Last Updated: September 8, 2023 (view prior version here)
1. Who We Are
We are Scale, a San Francisco-based company with a mission to accelerate the development of artificial intelligence. We do this by powering AI with our Data Engine and unlocking the value of AI with our Generative AI Platform.
2. Scope and Applicability
This policy describes how Scale collects, uses, shares or otherwise processes information relating to individuals and the rights associated with that processing. A reference to “Scale,” “we,” “us” or the “Company” is a reference to Scale AI, Inc. and its affiliates involved in the collection, use, sharing, or other processing of personal information. Where applicable, Scale AI, Inc. is the controller.
3. Personal Information We Collect
When we talk about “personal information” or “personal data,” we’re talking about a broad range of information. Data protection laws around the world define this concept in different ways, but in general, we mean any information that relates to an identifiable, living individual person.
In addition, some data protection laws and privacy laws in certain jurisdictions differentiate between “controllers” and “processors” of personal data. A controller decides why and how to process personal data. A processor does not make decisions about personal data; it only processes personal data on behalf of a controller based on the controller’s instructions.
A. Personal Information You Provide Us Directly. We collect personal information you provide directly to us when interacting with us or using the Services. We use this information to provide, improve, promote, and protect the Services. Providing this information is voluntary but may be necessary in certain cases, such as for account registration. In such cases, if the information is not provided, Scale may not be able to provide the user with the requested Services.
The information we collect may include the following:
C. Personal Information We Collect From Third Parties. We may also collect personal data from third-party sources such as authentication partners and public databases for the purposes of user authentication and marketing activities. For example, if you create or log into your Scale account using your Google Account credentials, we will access your name and email for authentication.
4. How and Why We Use Personal Information
If you are based in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. As further described in Sections 7 and 15, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) regarding collection, retention, and use of personal information from the EEA, the UK, and Switzerland. Below describes the legal bases we rely on for each of our purposes in using your personal information.
In some limited cases, we may also have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal circumstance.
5. Personal Information Sharing and Disclosure
- Customer Admin and Users. If your User account was provisioned by a Customer, your administrator (“Admin”) may have access and control over the information associated with your account. The Customer may have its own policies governing access and use of information in your User account. Depending on a Customer’s settings and your choices, we will share certain information with other Users that are part of a Customer account.
- Business Transferees. We may sell, transfer or otherwise share information in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
- Authorities and Others. We may disclose your information to third parties if we determine such disclosure is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or government request, (b) protect any person from death or serious bodily injury, (c) prevent fraud, abuse, or security issue of Scale or other users, and (d) to protect Scale’s or its licensors’ rights, property, safety, or interest.
- Consent. We may also disclose or share your personal information where you have given us your consent to do so for a specific purpose.
Scale is concerned with safeguarding your information. Scale employs appropriate and reasonable physical, technological, and administrative security measures. For further information about our security practices, please see our Security page. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
7. International Transfer
Information that we collect from you may be transferred to, stored, and processed by us, our affiliates, and other third parties in countries outside the EEA, the UK, and Switzerland including, but not limited to, the United States and other countries, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world.
For transfers of personal information from the EEA, the UK, and Switzerland to third countries, we will transfer personal information according to the requirements of applicable data protection legislation by putting in place appropriate safeguards, including by entering into European Commission Standard Contractual Clauses. Customers transferring personal information from the EEA, the UK or Switzerland can reach out to Scale for a copy of its Data Processing Addendum by contacting us at firstname.lastname@example.org.
In addition, Scale has self-certified and adheres to the principles identified in the EU-U.S. DPF, UK extension to the EU-U.S. DPF and Swiss-U.S. DPF set forth by the US Department of Commerce. For more information about our certification and the Data Privacy Framework, see our Data Privacy Framework Notice below.
8. Data Retention
We will retain your personal information only for as long as is necessary for the purposes set out in Section 4. How and Why We Use Personal Information. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Because the needs can vary for different data types in the context of different services, actual retention periods can vary significantly. We determine the appropriate retention period for personal information based on the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as applicable legal requirements (such as applicable statutes of limitation). After expiry of the applicable retention periods, your personal information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of that data.
9. Links to Other Websites
Our website includes plugins of social media platforms, such as Meta Inc., Twitter Inc., and LinkedIn Corporation. You can identify the plugins by the respective network's logo. Details about purpose and extent of data collection, as well as processing and use of the data, by the social media networks can be obtained by reading the privacy policies of the social media networks.
10. Our Policy on Children
The Services are not directed to individuals under 18. If Scale becomes aware that a person under 18 has submitted information to us, we will delete the information. If you believe that we may have any information from a child under 18, please contact us at email@example.com.
11. Your Privacy Rights and Choices
Depending on your location, and subject to applicable law, you may have the following rights with regard to the personal information we control about you.
