Scaleasy Ltd Privacy Policy

Last updated: 26 January 2026

Scaleasy Ltd (“Scaleasy”, “we”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share personal data when you visit our website, contact us, purchase a subscription, or use our services.

If you have questions, contact: [email protected]

1) Who we are

Controller: Scaleasy Ltd (we determine how and why personal data is processed for our own business purposes).
Processor: In some circumstances, when we manage lead generation activities and handle messages for clients, we may process personal data on behalf of the client (the client is the controller).

2) Personal data we collect

We may collect and process the following categories of personal data:

A) Website and enquiry data

Name, email address, phone number

Company name, job title

Any information you submit via forms, emails, or messages

Technical data such as IP address, browser type, device info, pages viewed, and referral source (via cookies/analytics)

B) Customer (client) account and subscription data

Billing contact details (name, email)

Business details (company name, address if supplied)

Subscription plan and seat count (per user)

Payment status and transaction references (Stripe)

We do not store full card details. Stripe processes payments.

C) Service delivery data (for clients)

Depending on your plan and how we deliver services, we may process:

LinkedIn account details required to access your account (including login credentials if provided)

Profile information, messaging templates, targeting notes

Communication records (emails/messages between you and us)

Performance metrics (e.g., messages sent, replies, meetings booked)

D) Prospect/lead data (processed during lead generation)

When delivering lead generation services, we may process personal data about prospects such as:

Name, LinkedIn profile URL, job title, company, location

Public LinkedIn information and engagement notes

Messaging history and reply content

Meeting booking information if a prospect books

3) How we use personal data and our legal bases

Under UK GDPR, we must have a lawful basis for processing personal data. We use data for:

A) To provide and manage our services (Contract)

Deliver your subscription services

Onboard you, manage seats/users, and handle support queries

Operate LinkedIn outreach/inbox handling where agreed

B) To communicate with you (Contract / Legitimate Interests)

Respond to enquiries

Send service updates, operational notices, and account information

C) To process payments and prevent fraud (Contract / Legal obligation / Legitimate Interests)

Manage billing via Stripe

Maintain accurate financial records

D) To improve our website and marketing (Legitimate Interests / Consent for cookies where required)

Analytics, site performance, user experience improvements

E) To comply with legal obligations (Legal obligation)

Tax/accounting obligations and record keeping

Responding to lawful requests by authorities

4) LinkedIn credentials and account access

Some clients provide LinkedIn login credentials to allow us to deliver services. Where this occurs:

We use credentials solely to deliver services you have purchased

We take reasonable steps to keep credentials secure and restrict access internally

We recommend enabling 2-factor authentication (2FA). If 2FA prompts occur, clients may need to assist to maintain access

Important: No online system can be guaranteed 100% secure. You share credentials at your discretion, and we will take reasonable precautions consistent with industry practice.

5) Who we share data with

We may share personal data with trusted third parties only when necessary, including:

Stripe (payment processing, billing): payment status and billing identifiers

Website/hosting providers (to run our site and forms)

Analytics providers (e.g., Google Analytics if used) to understand website usage

Scheduling tools (if used) for booking meetings

CRM/automation tools (e.g., HighLevel, Zapier, Google Workspace) where used to deliver services and manage communications

Professional advisers (accountants, legal advisers) where necessary

Authorities where required by law

We do not sell personal data.

6) International transfers

Some service providers may store or process data outside the UK. Where international transfers occur, we will take appropriate safeguards, such as:

UK Addendum to EU Standard Contractual Clauses, or

other lawful transfer mechanisms recognised under UK GDPR

7) Data retention

We keep personal data only as long as necessary:

Enquiries: typically up to 12–24 months

Client billing records: typically 6 years (UK tax/accounting requirements)

Service delivery data: for the duration of the subscription and a reasonable period afterwards to manage disputes, reporting, or continuity (commonly 12–24 months), unless a longer period is required by law

If you request deletion, we will comply unless we must retain data for legal reasons.

8) Your rights (UK GDPR)

You have rights including:

Access to your personal data

Correction of inaccurate data

Deletion (where applicable)

Restriction of processing

Data portability (where applicable)

Objection to processing based on legitimate interests

Withdraw consent (where consent is the basis)

Complain to the UK supervisory authority (ICO)

To exercise rights, email [email protected].

9) Cookies and tracking

We may use cookies and similar technologies to:

ensure website functionality

analyse traffic and performance

improve user experience

Where required, we will request consent for non-essential cookies. You can manage cookies via your browser settings.

10) Marketing communications

If you contact us, request information, or become a client, we may send communications relevant to your enquiry or services.

Where marketing consent is required, we will obtain it. You can opt out at any time using the unsubscribe link (if applicable) or by emailing [email protected].

11) Data security

We use reasonable technical and organisational measures to protect personal data, including:

access controls and least-privilege access internally

secure storage practices

reputable third-party processors

No method of transmission/storage is completely secure, but we aim to protect your data using appropriate safeguards.

12) Children’s privacy

Our services are not intended for children, and we do not knowingly collect data from children.

13) Changes to this Privacy Policy

We may update this policy from time to time. The “Last updated” date will reflect the current version. Material changes may be notified via our website or email.

14) Contact us

If you have any questions about this policy or your data, email: [email protected]

If you are not satisfied, you have the right to complain to the UK Information Commissioner’s Office (ICO).