Last updated: 9 May 2026  ·  Effective: 9 May 2026

Privacy Policy

This Privacy Policy describes how Scalabl.io ("Scalabl", "we", "us", or "our") collects, uses, stores, shares, and protects information when you use our website at scalabl.io and our hosted lead-generation, CRM, and marketing-analytics platform (together, the "Service").

1. Information We Collect

1.1 Information you provide

  • Account information — name, email, password, organisation, role, and billing details when you sign up.
  • Content you create — landing pages, forms, templates, leads, and other data you import into your workspace.
  • Support communications — messages you send to our support team.

1.2 Information from Sign in with Google

When you choose to sign in with Google, Google asks for your consent and shares the following profile information with us:

  • Your name, email address, and profile picture (Google scopes: openid, email, profile).

We use this information solely to create or sign you into your Scalabl account. We do not read, send, or modify your Gmail, Drive, Calendar, Contacts, or any other Google Workspace data through Sign in with Google.

1.3 Information from Google Marketing APIs (optional)

If you choose to connect a Google Ads, Google Analytics, or Google Search Console account, you grant Scalabl read-only access to the data in those accounts so we can render reporting dashboards inside your workspace. The Google API scopes we request are:

  • https://www.googleapis.com/auth/adwords — read campaign, ad group, ad, keyword, and performance data from Google Ads accounts you select.
  • https://www.googleapis.com/auth/analytics.readonly — read property and view metrics (sessions, users, conversions) from Google Analytics 4 properties you select.
  • https://www.googleapis.com/auth/webmasters.readonly — read query, page, and impression data from Google Search Console properties you verify.

You can revoke this access at any time from your Google Account at myaccount.google.com/permissions or from the Integrations tab inside Scalabl.

1.4 Information collected automatically

  • Usage data — pages visited, features used, timestamps, and device/browser information.
  • Cookies and similar technologies — used for session management, security, and product analytics. You can control cookies through your browser settings.
  • IP address and approximate location — for security, fraud prevention, and regional product behaviour.

2. How We Use Information

  • To create and operate your Scalabl account and provide the Service.
  • To render dashboards and reports using data you have authorised us to fetch from connected Google Ads, Google Analytics, and Google Search Console accounts.
  • To process payments, send transactional and product notifications, and provide customer support.
  • To investigate abuse, enforce our terms, and meet legal obligations.
  • To improve the Service through aggregated, de-identified analytics.

We do not use Google user data for advertising, and we do not sell Google user data.

3. Google API Services User Data Policy — Limited Use

Scalabl.io's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, Scalabl will:

  • Use Google user data only to provide and improve user-facing features inside the Service.
  • Not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • Not use Google user data to serve advertisements.
  • Not allow humans to read Google user data unless we have your explicit consent for specific data, it is necessary for security purposes (e.g. abuse investigation), to comply with applicable law, or the data is aggregated and used for internal operations in line with applicable privacy and other legal requirements.

4. How We Share Information

We do not sell personal information. We share information only in these limited cases:

  • Service providers — infrastructure (hosting, database, email delivery, error monitoring) under written confidentiality and data-processing agreements.
  • Within your workspace — content you create is visible to other authorised members of your Scalabl workspace, subject to roles and permissions.
  • Legal obligations — when required by law, subpoena, or to protect rights, safety, or property.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, with notice to users.

5. Data Retention

  • Account data — retained while your account is active.
  • Workspace content (leads, pages, forms) — retained while your account is active or until you delete it.
  • Google API tokens — retained until you disconnect the integration or revoke access in your Google Account.
  • Google API data caches — reporting data fetched from Google Ads, Analytics, or Search Console is cached for performance for up to 90 days and refreshed on demand. You can purge this cache at any time from your workspace settings.
  • Backups — encrypted backups are kept for up to 30 days, after which they are deleted on a rolling basis.

6. Data Security

We use industry-standard safeguards to protect your information, including TLS in transit, encryption at rest for sensitive fields (including Google OAuth tokens), least-privilege access controls, audit logging, and routine vulnerability monitoring. No system is perfectly secure; we encourage you to use a strong password and enable two-factor authentication on your Google account.

7. Your Rights and Choices

  • Access and correction — you can view and update most account and workspace data from inside the Service.
  • Deletion — you can delete your account at any time from the Settings page, or by emailing teaminsighter@gmail.com. Account deletion removes your personal data from active systems within 30 days, with backup deletion completing within 60 days.
  • Disconnect Google integrations — revoke Scalabl from myaccount.google.com/permissions at any time. Once revoked, we stop fetching new data and our cached copies are deleted within 30 days.
  • Marketing emails — unsubscribe via the link in any marketing email. Transactional emails (security, billing) cannot be opted out of while your account is active.
  • Regional rights — if you are in the EEA, UK, California, or another jurisdiction with data-protection laws, you may have rights to access, port, restrict, or object to processing. Contact us to exercise these rights.

8. Children's Privacy

Scalabl is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International Data Transfers

Scalabl is operated from New Zealand and may use service providers in other countries. Where we transfer personal data across borders, we rely on appropriate safeguards such as standard contractual clauses and provider compliance with applicable cross-border transfer regimes.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes to our practices, technology, legal requirements, or the Service. When we do, we will revise the "Last updated" date and, for material changes, notify you by email or through an in-product notice. Continued use of the Service after the changes take effect means you accept the updated policy.

11. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or our data practices, contact us at: