Privacy Policy

Effective Date: March 2026

1. Data Controller

Scaly AB ("we", "us") is the data controller for personal data processed through the Elixir platform. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

  • Account data: Name, email address, and profile picture from your Google account.
  • Uploaded documents: Financial documents you upload for analysis (SIE4, PDF, XLSX, CSV, DOCX, images).
  • Usage data: Platform interactions, feature usage, and session information for service improvement.
  • AI interactions: Chat messages and queries submitted to the AI assistant.

3. How We Use Your Data

  • To provide and operate the Elixir platform services.
  • To process and analyze your financial documents using AI.
  • To generate financial insights, KPIs, and reports.
  • To improve the accuracy and quality of our services.
  • To communicate service updates and security notifications.

4. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL) with encryption at rest and in transit. We implement industry-standard security measures including role-based access control, audit logging, and secure authentication via Google OAuth.

5. Third-Party Services

  • Google OAuth: Authentication provider.
  • Anthropic (Claude): AI processing for document analysis and chat.
  • Supabase: Database and storage infrastructure.
  • Vercel: Hosting and deployment platform.

We do not sell your data to third parties. Data shared with service providers is limited to what is necessary to deliver the Platform's functionality.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate personal data.
  • Erase your personal data ("right to be forgotten").
  • Restrict processing of your personal data.
  • Data portability — receive your data in a structured format.
  • Object to processing of your personal data.

You can exercise these rights through the Platform's Settings page or by contacting us directly.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your personal data and uploaded documents are permanently removed within 30 days, in compliance with GDPR requirements.

8. Cookies

We use essential session cookies required for authentication and platform operation. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Platform.

10. Contact

For privacy-related inquiries, contact our Data Protection team at privacy@scaly.se.

← Back to sign up
Powered by Scaly