ScaffoldScaffold

Privacy Policy

Last updated: April 12, 2026

This Privacy Policy explains how Scaffold Technologies, Inc. ("Scaffold," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with our website, products, services, communications, and related activities.

This Privacy Policy applies to:

  • visitors to scaffoldhq.com and related websites we operate
  • people who contact us, request a demo, apply for a pilot, or otherwise communicate with us
  • users of the Scaffold product and administrators who connect third-party systems to Scaffold

If you enter into a separate written agreement with us for paid or pilot services, that agreement may include additional privacy, security, or data processing terms.

1. Personal information we collect

We collect personal information from a few sources.

A. Information you provide directly

We may collect information you provide to us, such as:

  • name
  • work email address
  • company name
  • job title
  • phone number, if you provide it
  • demo, pilot, support, or contact form submissions
  • communications you send to us
  • account, profile, or workspace setup information

B. Information collected when you use the website or product

We may automatically collect certain information when you interact with our website or product, including:

  • IP address
  • browser type and device information
  • operating system
  • timestamps and pages viewed
  • referral URLs
  • product usage events
  • error logs and diagnostic data
  • cookie or similar technology data, where used

C. Information from connected services

If your organization or an authorized user connects a third-party service to Scaffold, we may receive information from that service, depending on the connection and permissions granted. This can include:

  • calendar and meeting metadata
  • employee directory and manager relationship data
  • feedback events, check-ins, or similar people-operations records
  • action items or follow-through data
  • Slack identifiers needed to deliver nudges or messages
  • documents uploaded for policy or framework retrieval

As of the date above, Scaffold does not read Slack message content. As of the date above, Scaffold also does not process meeting audio, video, or full meeting transcripts unless and until we explicitly introduce that functionality and update this Privacy Policy.

D. Information from other sources

We may receive information from service providers, analytics vendors, referral partners, or publicly available sources where permitted by law.

2. How we use personal information

We use personal information for the following purposes:

  • to operate, maintain, and improve the website and product
  • to create and manage accounts and workspaces
  • to authenticate users and secure the service
  • to provide manager-facing features such as reminders, coaching suggestions, dashboards, and follow-through support
  • to provide admin-facing reporting and workspace administration features
  • to process integrations authorized by the customer or user
  • to respond to requests, support inquiries, and communications
  • to send service messages, updates, and administrative notices
  • to understand usage, troubleshoot issues, and improve reliability
  • to detect, investigate, and prevent fraud, abuse, or security incidents
  • to comply with legal obligations and enforce our terms
  • to evaluate pilot interest, sales opportunities, and customer relationships

If we use AI features to generate drafts, summaries, or recommendations, those outputs are intended to assist users, not replace human judgment.

3. Legal bases for processing (EEA, UK, and similar jurisdictions)

Where applicable, we rely on one or more of the following legal bases:

  • Contract: to provide the website, product, pilots, and related services you or your organization request
  • Legitimate interests: to secure, operate, improve, and market our services, and to support customer relationships, provided those interests are not overridden by your rights
  • Consent: where required by law, including for certain cookies or specific data uses
  • Legal obligation: where processing is necessary to comply with applicable law

4. How we disclose personal information

We may disclose personal information:

  • to vendors and service providers that help us host, secure, analyze, support, or operate the service
  • to integration providers and third-party services at your or your organization's direction
  • to advisors, auditors, or professional service providers under appropriate confidentiality obligations
  • to law enforcement, regulators, courts, or other third parties when required by law or necessary to protect rights, safety, or the service
  • in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets

We do not sell personal information.

As of the date above, we also do not share personal information for cross-context behavioral advertising.

5. Cookies and similar technologies

We may use cookies and similar technologies to operate the website and understand usage. These may include:

  • Essential cookies for core site functionality, security, and session management
  • Analytics cookies to understand traffic and product usage

Where required by law, we will ask for consent before using non-essential cookies.

6. AI feature processing

Scaffold uses AI to provide certain product features, such as summaries, coaching suggestions, policy-grounded responses, and drafting assistance.

We design those features to minimize unnecessary data exposure. We do not send secrets such as integration credentials to AI models. We also do not use customer content to train public AI models.

AI outputs may be inaccurate, incomplete, or inappropriate in a given context. Users remain responsible for reviewing outputs before relying on them.

7. Google API Services data

If you choose to connect Google services to Scaffold, we may access Google user data only as needed to provide the user-facing features you have requested.

We aim to request the minimum relevant Google permissions and to explain what data is being accessed and why. If we materially change how we use Google user data, we will update our disclosures and, where required, request additional consent.

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8. Data retention

We retain personal information for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and business records.

Retention periods may vary depending on the type of information, customer settings, legal obligations, and whether the information is needed for security, support, or operational continuity.

If you close an account or a customer relationship ends, we may delete or de-identify information in accordance with our retention schedule, contractual commitments, and legal obligations.

9. Security

We use administrative, technical, and physical safeguards designed to protect personal information. These safeguards include measures such as:

  • role-based access controls
  • encryption in transit
  • encryption at rest through infrastructure providers
  • audit logging for important actions
  • tenant-aware access controls
  • monitoring, backups, and operational safeguards

No system is perfectly secure, and we cannot guarantee absolute security.

10. International data transfers

We and our service providers may process personal information in the United States and other countries where we or our providers operate.

When required by law, we take steps intended to provide appropriate safeguards for international transfers.

11. Your privacy rights

Depending on where you live, you may have rights such as the right to:

  • access personal information we hold about you
  • correct inaccurate personal information
  • delete personal information
  • object to or restrict certain processing
  • withdraw consent where processing is based on consent
  • receive a copy of certain information in portable form
  • lodge a complaint with a supervisory authority

To exercise rights, contact us at privacy@scaffoldhq.com. We may need to verify your identity before completing a request.

12. California privacy disclosures

If you are a California resident, you may have the right to:

  • know what personal information we collect and how we use and disclose it
  • request deletion of personal information, subject to exceptions
  • request correction of inaccurate personal information
  • opt out of the sale or sharing of personal information
  • limit the use and disclosure of sensitive personal information in certain cases
  • receive equal service and pricing without discrimination for exercising your rights

As of the date above, Scaffold does not sell personal information and does not share personal information for cross-context behavioral advertising.

To exercise California rights, contact us at privacy@scaffoldhq.com.

13. Children's privacy

Scaffold is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If you believe a child has provided personal information to us, contact us and we will take appropriate steps.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and update the "Last updated" date above. Where required by law, we will provide additional notice or obtain consent.

15. Contact us

If you have questions about this Privacy Policy or our privacy practices, contact:

Scaffold Technologies, Inc.
privacy@scaffoldhq.com

Trust overview|Terms of Service