← Back to home

Privacy Policy

Version 1.1 — Last updated March 2026

Scale Force Consultancy B.V., trading as Scaleflow (“we”, “us”, “our”), is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website (scaleflow.com), engage with our services, or interact with us as a client or prospective client.

Scaleflow is part of a corporate group that includes Scale Force B.V. Where relevant, personal data may be shared within this group for the purposes described below.

Article 1

Who We Are

Data controller:
Scale Force Consultancy B.V. (trading as “Scaleflow”)
Registered in Amsterdam, Netherlands

Contact for privacy matters:
privacy@scaleflow.com

Article 2

What Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with us:

Website visitors

  • IP address
  • Browser type and version
  • Device information
  • Pages visited, referring URL, and browsing behaviour
  • Company information derived from IP address (via B2B visitor identification — see Article 7)
  • Cookie identifiers and analytics data

Clients and client personnel

  • Developer names, email addresses, and usernames
  • Commit metadata (e.g., timestamps, repository activity)
  • Infrastructure usernames and access logs
  • IP addresses
  • Project management contact details

Prospective clients and business contacts

  • Name and job title
  • Company name
  • Email address and phone number
  • Communication history

Article 3

Why We Process Your Data and Our Legal Basis

PurposeData involvedLegal basis (GDPR)
Providing and operating our websiteIP address, device data, cookiesLegitimate interest (Art. 6(1)(f))
Website analytics and improvementBrowsing data, analytics cookiesConsent (Art. 6(1)(a)) for non-essential cookies; Legitimate interest for aggregated analytics
B2B visitor identificationIP address, company informationLegitimate interest (Art. 6(1)(f))
Delivering our services to clientsDeveloper data, commit metadata, access logs, contact detailsPerformance of a contract (Art. 6(1)(b))
Managing client relationshipsContact details, communication historyPerformance of a contract (Art. 6(1)(b)) or Legitimate interest (Art. 6(1)(f))
Sales and business developmentContact details, company informationLegitimate interest (Art. 6(1)(f))
Compliance with legal obligationsAny data required by lawLegal obligation (Art. 6(1)(c))
Protecting our legitimate business interestsVariousLegitimate interest (Art. 6(1)(f))

Where we rely on legitimate interest, we have conducted balancing tests to ensure our interests do not override your fundamental rights. You may contact us at privacy@scaleflow.com to request details of these assessments.

Article 4

How Long We Keep Your Data

Client project data: Deleted within 30 days of completion of the relevant Statement of Work (SOW). Backups are purged within 90 days of SOW completion.

Website analytics data: Retained for up to 26 months, or as configured in our analytics tools.

Business contact data: Retained for as long as there is an active business relationship, plus up to 2 years after the last meaningful contact, unless you ask us to delete it sooner.

Cookie data: Retention periods vary by cookie. See our Cookie Statement for details.

Article 5

Who We Share Your Data With

We may share your personal data with:

  • Scale Force B.V. and other entities within our corporate group, for internal administration and service delivery.
  • Sub-processors who assist in delivering our services (e.g., cloud hosting, analytics tools). We maintain a list of sub-processors and notify clients at least 14 days in advance of any new sub-processor appointments.
  • Professional advisors such as lawyers and accountants, where necessary.
  • Authorities where required by law or to protect our legal rights.

We do not sell your personal data.

Article 6

International Data Transfers

We process personal data primarily within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision.

Article 7

B2B Website Visitor Identification

We use Snitcher to identify the companies visiting our website based on IP address lookups. This is a B2B identification tool that resolves IP addresses to company names — it does not identify individual visitors by name. We rely on our legitimate interest in understanding which organisations visit our website for business development purposes.

You can opt out of Snitcher tracking by visiting snitcher.com/opt-out.

Article 8

Cookies and Tracking

We use cookies and similar technologies on our website. For full details about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Statement.

Article 9

Your Rights Under GDPR

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate personal data (Art. 16)
  • Erase your personal data (“right to be forgotten”) (Art. 17)
  • Restrict the processing of your personal data (Art. 18)
  • Data portability — receive your data in a structured, commonly used format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time where processing is based on consent (Art. 7(3))
  • Not be subject to automated decision-making, including profiling (Art. 22)

To exercise any of these rights, contact us at privacy@scaleflow.com. We will respond within one month of receiving your request, as required by GDPR.

Article 10

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
2594 AV Den Haag, Netherlands
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 8500

We would appreciate the opportunity to address your concerns before you approach the supervisory authority. Please contact us at privacy@scaleflow.com first.

Article 11

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These measures include encryption, access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 48 hours and, where required, inform affected individuals without undue delay.

Article 12

No Special Categories of Data

We do not intentionally collect or process special categories of personal data (such as data revealing racial or ethnic origin, political opinions, health data, or biometric data). If we become aware that such data has been inadvertently collected, we will delete it promptly.

Article 13

Children

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@scaleflow.com.

Article 14

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

Article 15

Contact Us

For any questions about this Privacy Policy or our data processing practices:

Scale Force Consultancy B.V. (trading as Scaleflow)
Amsterdam, Netherlands
Email: privacy@scaleflow.com