Scalytics Privacy Policy

AI That Runs Where Your Data Lives.

Last updated December, 2025

1. Introduction

Welcome to Scalytics. This Privacy Policy explains how Scalytics, Inc. and its affiliates ("Scalytics," "we," "us," or "our") collect, use, disclose, and safeguard your personal data when you visit our website at https://www.scalytics.io(the "Website"), use our enterprise software, applications, or engage with our services (collectively, the "Services").

Identity of the Data Controllers

For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection laws, the data controllers are:

  • Scalytics, Inc. (US HQ): 3401 N. Miami Ave., Miami, FL 33127, United States
  • Scalytics EU (Malta): Santa Venera, Malta, European Union

Privacy Contact Point: If you have questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer / Privacy Team at legal@scalytics.io.

2. Categories of Personal Data We Collect

We collect personal data that you voluntarily provide to us and minimal technical data required to operate our Services securely.

  • Identifiers & Contact Data: Name, email address, phone number, company name, job title, and postal address (e.g., when you fill out a contact form or request a demo).
  • Technical Data: IP address, browser type, and operating system (collected solely for security, load balancing, and preventing DDoS attacks).
  • Commercial Data: Transaction history, subscription records, and enterprise service requests.
  • Sensitive Personal Information: We do not intentionally collect sensitive personal data unless strictly required for specific enterprise contracts, subject to stringent security measures.

3. Purposes of Processing and Lawful Basis (GDPR)

Under the GDPR, we process your personal data under the following lawful bases:

  • Provision of Services (Contractual Necessity): To deliver our products, manage user accounts, and provide customer support.
  • Security and Operations (Legitimate Interest): To ensure the security, performance, and integrity of our Website.
  • Marketing & Communications (Consent / Legitimate Interest): To send materials and newsletters you have requested. (You may opt out at any time).
  • Legal Compliance (Legal Obligation): To comply with tax, corporate, and regulatory requirements.

4. Recipients and Subprocessors

We do not sell or share your personal data with third-party advertising networks. We only share data with:

  • Service Providers & Subprocessors: Cloud hosting (e.g., AWS, GCP), CRM systems, and IT security platforms (e.g., Cloudflare) strictly required to deliver and secure our Services.
  • Legal Authorities: When mandated by applicable law, court order, or government regulation.

5. International Data Transfers

As a global company operating in the US and the EU, data may be transferred outside the European Economic Area (EEA). When transferring personal data from the EEA to the US, we rely on Standard Contractual Clauses (SCCs)approved by the European Commission, alongside supplementary technical and organizational safeguards to ensure an adequate level of protection.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

  • Account/Customer Data: Retained for the duration of the active contract plus up to 7 years for tax and legal compliance.
  • Marketing Data: Retained until you opt out or withdraw consent.
  • Technical Security Data: Retained for short, session-based intervals (e.g., Cloudflare security logs).

7. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning you under Article 22 of the GDPR.

8. Your Data Subject Rights (GDPR & Global)

Depending on your location, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
  • Right to Restriction of Processing: Request we suspend processing your data.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to our processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw previously granted consent at any time.

Exercising Your Rights: To submit a Data Subject Access Request (DSAR) or exercise any of the rights above, please email legal@scalytics.io. We will verify your request proportionately and will never ask for highly sensitive documents (such as Social Security Numbers) via email.

Right to Complain: EU residents have the right to lodge a complaint with a supervisory authority, such as the Office of the Information and Data Protection Commissioner (IDPC) in Malta.

9. US State Privacy Rights (CCPA/CPRA)

This section applies to residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other US states with enacted comprehensive privacy laws.

  • No Sale or Sharing of Personal Information: Scalytics does not sell your personal information, nor do we "share" your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. We do not use third-party tracking cookies for targeted advertising.
  • Sensitive Personal Information: We do not collect or process sensitive personal information for the purpose of inferring characteristics about consumers.
  • Non-Discrimination: We will not discriminate against you for exercising your state privacy rights.

10. Notice for Healthcare Vertical Visitors (HIPAA)

Scalytics provides enterprise data solutions, including services for the healthcare sector. If you are a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act (HIPAA), any Protected Health Information (PHI) processed by Scalytics on your behalf is governed strictly by the terms of our Business Associate Agreement (BAA) and applicable service contracts, rather than this general Privacy Policy.

11. Cookie Policy & Tracking Technologies

Scalytics respects your privacy and utilizes a minimal, tracker-free website architecture. We do not use advertising, marketing, or analytics cookies (such as Google Analytics).

The only cookies deployed on our Website are Strictly Necessary for security and core functionality. Because these are essential for the Website to operate safely, they do not require user consent under applicable privacy laws.

Cookie Inventory

  • _cfuvid (Cloudflare): A session-based, strictly necessary cookie used for load balancing, maintaining secure session consistency, and protecting the site against malicious bots.

12. Changes to this Privacy Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will notify you of material changes by updating the "Last Updated" date at the top of this policy or via a prominent website notice.

Scalytics
Your Kafka. Your agents. Your control.

© 2026 Scalytics®

Miami, Florida, United States
Santa Venera, Malta, European Union
Apache®, Apache Wayang®, Wayang®, Apache Kafka®, Kafka®, Apache Flink®, Flink®, Apache Iceberg®, Iceberg®, Apache Spark®, Spark® and associated open source project names are trademarks of the Apache Software Foundation
Core
Software
kafSCALEkafCLAWkafGRAPHApache Wayang
Operations
Solutions
HelioskafSIEMkafSHIELDScalytics Private AI
Use Cases
Vertical
Grid IntelligenceERP IntelligenceData Federation
Industries
Domain
Energy
Healthcare
Defense
Finance
Resources
Knowledge
TrainingResearchOpen SourceBlog
Contact & Pricing
ContactPartnerFrontrunner ProgramPricing
Tools
AI Ready CheckOnline DemosSearchDeepsearch Bot
Company
About
Who we areNewsroomCrunchbase
Security & Trust
Security & ComplianceImprintPrivacy PolicyTerms of ServiceELACLA
Consent Preferences