Scale Privacy Policy

Last Updated: September 8, 2023 (view prior version here)

Scale respects your privacy and is committed to protecting your personal information. Your privacy is important to us. Please read this policy carefully to understand how we will collect, use, and disclose your information, and what choices you have with respect to your information. You can also access a printable version of this Privacy Policy here.

1. Who We Are

We are Scale, a San Francisco-based company with a mission to accelerate the development of artificial intelligence. We do this by powering AI with our Data Engine and unlocking the value of AI with our Generative AI Platform.

2. Scope and Applicability

This policy describes how Scale collects, uses, shares or otherwise processes information relating to individuals and the rights associated with that processing. A reference to “Scale,” “we,” “us” or the “Company” is a reference to Scale AI, Inc. and its affiliates involved in the collection, use, sharing, or other processing of personal information. Where applicable, Scale AI, Inc. is the controller. 

This Privacy Policy applies to the personal information we collect when you use our websites (such as www.scale.com) and our products, services, and applications (collectively, the “Services”), when you attend a Scale event, or otherwise interact with us. 

This Privacy Policy does not apply to the extent we process personal information in the role of processor or service provider on behalf of our customers. Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Customers’ use or collection of personal information in connection with the use of our Services by individuals with whom our Customers interact. If you are an individual who interacts with a Customer using our Services or you otherwise believe that a Customer uses our Services to process your personal information, and you contact us regarding this data, you will be directed to contact the applicable Customer for assistance with any requests or questions relating to your personal information, including without limitation any requests to access, amend or erase your personal information.

3. Personal Information We Collect

When we talk about “personal information” or “personal data,” we’re talking about a broad range of information. Data protection laws around the world define this concept in different ways, but in general, we mean any information that relates to an identifiable, living individual person. 

In addition, some data protection laws and privacy laws in certain jurisdictions differentiate between “controllers” and “processors” of personal data. A controller decides why and how to process personal data. A processor does not make decisions about personal data; it only processes personal data on behalf of a controller based on the controller’s instructions.

A. Personal Information You Provide Us Directly. We collect personal information you provide directly to us when interacting with us or using the Services. We use this information to provide, improve, promote, and protect the Services. Providing this information is voluntary but may be necessary in certain cases, such as for account registration. In such cases, if the information is not provided, Scale may not be able to provide the user with the requested Services. 

The information we collect may include the following:

B. Personal Information We Collect From You Automatically. We use typical tools and services, such as log files, cookies, pixel tags, and similar technologies to automatically collect information, which may contain personal information from your devices while you navigate our Services or interact with emails we sent to you. For more information, please visit our Cookie Policy.

C. Personal Information We Collect From Third Parties. We may also collect personal data from third-party sources such as authentication partners and public databases for the purposes of user authentication and marketing activities. For example, if you create or log into your Scale account using your Google Account credentials, we will access your name and email for authentication.

  4. How and Why We Use Personal Information

If you are based in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. As further described in Sections 7 and 15, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) regarding collection, retention, and use of personal information from the EEA, the UK, and Switzerland. Below describes the legal bases we rely on for each of our purposes in using your personal information.

In some limited cases, we may also have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal circumstance.

5. Personal Information Sharing and Disclosure

We may share your personal information as described in this Privacy Policy or at the time of collection:

• Customer Admin and Users. If your User account was provisioned by a Customer, your administrator (“Admin”) may have access and control over the information associated with your account. The Customer may have its own policies governing access and use of information in your User account. Depending on a Customer’s settings and your choices, we will share certain information with other Users that are part of a Customer account.
• Affiliates. Scale may share personal information with affiliates for purposes consistent with this Privacy Policy.
• Service Providers. Scale uses certain trusted third-party service providers to help us provide, improve, protect, and promote our Services. These third parties may have access to your personal information to perform services on our behalf but only as is reasonably necessary for the purpose that Scale has engaged them for and in compliance with this Privacy Policy. Some of the third parties that Scale may share your personal information with include providers who assist Scale with functions such as: billing; customer support; hosting and storage; analytics; and marketing services.
• Business Transferees. We may sell, transfer or otherwise share information in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
• Authorities and Others. We may disclose your information to third parties if we determine such disclosure is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or government request, (b) protect any person from death or serious bodily injury, (c) prevent fraud, abuse, or security issue of Scale or other users, and (d) to protect Scale’s or its licensors’ rights, property, safety, or interest.
• Consent. We may also disclose or share your personal information where you have given us your consent to do so for a specific purpose.

