Scaffold Trust

Scaffold is built to help companies improve manager execution without forcing them to replace the tools they already use. We believe trust is a product requirement, not a legal afterthought.

Last updated: April 12, 2026

What Scaffold does

Scaffold is a manager execution intelligence platform. It reads signals from tools a company already uses, such as calendar systems, selected HR platforms, and Slack, and turns those signals into coaching, nudges, follow-through tracking, and manager operating insights.

Scaffold is designed as an overlay, not a new system of record. Our goal is to help managers run better 1:1s, give more consistent feedback, and follow through on commitments.

What Scaffold does not do

As of the date above, Scaffold does not:

Read Slack messages or channel history
Sell customer data
Use customer data for advertising
Use customer data to train public AI models
Auto-send sensitive feedback or take employment actions on a customer's behalf
Process meeting audio, video, or full meeting transcripts unless and until we explicitly add that capability and update our disclosures

You remain responsible for employment decisions, policy enforcement, and manager oversight.

Security principles

We design Scaffold around a few simple principles:

Least privilege

We request the minimum permissions we need to provide the feature the customer has enabled.

Separation by organization

Your data is logically separated by organization. We use tenant-aware access controls and database-level protections to prevent cross-organization access.

Encryption in transit and at rest

We use TLS for data in transit and encryption at rest through our infrastructure providers.

Reviewability

Important system actions are logged. We maintain audit records for security- and governance-relevant events such as logins, integration changes, policy uploads, and administrative actions.

Retention and deletion controls

We support retention controls and account-level deletion workflows. You can contact us to request deletion of your organization data, subject to legal and contractual requirements.

Access controls

Access to Scaffold is role-based. We limit access according to user role and organization membership. Administrative functions, including audit visibility and integration management, are restricted to authorized users.

Internal access to customer data is limited to personnel and subprocessors who need it to operate, secure, or support the service.

AI and model usage

Scaffold uses AI to help generate pre-meeting briefs, coaching suggestions, summaries, policy-grounded answers, and draft language.

Our approach to AI is conservative:

AI outputs are assistive, not autonomous
Sensitive actions require human review
We minimize the amount of personal data sent to AI providers
We do not send secrets such as integration credentials to AI models
We do not use customer content to train public foundation models

As of the date above, we primarily send summarized or structured context needed to generate the requested output. Where a customer asks Scaffold to use policy documents for retrieval-based responses, those materials are used only to answer the customer's requests within that customer's workspace.

Integration handling

Scaffold is built to work with a company's existing stack.

Calendar systems

Scaffold may access calendar metadata needed to identify recurring manager-report meetings and related scheduling patterns.

HR and performance systems

Scaffold may access employee directory data, manager relationships, feedback events, check-ins, or similar records made available by the customer's connected systems.

Slack

Scaffold currently uses Slack as a delivery surface for nudges, reminders, and similar manager-facing messages. As of the date above, Scaffold does not read Slack message content.

Uploaded documents

If you upload policies, frameworks, or other internal guidance, Scaffold may index and retrieve those materials to answer policy questions or provide context inside the product.

Privacy commitments

We do not sell personal information.
We do not use customer data for cross-context behavioral advertising.
We do not request permissions we do not need.
We aim to be clear about what data we access, why we access it, and how long we keep it.
If we materially change how we use customer data, we will update our disclosures and, where required, seek additional consent.

Compliance posture

Scaffold is being built with controls aligned to enterprise expectations, including access control, encryption, audit logging, retention controls, and documented privacy/security practices.

Unless we explicitly say otherwise in writing, references to frameworks such as SOC 2 or ISO 27001 mean our controls are designed with those standards in mind. They do not mean Scaffold is certified unless we state that separately.

If you need a Data Processing Addendum, security questionnaire, or additional documentation during a pilot or procurement process, contact us at privacy@scaffoldhq.com.

Responsible use

Scaffold is intended to support coaching, manager development, and operational follow-through. It is not legal advice, and it is not a substitute for HR, legal, or managerial judgment.

You are responsible for deciding whether and how to use Scaffold outputs in employment-related processes. We recommend human review for any sensitive workflow.

Incident reporting

If you believe you have discovered a security vulnerability or have a security question, email privacy@scaffoldhq.com.

Please include enough detail for us to investigate. Do not access, modify, or share data that does not belong to you.