Privacy Policy

1. Introduction

Good to Growing, Inc., a Texas corporation doing business as ScaleBoss AI ("ScaleBoss," "Company," "we," "us," or "our"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect information, including personal data, when you access or use our websites, mobile applications, software-as-a-service platform, and all related services (collectively, the "Services").

ScaleBoss AI is a comprehensive business operating system that combines analytics, employee reviews, performance management, and artificial intelligence-powered insights to facilitate informed decision-making within organizations.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

This Privacy Policy should be read in conjunction with our Terms of Service, which are incorporated herein by reference.

2. Scope of This Privacy Policy

2.1 What This Policy Covers

This Privacy Policy describes ScaleBoss's privacy practices in relation to information we collect as a data controller, including in the context of:

• Our websites, including scaleboss.ai and related domains
• Our Services, including our web and mobile applications
• User account registration and management
• Marketing and promotional communications
• Customer support interactions
• Any other activities where we display or link to this Privacy Policy

2.2 What This Policy Does Not Cover

This Privacy Policy does not apply to information we process solely as a data processor or service provider on behalf of our customers ("Customer Data"). When organizations that purchase our Services ("Customers") use the platform to process data about their employees, contractors, or other individuals, they control and are responsible for the collection and use of that data, and ScaleBoss acts as a processor on their behalf. The processing of such Customer Data is governed by our agreements with the applicable Customer and the Customer's own privacy notices.

If you are an employee or contractor of an organization that uses ScaleBoss, you should contact that organization with any questions about how your data is handled.

This Privacy Policy also does not apply to third-party websites, services, or applications that may be linked to or integrated with our Services. We are not responsible for the privacy practices of such third parties.

3. Who We Are

ScaleBoss AI is operated by Good to Growing, Inc., a Texas corporation. For the purposes of applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), ScaleBoss is the data controller of the personal information described in this Privacy Policy, except where we process data solely as a processor on behalf of our Customers.

Contact Information:

Good to Growing, Inc. (d/b/a ScaleBoss AI)
6705 W Highway 290 Ste 607 #2006
Austin, TX 78735
Email: legal@scaleboss.ai

4. Information We Collect

We collect information in several ways, as described below.

4.1 Information You Provide Directly

When you interact with our Services, you may provide us with various types of information:

4.2 Information Collected Through the Services

When you use our Services, you or your organization may submit various types of data:

• Business and Organizational Data: Information about your organization's structure, goals, metrics, key performance indicators (KPIs), business strategies, and operational data.
• Employee and Personnel Data: Information about employees, contractors, and other personnel, which may include names, contact information, job titles, department information, performance reviews, goals, feedback, compensation data, and other human resources information. This data is typically uploaded or entered by your organization or its administrators.
• Analytics and Performance Data: Data related to business performance, including metrics, scorecards, reports, and analytical outputs generated through the Services.
• User-Generated Content: Content created or uploaded by users within the Services, including notes, comments, documents, files, and other materials.

4.3 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

• Usage Data: Information about how you interact with our Services, including features used, pages viewed, actions taken, search queries, session duration, and navigation paths.
• Device and Browser Information: Information about the device and browser you use to access our Services, including device type, operating system, browser type and version, screen resolution, language settings, and unique device identifiers.
• Network and Connection Information: Information about your network connection, including your Internet Protocol (IP) address, Internet service provider, mobile carrier, and connection speed.
• Location Information: General location information derived from your IP address, such as city, state, and country. We do not collect precise geolocation data without your explicit consent.
• Log Data: Server logs that record information about your use of the Services, including access times, error logs, and referring URLs.

4.4 Information from Third-Party Sources

We may collect information about you from third-party sources, including:

• Third-Party Integrations: If you or your organization connects third-party services or applications to our Services (such as CRM systems, HR systems, or other business tools), we may receive information from those services as necessary to provide the integrated functionality.
• Single Sign-On Providers: If you choose to log in using a single sign-on service (such as Google or Microsoft), we receive certain profile information from that service as authorized by you.
• Business Partners and Referrals: We may receive information from business partners, resellers, or referral sources, such as your name, email address, company, and interest in our Services.
• Publicly Available Sources: We may collect information from publicly available sources, such as professional networking sites, company websites, and public databases, to supplement information we hold.

4.5 Categories of Personal Information (CCPA)

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), we may collect the following categories of personal information:

• Identifiers (e.g., name, email address, phone number, IP address, account username)
• Personal information described in California Civil Code Section 1798.80(e) (e.g., name, address, telephone number, employment information)
• Commercial information (e.g., products or services purchased, transaction history)
• Internet or other electronic network activity information (e.g., browsing history, search history, interactions with our Services)
• Geolocation data (general location derived from IP address)
• Professional or employment-related information (e.g., job title, employer, professional history)
• Inferences drawn from any of the above categories to create a profile about you

We do not knowingly collect sensitive personal information as defined under the CCPA/CPRA, such as Social Security numbers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, or genetic data, except where such information is voluntarily provided by Customers as part of their use of the Services.

