Privacy Policy

1. Introduction and Scope

Scale Through Automation, LLC ("STA") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we collect and use it, with whom we share it, and the choices and rights you have regarding your information.

This Privacy Policy applies to:

• Our website at www.scalethroughautomation.io and all related subdomains
• Our SaaS products and AI automation services
• Communications between you and STA, including email, SMS, phone, and online forms
• Payment transactions for our services

This Privacy Policy does not apply to Client Data processed within the Client's own environment in connection with our AI and automation services. Please see Section 5 (Client Data and AI Services) for details on how we handle Client Data.

This Privacy Policy should be read in conjunction with our Terms and Conditions (Version 2.0), which govern your use of our Services.

2. Information We Collect

We collect the following categories of personal information:

2.1 Identifiers and Contact Information

• Full name, email address, phone number, mailing or billing address.
• Company name and job title.

2.2 Commercial and Financial Information

• Transaction and billing history.
• Services purchased or considered.
• Payment method type (e.g., credit card, debit card, or ACH) and billing address.
• Last four digits of a payment card (for reference purposes only).

Note: Full credit card numbers, debit card numbers, CVVs, and bank account numbers are collected and processed exclusively by our PCI DSS-compliant third-party payment processors. STA does not directly store these sensitive payment credentials on its own systems.

2.3 Internet and Electronic Network Activity

• IP address, browser type, version, and language.
• Device type and operating system.
• Pages viewed, links clicked, actions taken on our website, referring URL, and date/time of visits.

2.4 Geolocation Data

Approximate geographic location derived from your IP address (city/region level only).

2.5 Professional and Business Information

Company name and industry, business inquiry details, project descriptions, and information provided during onboarding (e.g., workflows, system requirements).

2.6 Communications Data

Content of emails, SMS messages, chat conversations, and form submissions you send to us, along with communication preferences and consent records.

2.7 Inferences

Business interests and service preferences inferred from your interactions with our website and communications.

CCPA Categories Summary

We do not collect: Social Security numbers, driver's license numbers, biometric data, health information, or education records.

3. How We Collect Information

3.1 Directly From You

When you complete forms on our website, communicate via email/phone/SMS, subscribe to newsletters, sign up for services, or provide onboarding information.

3.2 Automatically Through Technology

Through cookies, web beacons, pixels, and server logs that record interactions when you visit our website.

3.3 From Third Parties

From payment processors regarding transaction status and billing confirmations, and from analytics and advertising partners (e.g., Google Analytics).

4. How We Use Your Information

5. Client Data and AI Services

This section describes how we handle data during the delivery of our AI and automation consulting, development, support, and maintenance services. It is one of our most important privacy commitments.

5.1 Our No-Storage Model

STA operates on a fundamental principle: your data stays in your environment. When we deliver AI and automation services, we work entirely within the Client's own platforms, systems, and infrastructure ("Client Environment").

• We do NOT store Client Data: STA does not copy, download, or retain Client Data on STA-owned infrastructure.
• We do NOT share Client Data: Client Data is never sold, rented, or shared with third parties for their own purposes.
• We do NOT use Client Data for AI training: Client Data is never used to train or improve AI models without explicit prior written consent.

5.2 What We Do Access

STA personnel may temporarily access Client systems to configure and deploy AI Employees, set up integrations, and perform testing/troubleshooting. This access is strictly purpose-limited and governed by the principle of data minimization.

5.3 Data Processing Relationship

When STA processes personal data on behalf of a Client, STA acts as a data processor (GDPR) or a service provider (CCPA/CPRA). The Client remains the data controller.

5.4 Third-Party AI Providers

Our Services may utilize providers like OpenAI, Anthropic, or Google. Data is processed in accordance with each provider's policies and applicable DPAs. STA ensures subprocessors are bound by data protection obligations no less protective than our own.

6. Payment Information and Processing

6.1 Payment Methods

STA accepts credit card, debit card, and ACH transfer. All payments are processed in U.S. dollars.

6.2 Third-Party Processors

All transactions are processed by PCI DSS-compliant third-party processors. Your sensitive financial information is transmitted directly to and stored by the processor, not by STA.

