to regulators or authorities where required by law.

• Team & Subcontractors: under strict confidentiality, least-privilege access, and our Zero-Trust controls.

 

We maintain contracts with all third parties to ensure GDPR-level protections and no training of AI models on your data.

 

​

Personal Information (PII) & Sensitive Data​

​

What is PII? Personal Information (PII) means any data that identifies or can reasonably identify you (e.g., name, email, phone, role/title, IP, device IDs).

​

What we collect (typical): name, company, role, business contact details, booking details, payment metadata (handled by processors), your messages/forms, and URLs you share (website/social).

 

Free-text fields: your message may include PII or business data. Please avoid submitting health, biometric, financial account numbers, or other sensitive data unless strictly necessary.

 

Sensitive data: we do not intentionally collect sensitive categories. If you submit such data inadvertently, we may delete or restrict it.

​

Business vs. personal data: business public info (e.g., company URL) becomes PII if it links to an identifiable person.

 

Legal bases (GDPR): performance of a contract, legitimate interests (e.g., service improvement, security), consent (e.g., newsletters/ads), legal obligations.

​​

​​

​

Marketing Communications

​

We use opt-in consent for newsletters/updates (with double opt-in enabled). You can unsubscribe anytime via the link in our emails or by contacting us. For existing clients, we may send service-related updates (soft opt-in) consistent with applicable law. We keep minimal logs to demonstrate consent.

 

We do not make decisions with solely automated processing that produce legal or similarly significant effects. We may create audience segments for remarketing (profiling) to show more relevant ads; you can opt out via Cookie Settings.

 

​

International Transfers

​

Some providers process data outside the EEA/UK. We use appropriate safeguards such as Standard Contractual Clauses (SCCs) (and UK addenda where applicable). We conduct transfer risk assessments when needed and require equivalent protections from subprocessors.

 

 

Data Retention

​

We keep data only as long as necessary:

• Project/engagement records: up to 7 years (legal/accounting).

• Bookings & chat transcripts: up to 24 months unless legal retention applies.

• Marketing contacts: until you unsubscribe or request deletion.

• Cookies/IDs: per your consent and browser settings.

 

 

Your Rights (GDPR)

​

You have the right to:

• Access your personal data.

• Correct inaccuracies.

• Request erasure (“right to be forgotten”).

• Restrict or object to processing.

• Data portability (transfer to another provider).

• Withdraw consent at any time.

To exercise your rights, contact us at info@scalelab.agency.

​

​

Security, Updates & Contact

​

Security: We operate a Zero-Trust model where no user, tool, or system is inherently trusted. We use role-based access, encryption and secure storage are wherever possible, sandboxed AI usage with continuous monitoring and human oversight. We will notify authorities and affected individuals of a data breach where required by law.

Children’s Data: Our services are designed for business clients and not intended for individuals under 18. We do not knowingly collect children’s personal data.

Updates: We may update this Policy from time to time; the latest version is always on our website.

Contact (privacy): info@scalelab.agency

Registered address: Paphos, Cyprus (full legal address available upon request).

​

​