Legal

Privacy Policy

Version 1.1 — Last updated March 2026

How Scaleflow collects, uses, and safeguards your personal data under GDPR.

Privacy PolicyTerms of ServiceDPACookies

Scale Force Consultancy B.V., trading as Scaleflow ("we", "us", "our"), is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website (scaleflow.com), engage with our services, or interact with us as a client or prospective client.

Scaleflow is part of a corporate group that includes Scale Force B.V. Where relevant, personal data may be shared within this group for the purposes described below.

Article 1

Who We Are

Data controller:
Scale Force Consultancy B.V. (trading as "Scaleflow")
Registered in Amsterdam, Netherlands

Contact for privacy matters:
privacy@scaleflow.com

Article 2

What Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with us:

Website visitors

  • IP address
  • Browser type and version
  • Device information
  • Pages visited, referring URL, and browsing behaviour
  • Company information derived from IP address (via B2B visitor identification — see Article 7)
  • Cookie identifiers and analytics data

Clients and client personnel

  • Developer names, email addresses, and usernames
  • Commit metadata (e.g., timestamps, repository activity)
  • Infrastructure usernames and access logs
  • IP addresses
  • Project management contact details

Prospective clients and business contacts

  • Name and job title
  • Company name
  • Email address and phone number
  • Communication history

Article 3

Why We Process Your Data and Our Legal Basis

PurposeData involvedLegal basis (GDPR)
Providing and operating our websiteIP address, device data, cookiesLegitimate interest (Art. 6(1)(f))
Website analytics and improvementBrowsing data, analytics cookiesConsent (Art. 6(1)(a)) for non-essential cookies; Legitimate interest for aggregated analytics
B2B visitor identificationIP address, company informationLegitimate interest (Art. 6(1)(f))
Delivering our services to clientsDeveloper data, commit metadata, access logs, contact detailsPerformance of a contract (Art. 6(1)(b))
Managing client relationshipsContact details, communication historyPerformance of a contract (Art. 6(1)(b)) or Legitimate interest (Art. 6(1)(f))
Sales and business developmentContact details, company informationLegitimate interest (Art. 6(1)(f))
Compliance with legal obligationsAny data required by lawLegal obligation (Art. 6(1)(c))
Protecting our legitimate business interestsVariousLegitimate interest (Art. 6(1)(f))

Where we rely on legitimate interest, we have conducted balancing tests to ensure our interests do not override your fundamental rights. Contact us at privacy@scaleflow.com to request details.

Article 4

How Long We Keep Your Data

Client project data: Deleted within 30 days of completion of the relevant Statement of Work. Backups are purged within 90 days.

Website analytics data: Retained for up to 26 months, or as configured in our analytics tools.

Business contact data: Retained for the duration of an active business relationship, plus up to 2 years after the last meaningful contact.

Cookie data: Retention periods vary by cookie. See our Cookie Statement for details.

Article 5

Who We Share Your Data With

We may share your personal data with:

  • Scale Force B.V. and other entities within our corporate group, for internal administration and service delivery.
  • Sub-processors who assist in delivering our services (e.g., cloud hosting, analytics tools). We notify clients at least 14 days in advance of any new sub-processor.
  • Professional advisors such as lawyers and accountants, where necessary.
  • Authorities where required by law or to protect our legal rights.

We do not sell your personal data.

Article 6

International Data Transfers

We process personal data primarily within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision.

Article 7

B2B Website Visitor Identification

We use Snitcher to identify the companies visiting our website based on IP address lookups. This resolves IP addresses to company names — it does not identify individual visitors by name. We rely on our legitimate interest in understanding which organisations visit our website for business development purposes.

You can opt out of Snitcher tracking by visiting snitcher.com/opt-out.

Article 8

Cookies and Tracking

We use cookies and similar technologies on our website. For full details, please see our Cookie Statement.

Article 9

Your Rights Under GDPR

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate personal data (Art. 16)
  • Erase your personal data ("right to be forgotten") (Art. 17)
  • Restrict the processing of your personal data (Art. 18)
  • Data portability — receive your data in a structured, commonly used format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time where processing is based on consent (Art. 7(3))
  • Not be subject to automated decision-making, including profiling (Art. 22)

To exercise any of these rights, contact us at privacy@scaleflow.com. We will respond within one month.

Article 10

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands
autoriteitpersoonsgegevens.nl · +31 (0)70 888 8500

We would appreciate the opportunity to address your concerns before you approach the supervisory authority.

Article 11

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including encryption, access controls, and regular security reviews.

In the event of a personal data breach, we will notify the relevant supervisory authority within 48 hours and, where required, inform affected individuals without undue delay.

Article 12

No Special Categories of Data

We do not intentionally collect or process special categories of personal data (such as health data, biometric data, or data revealing racial or ethnic origin). If we become aware that such data has been inadvertently collected, we will delete it promptly.

Article 13

Children

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@scaleflow.com.

Article 14

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page.

Article 15

Contact Us

Scale Force Consultancy B.V. (trading as Scaleflow)
Amsterdam, Netherlands
Email: privacy@scaleflow.com