Privacy Policy
This Privacy Policy (the “Policy”) is issued by SCal Mobile, a legal entity organized and existing under the laws of the State of California, United States of America (referred to herein as “SCal Mobile,” “we,” “our,” or “us”). This Policy is intended to govern and comprehensively articulate the collection, processing, storage, transmission, sharing, and safeguarding of all forms of data — including, without limitation, personally identifiable information (PII), business contact information (BCI), technical telemetry, transactional records, behavioral signals, machine-generated metadata, and any other information that is received, generated, or inferred — whether directly or indirectly — in connection with or as a result of your access to or interaction with: (i) the SCal Mobile website located at https://www.scalmob.com, including any associated subdomains, web applications, and microservices; (ii) any affiliated partner portals, registration interfaces, contact submission forms, embedded chat tools, CRM-integrated plug-ins, APIs, or analytics endpoints that originate from, reference, or integrate with SCal Mobile’s online systems or services; and (iii) any business-to-business (“B2B”) engagement, transaction, inquiry, or correspondence established between SCal Mobile and you or your organization, whether as a client, vendor, supplier, contractor, partner, affiliate, or representative thereof (collectively referred to as “User,” “you,” or “your”). This Policy shall apply regardless of whether data is submitted actively (e.g., by input, upload, or transmission) or collected passively (e.g., via cookies, tracking pixels, embedded scripts, server logs, analytics software, or session replay technologies), and whether such data is received in electronic, verbal, written, graphical, or any other tangible or intangible form. By accessing, browsing, interacting with, or otherwise making use of SCal Mobile’s digital or commercial services in any manner, you expressly acknowledge that you have read, understood, and agreed to be bound by the terms of this Privacy Policy, as well as any applicable supplemental notices, disclaimers, and contractual documentation provided by SCal Mobile. If you do not agree to this Policy in its entirety, your sole remedy is to refrain from engaging with SCal Mobile’s platforms or services. Nothing in this Policy shall be construed to limit any rights SCal Mobile may have under applicable law or contract, nor shall any omission herein be interpreted as a waiver of such rights. This Policy is binding upon all users and shall be interpreted broadly in favor of privacy transparency, regulatory compliance, and corporate risk mitigation.
1. Scope and Application
This Privacy Policy applies universally and without limitation to all categories, types, forms, modalities, and manifestations of data and information, whether personally identifiable or anonymized, structured or unstructured, digital, physical, inferred, or observed, and whether collected directly from the User, indirectly through User interactions, or obtained via third-party or automated sources. The term “personal data” shall be interpreted expansively to include, without limitation, any identifier, token, code, key, string, signal, pattern, biometric, behavioral profile, telemetry, metadata, or any combination thereof that can be used to identify, profile, locate, authenticate, contact, or correlate a User, business entity, or device. This Policy governs the collection, processing, handling, storage, sharing, and disposal of such data by SCal Mobile, including but not limited to Personally Identifiable Information (PII), Business Contact Information (BCI), and Machine-Generated Data (MGD). Such information may be acquired through any means including, but not limited to: User-submitted forms, API endpoints, transactional systems, browser-based scripts, cookies, tracking pixels, embedded analytics, CRM and ERP platforms, mobile apps, email interactions, device or network identifiers, server log captures, partner platforms, public databases, and third-party data enrichment services. The Policy applies across all digital properties, interfaces, communications, and operational systems controlled by or affiliated with SCal Mobile, whether currently in use or adopted in the future. Any direct or indirect interaction with SCal Mobile’s websites, services, technology platforms, communications, or personnel shall be deemed covered by this Policy. Interpretation shall be made broadly in favor of corporate risk mitigation, full lifecycle data stewardship, and compliance with present and evolving privacy frameworks.