6. Security

Scale is concerned with safeguarding your information. Scale employs appropriate and reasonable physical, technological, and administrative security measures. For further information about our security practices, please see our Security page. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. International Transfer

Information that we collect from you may be transferred to, stored, and processed by us, our affiliates, and other third parties in countries outside the EEA, the UK, and Switzerland including, but not limited to, the United States and other countries, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world.

For transfers of personal information from the EEA, the UK, and Switzerland to third countries, we will transfer personal information according to the requirements of applicable data protection legislation by putting in place appropriate safeguards, including by entering into European Commission Standard Contractual Clauses. Customers transferring personal information from the EEA, the UK or Switzerland can reach out to Scale for a copy of its Data Processing Addendum by contacting us at privacy@scale.com.

In addition, Scale has self-certified and adheres to the principles identified in the EU-U.S. DPF, UK extension to the EU-U.S. DPF and Swiss-U.S. DPF set forth by the US Department of Commerce. For more information about our certification and the Data Privacy Framework, see our Data Privacy Framework Notice below.

8. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in Section 4. How and Why We Use Personal Information. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Because the needs can vary for different data types in the context of different services, actual retention periods can vary significantly. We determine the appropriate retention period for personal information based on the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as applicable legal requirements (such as applicable statutes of limitation). After expiry of the applicable retention periods, your personal information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of that data.

9. Links to Other Websites

Our Services may contain links to, or interoperate with third-party services. When you click on a link to any other website or location, or when you or the Customer provides a third-party service with access to information in your account, such third-party may then collect or access information from you or Customer. The use of such information by the third-party service will be governed by the third-party service’s privacy policy. We have no control over, do not review, and cannot be responsible for, these third-party services. We encourage you to read the privacy policies of every website you visit and every third-party service you use.

Our website includes plugins of social media platforms, such as Meta Inc., Twitter Inc., and LinkedIn Corporation. You can identify the plugins by the respective network's logo. Details about purpose and extent of data collection, as well as processing and use of the data, by the social media networks can be obtained by reading the privacy policies of the social media networks.

10. Our Policy on Children

The Services are not directed to individuals under 18. If Scale becomes aware that a person under 18 has submitted information to us, we will delete the information. If you believe that we may have any information from a child under 18, please contact us at privacy@scale.com.

11. Your Privacy Rights and Choices

Depending on your location, and subject to applicable law, you may have the following rights with regard to the personal information we control about you.

• You can access, correct, amend, and delete your personal information by contacting us at privacy@scale.com.
• If you are based in the EEA, the UK, or Switzerland, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request the portability of your personal information. You can exercise these rights by contacting us at privacy@scale.com or through the mechanisms listed on our Data Privacy Framework certification page.
• If you decide at any time that you no longer wish to receive marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. If you choose to no longer receive marketing communications, we may still communicate with you about security updates, responses to service requests, or other service related, non-marketing purposes.
• If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. You can withdraw your consent by contacting us at privacy@scale.com.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. If you are based in the EEA, the UK or Switzerland, the contact details for data protection authorities are available below and listed on our Data Privacy Framework certification page.

We may request specific information from you to help us confirm your identity and process your request. If your User account was provisioned by a Customer, and if you seek to access, correct, amend, or delete data associated with your account, you should direct your requests to the Customer’s Admin.

12. Information for California Consumers

This section applies to California consumers, and it describes how we collect, use and share Personal Information of California consumers in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA. Under the CCPA, Personal Information is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

A. How We Collect, Use, and Share Your Personal Information. We collect the following statutory categories (as defined by CCPA) of Personal Information directly from you or automatically from your device:

• Identifiers, such as you name, email address, phone number, company name and role, device identifier, IP address, unique browser ID, cookies, beacons, pixel tags, account login, other unique identifiers;
• Professional or employment-related information, such as information about your business and your role;
• Inference data, such as information about your preferences;
• Commercial information, such as your service subscription records, and site engagement;
• Internet or network information, such as browsing and search history, site and advertisement interactions;
• Financial information, such as credit card and other billing related information;
• Geolocation data, such as city, state, and country based on IP address.

The business and commercial purposes for which we collect this information are described in Section 3 of this Privacy Policy; and the categories of third parties to whom we “disclose” the information for a business purpose are described in Section 5 of this Privacy Policy.

B. California Privacy Rights. California law grants California residents consumers certain rights and imposes restrictions on particular business practices as set forth below.

• You may request access to, or for a copy of the personal information we have collected, used, disclosed and disclosed about you over the past twelve (12) months.
• You may request for us to disclose the purposes for which we use the personal information we collect
• You may request for the categories of sources from which we have collected your personal information
• You may request that we delete certain personal information we have collected from you.
• You have a right not to receive discriminatory treatment for the exercise of your CCPA privacy rights
• California consumers have the right to opt-out of the sale of their personal information. We do not and will not sell your personal information. We may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations.