- You can access, correct, amend, and delete your personal information by contacting us at firstname.lastname@example.org.
- If you are based in the EEA, the UK, or Switzerland, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request the portability of your personal information. You can exercise these rights by contacting us at email@example.com or through the mechanisms listed on our Data Privacy Framework certification page.
- If you decide at any time that you no longer wish to receive marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. If you choose to no longer receive marketing communications, we may still communicate with you about security updates, responses to service requests, or other service related, non-marketing purposes.
- If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. You can withdraw your consent by contacting us at firstname.lastname@example.org.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. If you are based in the EEA, the UK or Switzerland, the contact details for data protection authorities are available below and listed on our Data Privacy Framework certification page.
We may request specific information from you to help us confirm your identity and process your request. If your User account was provisioned by a Customer, and if you seek to access, correct, amend, or delete data associated with your account, you should direct your requests to the Customer’s Admin.
12. Information for California Consumers
This section applies to California consumers, and it describes how we collect, use and share Personal Information of California consumers in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA. Under the CCPA, Personal Information is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
A. How We Collect, Use, and Share Your Personal Information. We collect the following statutory categories (as defined by CCPA) of Personal Information directly from you or automatically from your device:
- Identifiers, such as you name, email address, phone number, company name and role, device identifier, IP address, unique browser ID, cookies, beacons, pixel tags, account login, other unique identifiers;
- Professional or employment-related information, such as information about your business and your role;
- Inference data, such as information about your preferences;
- Commercial information, such as your service subscription records, and site engagement;
- Internet or network information, such as browsing and search history, site and advertisement interactions;
- Financial information, such as credit card and other billing related information;
- Geolocation data, such as city, state, and country based on IP address.
B. California Privacy Rights. California law grants California residents consumers certain rights and imposes restrictions on particular business practices as set forth below.
- You may request access to, or for a copy of the personal information we have collected, used, disclosed and disclosed about you over the past twelve (12) months.
- You may request for us to disclose the purposes for which we use the personal information we collect
- You may request for the categories of sources from which we have collected your personal information
- You may request that we delete certain personal information we have collected from you.
- You have a right not to receive discriminatory treatment for the exercise of your CCPA privacy rights
- California consumers have the right to opt-out of the sale of their personal information. We do not and will not sell your personal information. We may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations.
C. How to Exercise Your California Privacy Rights.
If you are a California consumer seeking to exercise your CCPA rights, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please email us at email@example.com. We will respond to verifiable requests received as required by law.
Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your personal information.
California Civil Code Section 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
If you have questions about your rights under CCPA, please send us an email to email@example.com.
14. Contacting Us
Attn: Privacy, 155 5th St, Floor 6, San Francisco, CA 94103
You may contact our EEA Representative at firstname.lastname@example.org or by mail:
2 Pembroke House, 28-32 Upper Pembroke Street, Dublin DO2 EK84
You may contact our UK Representative at email@example.com or by mail:
17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX United Kingdom
15. Data Privacy Framework Notice
- A. Scope. Our certification of commitment to adhere to the Data Privacy Framework Principles applies to the personal data (a) we collect from customers and visitors of our website (“Scale User Data”) and (b) that we process on behalf of our customers under an agreement (“Scale Services Data”).
- F. Service Providers. We may employ third party service provider companies and individuals to provide, improve, and protect the Services on our behalf. We maintain contracts with service providers that restrict their access, use, and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer principle, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
- G. Legal Requirements. We may disclose Scale Services Data to (a) comply with applicable law, regulation, legal process, or government request, including to meet national security or law enforcement requirements, (b) protect any person from death or serious bodily injury, (c) prevent fraud, abuse, or security issue of Scale or other users, and (d) to protect Scale’s or its licensors’ rights, property, safety, or interest.
- H. Business Transfers. Scale may sell, transfer or otherwise share some or all of its assets, including Scale Services Data, in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
- J. Disputes. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance - free of charge to you. Please first submit any such complaints directly to us via firstname.lastname@example.org. If you aren’t satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-data-privacy-framework. In the event your concern isn’t addressed by JAMS, you may be entitled to binding arbitration granted under the Data Privacy Framework Program and its principles to resolve complaints as described here.
- K. U.S. Federal Trade Commission Enforcement. Scale’s commitment under the Data Privacy Framework is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between this Data Privacy Framework Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles will take precedence.
- L. Requirement to Disclose. In certain situations, Scale may be required to disclose personal information that we process under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security, to enforce contractual obligations, or to meet law enforcement requirements.
- M. Changes to this Notice. We reserve the right to amend this Notice from time to time consistent with the Data Privacy Framework Program requirements.
- N. Contact Us. See the contact information listed in Section 14 or in the Data Privacy Framework certification link here.