Privacy Policy

1. Introduction and Scope

ScaleTrax Accelerator LLC ("ScaleTrax," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us in any capacity.

This Policy applies to all personal information processed by ScaleTrax, including information collected through our website, mobile applications, email communications, and any other digital or offline interactions. By using our services, you acknowledge that you have read and understood this Policy and consent to the collection, use, and disclosure of your information as described herein.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and other relevant privacy regulations worldwide.

2. Information We Collect

We collect various types of information to provide and improve our services, comply with legal obligations, and maintain the security of our platform.

2.1 Personal Information You Provide

• Identity Information: Full name, date of birth, government-issued identification numbers, professional titles, and biographical information
• Contact Information: Email addresses, phone numbers, mailing addresses, and emergency contact details
• Professional Information: Employment history, educational background, professional certifications, LinkedIn profiles, and references
• Business Information: Bank account details, tax identification numbers, business history, business statements, and startup development information
• Business Information: Company details, business plans, business statements, intellectual property information, market research, competitive analysis, and proprietary business data
• Communication Data: Messages, emails, call recordings, meeting notes, and any other communications with our team

2.2 Information Collected Automatically

• Technical Information: IP addresses, browser types and versions, operating systems, device identifiers, screen resolutions, and hardware specifications
• Usage Data: Pages visited, time spent on pages, click-through rates, search queries, download activity, and interaction patterns
• Location Data: Approximate geographic location based on IP address and precise location data (with your consent)
• Cookies and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies

2.3 Information from Third Parties

• Background Check Providers: Criminal history, credit reports, and professional verification data
• Data Brokers: Publicly available information, social media profiles, and professional networking data
• Business Partners: Information shared by program alumni, accelerator participants, and strategic partners
• Government Sources: Regulatory filings, court records, and other public information

3. Legal Bases for Processing (GDPR Compliance)

We process your personal information based on the following legal grounds:

• Consent: Where you have given clear consent for specific processing activities
• Contract Performance: Processing necessary for the performance of contracts or pre-contractual measures
• Legal Obligation: Compliance with legal requirements, including AML, KYC, and securities regulations
• Legitimate Interests: Our legitimate business interests, including fraud prevention, security, and business development
• Vital Interests: Protection of life or physical safety in emergency situations
• Public Task: Performance of tasks carried out in the public interest or in the exercise of official authority

4. How We Use Your Information

We use your personal information for various business purposes, always in accordance with applicable law and this Policy:

4.1 Accelerator Program Operations

• Evaluating accelerator applications and conducting startup assessments
• Managing accelerator participants and providing mentorship services
• Facilitating introductions and networking opportunities
• Preparing program documentation and participation agreements
• Monitoring startup progress and providing ongoing support

4.2 Regulatory Compliance and Legal Requirements

• Verifying identity and conducting background checks (KYC/AML)
• Ensuring compliance with securities laws and regulations
• Maintaining records for regulatory reporting and audits
• Responding to legal requests and government inquiries
• Preventing fraud, suspicious activities, and other illegal activities

4.3 Communication and Customer Service

• Responding to inquiries and providing customer support
• Sending important notices and updates about our services
• Delivering marketing communications (with your consent)
• Conducting surveys and gathering feedback
• Organizing events and educational programs

4.4 Platform Improvement and Analytics

• Analyzing usage patterns and user behavior
• Improving website functionality and user experience
• Developing new features and services
• Conducting market research and competitive analysis
• Personalizing content and recommendations

5. Information Sharing and Disclosure

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

• Legal and professional advisors (lawyers, accountants, consultants)
• Technology service providers (cloud hosting, software vendors)
• Background check and verification services
• Marketing and communication platforms
• Payment processors and business institutions

5.2 Program-Related Disclosures

• Co-partners and program partners (with appropriate confidentiality agreements)
• Program companies (for advisory and support purposes)
• Program committees and advisory boards
• Due diligence providers and third-party evaluators
• Exit transaction parties (acquirers, business partners)

5.3 Legal and Regulatory Requirements

• Government agencies and regulatory authorities
• Law enforcement and judicial authorities
• Tax authorities and business services
• Compliance with court orders and legal processes
• Protection of our legal rights and interests

6. Comprehensive Cookie Policy

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content.