C. How to Exercise Your California Privacy Rights.

If you are a California consumer seeking to exercise your CCPA rights, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please email us at privacy@scale.com. We will respond to verifiable requests received as required by law.

Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your personal information.

California Civil Code Section 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@scale.com.

If you have questions about your rights under CCPA, please send us an email to privacy@scale.com.

13. Modification of Privacy Policy

Scale may modify this Privacy Policy periodically, including in response to changing legal, regulatory, technical or business developments. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on the website.

If we make any material changes to this Privacy Policy, we will take appropriate measures to provide you with additional notice, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if, and where, required by applicable data protection laws. 

We encourage you to review this Privacy Policy from time to time to inform yourself of any changes.

14. Contacting Us

If you have questions about this Privacy Policy, please contact us at privacy@scale.com or by mail:

Attn: Privacy, 155 5th St, Floor 6, San Francisco, CA 94103

You may contact our EEA Representative at scale@lionheartsquared.eu or by mail:

2 Pembroke House, 28-32 Upper Pembroke Street, Dublin DO2 EK84

You may contact our UK Representative at scale@lionheartsquared.co.uk or by mail:

17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX United Kingdom

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described above.

15. Data Privacy Framework Notice

Scale AI, Inc. (“Scale”, “we”, or “us”) complies with the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area, United Kingdom, and Switzerland to the United States. Scale has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern. To learn more about the Data Privacy Framework Program, please visit www.dataprivacyframework.gov. To view our certification, please click here.

• A. Scope. Our certification of commitment to adhere to the Data Privacy Framework Principles applies to the personal data (a) we collect from customers and visitors of our website (“Scale User Data”) and (b) that we process on behalf of our customers under an agreement (“Scale Services Data”).
• B. Data Processed. The Scale User Data that we collect, use, and share is described in our Privacy Policy, Section 3. We process Scale Services Data as instructed by our customers.
• C. Purpose of Data Processing. The purposes for which we collect, use, and share Scale User Data are described in our Privacy Policy, Section 4. We process Scale Services Data as instructed by our customers and in response to contractual commitments.
• D. Third Parties Who Receive Personal Data. We share Scale User Data as described in our Privacy Policy. We may share Scale Services Data with the following third parties in accordance with our agreements with Customers.
• E. Affiliates. We may disclose Scale User Data to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy.
• F. Service Providers. We may employ third party service provider companies and individuals to provide, improve, and protect the Services on our behalf. We maintain contracts with service providers that restrict their access, use, and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer principle, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
• G. Legal Requirements. We may disclose Scale Services Data to (a) comply with applicable law, regulation, legal process, or government request, including to meet national security or law enforcement requirements, (b) protect any person from death or serious bodily injury, (c) prevent fraud, abuse, or security issue of Scale or other users, and (d) to protect Scale’s or its licensors’ rights, property, safety, or interest.
• H. Business Transfers. Scale may sell, transfer or otherwise share some or all of its assets, including Scale Services Data, in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
• I. Rights to Access, Limit Use, or Limit Disclosure. We will handle requests to access, correct, amend, or delete Scale User Data in accordance with our Privacy Policy. Scale does not have relationships with individuals whose personal data is contained in Scale Services Data submitted by a Customer. An individual who seeks to access, correct, or delete personal data provided to us as Scale Services Data by one of our Customers should direct their request to the Customer. With our Data Privacy Framework self-certification, we have committed to respect those rights. We will help our Customer fulfill your request in accordance with our Customer’s instructions.
• J. Disputes. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance - free of charge to you. Please first submit any such complaints directly to us via privacy@scale.com. If you aren’t satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-data-privacy-framework. In the event your concern isn’t addressed by JAMS, you may be entitled to binding arbitration granted under the Data Privacy Framework Program and its principles to resolve complaints as described here.
• K. U.S. Federal Trade Commission Enforcement. Scale’s commitment under the Data Privacy Framework is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between this Data Privacy Framework Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles will take precedence.
• L. Requirement to Disclose. In certain situations, Scale may be required to disclose personal information that we process under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security, to enforce contractual obligations, or to meet law enforcement requirements.
• M. Changes to this Notice. We reserve the right to amend this Notice from time to time consistent with the Data Privacy Framework Program requirements.
• N. Contact Us. See the contact information listed in Section 14 or in the Data Privacy Framework certification link here.
•