5. How We Use Your Information

We use the information we collect for various purposes, including:

5.1 Providing and Operating the Services

• Creating and managing your account
• Providing access to and operating the Services
• Processing transactions and billing
• Providing customer support and responding to inquiries
• Sending service-related communications, such as confirmations, technical notices, updates, security alerts, and administrative messages
• Enabling integrations with third-party services

5.2 Improving and Developing the Services

• Analyzing usage patterns and trends to understand how users interact with our Services
• Identifying and fixing bugs, errors, and technical issues
• Conducting research and development to improve existing features and develop new features
• Generating aggregated, anonymized, or de-identified data for analytics, benchmarking, and product improvement purposes

5.3 Marketing and Communications

• Sending promotional emails, newsletters, and other marketing communications (where you have consented or as otherwise permitted by law)
• Displaying targeted advertisements
• Conducting market research and surveys
• Personalizing your experience and tailoring content to your interests

5.4 Security and Fraud Prevention

• Verifying accounts and authenticating users
• Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity
• Protecting the security and integrity of our Services
• Enforcing our Terms of Service and other policies

5.5 Legal and Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Establishing, exercising, or defending legal claims
• Protecting our rights, property, and safety, and those of our users and others

6. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal bases under the GDPR or equivalent legislation:

• Contractual Necessity: Processing necessary to perform our contract with you, including providing the Services, managing your account, and processing payments.
• Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. Our legitimate interests include operating and improving our Services, marketing our Services, preventing fraud, and ensuring security.
• Consent: Processing based on your consent, such as for marketing communications and certain cookies. You may withdraw your consent at any time.
• Legal Obligation: Processing necessary to comply with our legal obligations under applicable law.

7. Artificial Intelligence and Data Usage

7.1 AI-Powered Features

ScaleBoss AI incorporates artificial intelligence and machine learning technologies to provide features such as analytics, insights, recommendations, predictions, and automated processing. These AI features are powered by both our proprietary technology and third-party AI service providers, including OpenAI and Anthropic.

7.2 How AI Processes Your Data

When you use AI-powered features, certain data may be transmitted to our third-party AI providers for processing. This may include text prompts, queries, and contextual data necessary to generate AI outputs. We take the following measures to protect your data:

• We maintain contractual agreements with our AI providers that restrict their use of your data to providing the requested services only
• Our AI providers are contractually prohibited from using your data to train their general-purpose AI models
• We implement technical measures to minimize the amount of data shared with AI providers
• We regularly review our AI providers' privacy and security practices

7.3 Internal AI Development

We may use aggregated, anonymized, or de-identified data derived from your use of the Services to improve our AI models and algorithms. We do not use raw, identifiable personal data to train our AI systems without your explicit consent.

7.4 AI Limitations and Human Oversight

AI-generated outputs are intended to assist and inform human decision-making, not replace it. ScaleBoss does not engage in fully automated decision-making that produces legal or similarly significant effects on individuals without human intervention. We recommend that users review and validate all AI-generated outputs before relying on them for material decisions.

8. How We Share Your Information

We do not sell your personal information. We share your information only in the circumstances described below:

8.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., Amazon Web Services)
• Payment processors (e.g., Stripe)
• AI service providers (e.g., OpenAI, Anthropic)
• Analytics and monitoring services
• Customer support tools
• Email and communication services
• Marketing and advertising platforms

Our service providers are contractually bound to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

8.2 Your Organization

If you use the Services through an organization (such as your employer), we may share information about your account and usage with that organization's administrators as necessary to provide and manage the Services. Your organization may have its own policies regarding the collection and use of your information.

8.3 Third-Party Integrations

If you or your organization enable integrations with third-party services, we may share information with those services as necessary to provide the integrated functionality. The sharing of information with third-party services is governed by your agreements with those services and their privacy policies.

8.4 Legal Compliance and Protection

We may disclose information if we believe it is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of ScaleBoss, our users, and others
• Detect, prevent, or address fraud, security, or technical issues
• Respond to an emergency involving danger of death or serious physical injury

8.5 Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring or surviving entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

8.6 With Your Consent

We may share your information for other purposes with your consent or at your direction.

8.7 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including research, analytics, benchmarking, and marketing.

9. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period may vary depending on the type of information and the context in which it was collected.

Generally, we retain:

• Account information for as long as your account is active and for a reasonable period thereafter
• Transaction and billing records as required by tax and accounting laws
• Customer Data in accordance with our agreements with Customers and their instructions
• Usage data and logs for a limited period for analytics and security purposes
• Marketing preferences and opt-out records indefinitely to respect your choices

When we no longer have a legitimate need to retain your information, we will securely delete or anonymize it.

10. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, use, alteration, and destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection and security
• Incident response and breach notification procedures

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

If you become aware of any unauthorized access to or use of your account, please notify us immediately at legal@scaleboss.ai.

11. International Data Transfers

ScaleBoss is based in the United States, and your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate. These countries may have data protection laws that are different from, and potentially less protective than, the laws of your country.