6.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and security
• Performance Cookies: Collect information about website usage and performance
• Functional Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Track your activity across websites for advertising purposes
• Social Media Cookies: Enable social media features and content sharing

6.2 Third-Party Tracking Technologies

• Google Analytics and Google Tag Manager
• Social media pixels (LinkedIn, Twitter, Facebook)
• Marketing automation platforms
• Customer support and chat tools
• Security and fraud prevention services

6.3 Managing Cookie Preferences

You can control cookies through your browser settings, our cookie preference center, and opt-out tools provided by third-party services. Note that disabling certain cookies may affect website functionality.

7. Cross-Border Data Transfers

Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate.

7.1 Transfer Safeguards

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Binding Corporate Rules (BCRs) for intra-group transfers
• Certification schemes and codes of conduct
• Specific derogations for particular situations

7.2 Data Localization Requirements

We comply with local data residency requirements where applicable and maintain appropriate technical and organizational measures to protect transferred data.

8. Data Security Measures

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

8.1 Technical Safeguards

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication and access controls
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Secure backup and disaster recovery procedures

8.2 Organizational Measures

• Employee training on data protection and security
• Background checks for personnel with data access
• Confidentiality agreements and security policies
• Incident response and breach notification procedures
• Regular review and update of security measures

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach poses a high risk
• Provide clear information about the nature of the breach and recommended actions
• Document the breach and our response measures
• Take immediate steps to contain and remediate the breach

10. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, and protect our legitimate interests.

10.1 Retention Periods

• Program Records: 10 years after program completion or as required by business regulations
• Business Information: 7 years for tax and accounting purposes
• Communication Records: 5 years or as required by applicable law
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 26 months or as configured in analytics tools

10.2 Secure Deletion

When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent unauthorized recovery.

11. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

11.1 GDPR Rights (EU/UK Residents)

• Right of Access: Request copies of your personal information
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Limit how we use your information
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for specific processing activities

11.2 CCPA Rights (California Residents)

• Right to Know: Information about data collection and sharing practices
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Correct inaccurate personal information

11.3 Exercising Your Rights

To exercise your privacy rights, contact us using the information provided in Section 16. We will respond to your request within the timeframes required by applicable law and may need to verify your identity before processing your request.

12. Automated Decision-Making and Profiling

We may use automated processing, including profiling, to evaluate program opportunities, assess suitability, and personalize our services.

12.1 Types of Automated Processing

• Credit scoring and business risk assessment
• Program opportunity matching and recommendations
• Fraud detection and security monitoring
• Website personalization and content optimization
• Marketing segmentation and targeting

12.2 Your Rights Regarding Automated Processing

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. You may request human intervention, express your point of view, and contest automated decisions.

13. Third-Party Services and Links

Our website and services may contain links to third-party websites, applications, and services that are not operated by us.

13.1 Third-Party Privacy Practices

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

13.2 Social Media Integration

Our website may include social media features that collect information about your interaction with these features. Your interactions are governed by the privacy policies of the respective social media companies.

14. Children's Privacy

Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

Parents and guardians who believe their child has provided personal information to us should contact us immediately using the information provided in Section 16.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.1 Notification of Changes

• Material changes will be communicated via email or prominent website notice
• Non-material changes will be posted on our website
• Changes will be effective 30 days after notification for material changes
• Continued use of our services constitutes acceptance of updated terms

15.2 Version Control

We maintain previous versions of this Policy for reference and will provide access to historical versions upon request.

16. Contact Information and Data Protection Officer

For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns, please contact us:

16.1 Supervisory Authority Contact

If you are located in the EU/UK and have concerns about our data processing practices, you may lodge a complaint with your local supervisory authority or the lead supervisory authority in Ireland.

16.2 Response Timeframes

We will acknowledge receipt of your privacy request within 5 business days and provide a substantive response within the timeframes required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA requests).