Our Privacy Philosophy
We believe in minimal data collection focused on what's necessary to provide our services. We do not sell your personal data, do not use behavioral advertising, and are transparent about how we handle your information.
1. Introduction
CleanScale ("CleanScale," "we," "us," or "our") operates the CleanScale platform, including the web application at app.cleanscale.io, mobile applications, and this marketing website at cleanscale.io (collectively, the "Services").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. By using CleanScale, you agree to this Privacy Policy.
2. Information We Collect
Information You Provide
- Account Information: Name, email, phone number, business name, business address
- Payment Information: Processed by Stripe; we do not store credit card numbers
- Business Data: Customer records, job schedules, invoices, employee information
- Communications: Support requests, feedback, and correspondence
Information Collected Automatically
- Device Information: Device type, operating system, unique identifiers
- Usage Data: Pages viewed, features used, time spent
- Location Data: GPS coordinates (only when you use GPS tracking features and consent)
- Log Data: IP address, browser type, timestamps
3. Cookie Policy
Essential Cookies: We use minimal essential cookies for authentication and session management.
Analytics: We use privacy-respecting Cloudflare Web Analytics which does not use cookies or track individuals.
Not Used: We do not use Google Analytics, advertising cookies, social media tracking, or behavioral profiling.
4. How We Use Your Information
- Provide Services: Process jobs, scheduling, invoicing, and GPS tracking
- Improve Services: Analyze usage patterns, fix bugs, develop features
- Communicate: Send service updates and marketing (with consent)
- Security: Detect fraud and protect against abuse
- Legal Compliance: Meet regulatory requirements
5. How We Share Your Information
We share information with trusted service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloudflare | Hosting, CDN, security | Usage data, IP addresses |
| Neon | Database hosting | All business data |
| Stripe | Payment processing | Payment, billing info |
| Clerk | Authentication | Account credentials |
| Twilio | SMS notifications | Phone numbers |
| Mapbox | Maps and routing | Addresses, coordinates |
All service providers are contractually required to protect your data and only use it for specified purposes.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until deletion + 30 days |
| Business records | 7 years (tax/legal) |
| GPS/location data | 90 days rolling |
| Payment records | 7 years (legal) |
| Security logs | 90 days |
7. Your Rights and Choices
- Access & Portability: Export your data in CSV format from Settings
- Correction: Update information through account settings
- Deletion: Request account deletion via Settings; processed within 30 days
- Marketing Opt-Out: Unsubscribe via email links or Settings
- GPS Consent: Disable GPS features anytime in mobile app settings
8. GDPR Rights (EEA/UK Users)
Under GDPR Articles 15-22, you can exercise:
- Access (Art. 15): Request all personal data we hold
- Rectification (Art. 16): Correct inaccurate information
- Erasure (Art. 17): Request deletion of your data
- Restriction (Art. 18): Limit processing during disputes
- Portability (Art. 20): Receive data in machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interests
To exercise these rights, contact privacy@cleanscale.io. We respond within 30 days.
9. California Privacy Rights (CCPA/CPRA)
We do not sell personal information and have no plans to do so.
California residents have the right to:
- Know what personal information is collected and shared
- Delete personal information
- Correct inaccurate information
- Non-discrimination for exercising rights
To exercise these rights, email privacy@cleanscale.io. We respond within 45 days.
10. Data Breach Notification
In the event of a data breach affecting your personal information:
- Supervisory authority notification within 72 hours (GDPR)
- Direct user notification if high-risk breach
- Notification includes breach nature, consequences, and mitigation measures
Report suspected incidents to security@cleanscale.io.
11. Security
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Access Control: Role-based permissions, MFA
- Monitoring: 24/7 security monitoring
- Infrastructure: Cloudflare DDoS protection, WAF
12. Children's Privacy
CleanScale is professional business software not directed at children. We do not knowingly collect information from users under 13 (US) or under 16 (EU). If we discover child data, it will be immediately deleted.
13. International Data Transfers
Our Services are hosted in the United States. For EU/UK users, we protect transfers through Standard Contractual Clauses, encryption, and access controls.
14. Changes to This Policy
- Material Changes: Email notification 30 days before implementation
- Minor Updates: Posted here with updated date
- Continued Use: Constitutes acceptance of changes
15. Contact Us
CleanScale, Inc.
- Privacy: privacy@cleanscale.io
- Support: support@cleanscale.io
- Security: security@cleanscale.io
CleanScale, Inc.
7901 4TH St N Ste 300
Saint Petersburg, FL 33702-4399
United States
16. Supervisory Authorities
EU Residents: Contact your local data protection authority (Find authority)
UK Residents: Information Commissioner's Office (Lodge complaint)