If you are located in the EEA, UK, or Switzerland, we take appropriate steps to ensure that your personal data receives an adequate level of protection when transferred outside those regions. These steps may include:

• Relying on adequacy decisions by the European Commission
• Entering into Standard Contractual Clauses approved by the European Commission
• Implementing appropriate supplementary measures where required

By using our Services, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

12. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights.

12.1 Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

12.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: The right to know what personal information we collect, use, disclose, and sell about you.
• Right to Access: The right to request access to and obtain a copy of the specific pieces of personal information we have collected about you.
• Right to Delete: The right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: The right to opt out of the sale or sharing of your personal information. Note: We do not sell personal information.
• Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information. Note: We do not use sensitive personal information for purposes beyond what is necessary to provide the Services.
• Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

12.3 Exercising Your Rights

To exercise any of the rights described above, please contact us at legal@scaleboss.ai or visit our Your Privacy Choices page. We will respond to your request within the timeframe required by applicable law (generally within 30-45 days).

We may need to verify your identity before processing your request to ensure the security of your personal information. If you make a request through an authorized agent, we may require proof of authorization.

If you are an employee or user whose organization uses our Services, please direct your privacy requests to your organization, as they control your data within the Services.

12.4 Marketing and Communication Preferences

You may opt out of receiving marketing communications from us by:

• Clicking the "unsubscribe" link in our marketing emails
• Contacting us at legal@scaleboss.ai
• Adjusting your preferences in your account settings

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related communications, such as account notifications, security alerts, and updates about the Services.

12.5 Cookie Preferences

You can manage your cookie preferences through your browser settings or by clicking "Cookie Preferences" in the footer of our website. Please note that blocking certain cookies may affect the functionality of our Services.

13. Children's Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at legal@scaleboss.ai.

14. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any personal information to them.

15. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that lets you tell websites that you do not want to have your online activities tracked. Our Services do not currently respond to DNT signals. However, you can manage your cookie preferences as described in this Privacy Policy.

16. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your use of our Services and to provide, improve, and personalize our Services. These technologies help us:

• Remember your preferences and settings
• Authenticate users and prevent fraud
• Analyze usage patterns and improve our Services
• Deliver targeted advertising and measure ad effectiveness
• Provide customer support

Types of Cookies We Use

• Essential Cookies: Required for the operation of our Services, including authentication, security, and load balancing. These cookies cannot be disabled.
• Functional Cookies: Used to remember your preferences and provide enhanced functionality and personalization.
• Analytics Cookies: Used to understand how visitors interact with our Services, including which pages are visited most often and how users navigate through the site.
• Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns.

Managing Cookie Preferences

You can manage your cookie preferences by clicking "Cookie Preferences" in the footer of our website. You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking certain cookies may affect the functionality of our Services.

Third-Party Analytics and Advertising

We use third-party analytics services, such as Google Analytics, to help us understand how users interact with our Services. These services may use cookies and similar technologies to collect information about your use of our Services and other websites. We may also use third-party advertising services to deliver targeted advertisements based on your interests.

For more information about how Google uses data, please visit Google's Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post a notice on our website or within the Services
• Where required by law, seek your consent to the changes

We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of such changes.

18. Additional State-Specific Disclosures

18.1 California Residents

In addition to the rights described in Section 12.2, California residents are entitled to the following disclosures:

• Categories of Personal Information Collected: In the preceding 12 months, we have collected the categories of personal information described in Section 4.5 of this Privacy Policy.
• Sources of Personal Information: We collect personal information from the sources described in Section 4 of this Privacy Policy.
• Business or Commercial Purposes: We use personal information for the purposes described in Section 5 of this Privacy Policy.
• Categories Disclosed for Business Purposes: We disclose personal information to the categories of recipients described in Section 8 of this Privacy Policy.
• Sale or Sharing of Personal Information: We do not sell personal information as defined under the CCPA. We may share personal information for cross-context behavioral advertising purposes through cookies and similar technologies, which may constitute "sharing" under the CCPA. You may opt out of such sharing by adjusting your cookie preferences.
• Retention: We retain personal information as described in Section 9 of this Privacy Policy.
• Financial Incentives: We do not offer financial incentives in exchange for personal information.

18.2 Virginia, Colorado, Connecticut, and Other State Residents

If you are a resident of Virginia, Colorado, Connecticut, or another state with comprehensive privacy legislation, you may have similar rights to those described in Section 12.2. Please contact us at legal@scaleboss.ai to exercise your rights under applicable state law.

19. Contact Information

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us at:

Good to Growing, Inc. (d/b/a Scale B.O.S.S., Scale B.O.S.S. AI)
6705 W Highway 290 Ste 607 #2006
Austin, TX 78735
Email: legal@scaleboss.ai

We will respond to your inquiry within 30 days or as required by applicable law.

Thank you for taking the time to read our Privacy Policy. Your privacy is important to us, and we are committed to protecting your personal information.