6.3 ACH-Specific Disclosures

If you choose ACH, you authorize our payment processor to initiate electronic debits. Your bank details are transmitted directly to the processor.

6.4 What STA Does NOT Store

STA does not directly store: Full credit/debit card numbers, CVVs, bank account/routing numbers, or PINs.

7. Information Sharing and Disclosure

STA does not sell, rent, or share your personal information with third parties for their own marketing purposes.

7.1 Service Providers and Processors

We share info with trusted third-party providers who assist us in operating our business (Payment processors, Email/SMS service providers, Analytics, Cloud hosting, CRM tools). All providers are contractually obligated to protect your information.

7.2 Legal Requirements

We may disclose info to comply with a subpoena, court order, or lawful request by public authorities, or to protect the rights/safety of STA, our clients, or the public.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you of any such change.

7.5 Mobile Information

We do not share mobile phone numbers or SMS opt-in/opt-out data with third parties or affiliates for their own marketing purposes.

8. Data Retention

9. Data Security

9.1 Security Measures

• Encryption in transit: TLS 1.2 or higher.
• Access controls: Role-based access and principle of least privilege.
• Multi-factor authentication: Used by STA personnel for all systems.
• Incident response: Documented plan for security events.

9.2 Data Breach Notification

In the event of a breach, we will notify affected individuals and authorities as required by law (within 72 hours for GDPR-covered breaches).

10. Your Privacy Rights

Depending on your location, you may have the following rights:

• Right to Access: Request a copy of your personal info.
• Right to Correction: Request correction of inaccurate info.
• Right to Deletion: Request deletion of your personal information.
• Right to Opt Out: Opt out of marketing emails and SMS.
• Right to Information: Request how your info is collected and used.

To exercise these rights, email info@scalethroughautomation.io with the subject line "Privacy Request."

11. Your California Privacy Rights (CCPA/CPRA)

11.1 Notice at Collection

We inform you of the categories we collect, the purposes of use, and retention periods at or before collection.

11.2 Your Rights

Residents have the Right to Know, Right to Delete, Right to Correct, and Right to Limit Use of Sensitive PI.

11.3 No Sale or Sharing

STA does not sell your personal information and does not "share" it for cross-context behavioral advertising as defined under the CPRA.

12. Your Rights Under the GDPR (EEA, UK, and Switzerland)

12.1 Data Controller

STA acts as the data controller for personal data collected through our website and direct business interactions.

12.2 Legal Bases

Processing is based on Consent (Art 6.1.a), Performance of a Contract (Art 6.1.b), Legitimate Interest (Art 6.1.f), or Legal Obligation (Art 6.1.c).

12.3 Rights

Includes rights of Access, Rectification, Erasure, Restriction, Portability, and the Right to Object.

13. SMS and Text Messaging Privacy

• Consent: Opt-in required for reminders, updates, and marketing. Not a condition of purchase.
• Rates: Standard message and data rates may apply.
• Opt-Out: Reply STOP to any message to unsubscribe.
• Mobile Privacy: We do not share mobile phone numbers or opt-in status with third parties for their own marketing.
• Consent Records: Maintained for at least five (5) years.

14. Email Communications

• Transactional: Necessary for service delivery (invoices, updates); cannot be opted out of.
• Marketing: Sent only with explicit opt-in; includes clear unsubscribe links.
• CAN-SPAM: Requests honored within 10 business days.

15. Cookies and Tracking Technologies

We honor Global Privacy Control (GPC) signals from California residents as an opt-out of personal information sharing.

16. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their content or privacy practices. Review their policies independently.

17. Children's Privacy

We do not knowingly collect information from children under 16. If we discover such data has been collected, it will be deleted promptly. SMS opt-in requires users to be 18+.

18. International Data Transfers

Data transferred from the EEA/UK/Switzerland relies on the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs) to ensure an essentially equivalent level of protection.

19. Changes to This Privacy Policy

We may update this policy. Material changes will be notified at least 30 days in advance via email or prominent website notice. Continued use after the effective date constitutes acceptance.