Privacy Policy

This Privacy Policy describes how S.C.A.L.A. AI OS ("we", "our") collects, uses, and protects your personal data.

Data Controller

The data controller is Alessandro Binda, Milan, Italy. Contact: [email protected].

Data Collected

We collect: account information (name, email), usage data (feature interactions, AI queries), billing data (processed by Stripe), and SARA WhatsApp conversation data (stored encrypted, never shared).

Purpose of Processing

We process data to: provide the S.C.A.L.A. AI OS platform, improve our services, send transactional emails, and comply with legal obligations. We do NOT sell your data.

Legal Basis

Processing is based on: contract performance (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f)), and consent where required (Art. 6(1)(a)).

Data Storage

All data is stored in the European Union (Hetzner, Germany). Backups are encrypted and retained for 30 days.

AI Processing

AI features use EU-compliant providers. Your data is never used to train third-party AI models. On-premise AI fallback is available for enterprise clients.

Data Sharing

We share data only with: Stripe (payments), AWS SES (transactional email), and AI inference providers (Groq, Mistral, Gemini) under data processing agreements. No data is shared for advertising purposes.

Sub-processors

The following sub-processors are engaged in data processing on our behalf, each under a Data Processing Agreement (DPA): Twilio Inc. (USA) — VoIP and SMS services, with DPA and Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR; Amazon Web Services EMEA SARL (EU-North-1 region) — Email delivery via SES; Meta Platforms Ireland Ltd. — WhatsApp Business API; Groq Inc. (USA) — AI inference, with DPA and SCC; Mistral AI (France, EU) — AI inference. All non-EU sub-processors operate under appropriate safeguards as required by Chapter V GDPR.

Your Rights

Under GDPR you have the right to: access, rectify, erase, restrict processing, data portability, and object to processing. To exercise these rights, email [email protected].

Data Retention

Account data is retained for the duration of your subscription plus 30 days. You may request deletion at any time via our data deletion page.

Cookies

We use essential cookies only (authentication, locale preference). No third-party tracking cookies or analytics pixels are used.

Changes

We may update this policy. Material changes will be communicated via email to registered users.

[email protected]

Last updated: April 2026