Last updated: [DATE]
Privacy Policy
This policy explains what personal data we collect when you use our AI workflow assessment ("the assessment", run by our AI consultant Sam), why we collect it, and what we do with it.
1 · Who we are
ScaleUP Systems Ltd ("ScaleUP", "we", "us") is the data controller for the personal data described here.
- Company: ScaleUP Systems Ltd, registered in England & Wales, company number
[COMPANY NUMBER]. - Registered office:
[REGISTERED OFFICE]. - Contact for any privacy question or request: hello@scaleupsystems.co.
- ICO registration:
[ICO REGISTRATION NUMBER].
2 · What this policy covers
It covers the free assessment on [SITE DOMAIN]: the conversation you have with Sam, the written assessment we generate for you, and any call you book with us afterwards. It does not cover third-party websites we link to.
3 · What we collect
We only hold what you choose to tell us, plus a little technical data needed to run the service:
- What you type in the chat. The conversation with Sam, including anything you describe about your business, your workflow, and the tools you use. You decide how much to share — you don't need to give sensitive information or even your company name.
- Details you provide for your assessment. Typically your name, work email, and (if you give them) company name, website, your role, and team size.
- The assessment we generate for you from that conversation.
- Booking details, if you choose to book a call — your name, email, and chosen time (handled through our booking provider).
- Limited technical data — e.g. your IP address — used to keep the service secure and prevent abuse.
We do not ask for, or want, payment-card details, financial account numbers, health data, or other special-category data. Please don't enter them.
4 · Why we use it, and our lawful basis
| What we do | Why | Lawful basis (UK GDPR) |
|---|---|---|
| Run the conversation and generate your assessment | It's the service you asked for | Legitimate interests / steps at your request |
| Email you your assessment and, if booked, your call details | To deliver what you came for | Legitimate interests |
| Improve how the assessment and our AI Employees work | To make the service better over time | Legitimate interests |
| Send you occasional follow-ups about your assessment or related help | Business-to-business marketing to a relevant contact | Legitimate interests (with opt-out — see §9) |
| Keep the service secure and prevent misuse | Protecting the service and users | Legitimate interests / legal obligation |
Where we rely on legitimate interests, we've weighed them against your rights; you can object at any time (see §11).
5 · How Sam works, and the AI providers
Sam is powered by third-party large language models. To answer you, the content of your conversation is sent to those providers' commercial APIs and processed to generate Sam's replies and your assessment. Sam may also run live web searches as you talk.
Your conversation is not used to train these providers' AI models. We use their paid, commercial API tiers, under which the providers do not use inputs or outputs for model training, and they retain data only briefly for security/abuse-monitoring before deletion. The providers are Anthropic (primary), and OpenAI and Google as fall-backs. We may change providers; we'll keep this list current and only use providers offering equivalent protections.
6 · Who we share it with
We don't sell your data or share it for anyone else's marketing. We use a small set of trusted providers ("processors") to run the service, each under a data-processing agreement and only for the purposes above:
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Database — stores your conversation, details, and assessment | EU (Frankfurt) |
| Vercel | Website hosting | US |
| Upstash | Rate-limiting / abuse prevention | US |
| Anthropic | AI model powering Sam (primary) | US |
| OpenAI | AI model (fall-back) | US |
| AI model (fall-back) | US | |
| Resend | Sending your assessment and notification emails | US |
| Calendly | Booking calls (only if you book) | US |
| Tavily | Live web search during the conversation | US |
We may also disclose data if required by law.
7 · International transfers
Your stored data sits in the EU (Frankfurt). Some processors above operate in the US, so running the service involves transferring data outside the UK/EEA. Where that happens, we rely on appropriate safeguards — UK International Data Transfer Agreement / EU Standard Contractual Clauses, and the EU–US / UK–US Data Privacy Framework where the provider is certified.
8 · How long we keep it
We keep your conversation, details, and assessment for up to 24 months from your last interaction with us, after which we delete or anonymise them. We hold them this long so we can re-send your assessment and offer relevant follow-up help during that period. You can ask us to delete your data sooner at any time (see §11).
9 · Marketing and follow-ups
If you give us your email through the assessment, we may send you occasional, relevant follow-ups — for example a reminder about your assessment or related help. Every such message has a one-click unsubscribe, and you can opt out any time by emailing hello@scaleupsystems.co. We won't pass your details to third parties for their marketing.
10 · Cookies
We use only essential/functional cookies needed to run the assessment (e.g. keeping your session working). We don't use advertising cookies or third-party analytics that track you across sites. [If this changes, we'll update this section and ask for consent where required.]
11 · Your rights
Under UK GDPR you can ask us to: give you a copy of your data; correct it; delete it; restrict or object to how we use it; or provide it in a portable format. Where we rely on consent, you can withdraw it. To exercise any of these, email hello@scaleupsystems.co — we'll respond within one month.
If you're unhappy with how we've handled your data, you can complain to the Information Commissioner's Office (ico.org.uk), though we'd appreciate the chance to put things right first.
12 · Security
We use reputable providers, access controls, and encryption in transit, and we keep the data we collect to the minimum needed. No system is perfectly secure, but we take reasonable steps to protect your information.
13 · Changes
We may update this policy; the "last updated" date shows when. Material changes will be made clear on this page.
14 · Contact
Any question or request: hello@scaleupsystems.co.