2. Categories of Data Collected
SCal Mobile collects, receives, processes, and stores a broad array of data elements, identifiers, and behavioral signals, collectively referred to as “Data,” across multiple operational, transactional, and technological vectors. This includes, without limitation: (i) Identity and Contact Data, such as full legal name, preferred and alias names, business title, company name, corporate structure or parent entity affiliations, business registration identifiers (including but not limited to Secretary of State IDs, EINs, and DUNS numbers), email addresses (corporate, personal, or delegated), primary and secondary telephone numbers, fax numbers, physical office and mailing addresses, corporate websites, and publicly sourced contact records; (ii) Credential and Compliance Data, including all documents and declarations used to verify lawful commercial activity and tax status, such as resale certificates, reseller permits, W-9 forms, federal and state-issued licenses, customs and trade certificates, tax exemption forms, Know Your Business (KYB) and Know Your Customer (KYC) verification responses, self-certification attestations, and copies or scans of business-identifying credentials provided manually or via integrations; (iii) Technical, Diagnostic, and Behavioral Data, including static and dynamic IP addresses, MAC addresses, device identifiers, browser headers, preferred system languages, device model and manufacturer metadata, screen resolution and DPI, operating system versions, user agent strings, referrer URLs, clickstream paths, dwell time metrics, scroll depth and velocity, cursor movement heatmaps, keyboard cadence analysis, clipboard event flags, DOM and local storage records, authentication tokens, session identifiers, hashed logins, tracking pixels, cookie UUIDs, beacon signals, webhooks, JavaScript-instrumented telemetry, and data captured by embedded third-party plugins or integrations; and (iv) Communications and Commercial Records, including inbound and outbound messages (email, chat, SMS), live support interactions, chatbot history, call center recordings and transcripts, transactional records, invoice and order logs, payment confirmations, delivery confirmations, tracking records, product SKUs and descriptions, refund and warranty requests, service-level agreements, customer support logs, satisfaction ratings, internal annotations, and metadata generated through ongoing B2B communication, sales enablement systems, or CRM platforms. This Data may originate from direct user input, observed behavior, third-party enrichment, automated instrumentation, or through integrations with vendors and partners under lawful processing agreements.
3. Purpose and Legal Basis for Processing
SCal Mobile collects, processes, transmits, and retains Data as defined herein based on a combination of lawful processing grounds as set forth in applicable privacy and data protection legislation, including but not limited to Article 6 of the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”), the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act) (“CCPA”), and analogous data privacy frameworks applicable in relevant jurisdictions. The legal bases relied upon by SCal Mobile include, without limitation: (i) the performance of a contract to which the data subject or their represented organization is a party; (ii) compliance with statutory, regulatory, or judicial obligations imposed by national, state, local, or foreign governments or competent regulatory authorities; (iii) the pursuit of legitimate business interests, including the efficient operation of our commercial systems, fraud prevention, network and information security, and optimization of client experiences; and (iv) explicit, informed consent, where required by applicable law or where deemed prudent for the processing of specific categories of personal or sensitive data. Such processing activities are undertaken for purposes that include, but are not limited to: (1) verifying the identity, credentials, eligibility, and legal registration status of commercial entities or their representatives through internal procedures or third-party compliance platforms; (2) establishing, managing, and maintaining client, vendor, supplier, or partner accounts within our enterprise resource planning (ERP) and customer relationship management (CRM) systems; (3) initiating, confirming, executing, and supporting commercial transactions, including but not limited to sales orders, product fulfillment, international shipment facilitation, warranty fulfillment, reverse logistics, billing and invoicing, and post-sale account management; (4) identifying, flagging, and mitigating risks related to financial fraud, cyber intrusion, unauthorized resale, counterfeit product movement, trade-based money laundering, or violations of applicable terms and conditions; (5) ensuring compliance with the legal and regulatory frameworks governing global trade, anti-money laundering (AML), know-your-business (KYB) standards, export/import regulations, and the Office of Foreign Assets Control (OFAC) sanctions regimes; and (6) conducting routine and non-routine security assurance tasks, including vulnerability assessments, penetration testing, intrusion detection, data loss prevention (DLP) monitoring, audit log maintenance, employee access reviews, and incident response preparedness. In each instance, processing is carried out under the principle of data minimization, proportionality, and lawfulness, and where required, records of processing activities (ROPA) are maintained for inspection by supervisory authorities.
4. Disclosure to Third Parties
SCal Mobile may, where necessary, appropriate, or legally obligated, disclose, transmit, transfer, grant access to, or otherwise share Data with third parties acting as independent controllers, joint controllers, or processors/sub-processors, provided that such disclosures are made in accordance with applicable legal frameworks, contractual safeguards, and risk mitigation protocols. Disclosures may occur in furtherance of operational needs, regulatory compliance, dispute resolution, or legitimate interest as defined under applicable laws and in line with the expectations reasonably inferred from the User’s engagement with SCal Mobile’s services.
Categories of third-party recipients may include, without limitation: (i) hosting service providers, web infrastructure vendors, content delivery networks (CDNs), domain management entities, and cloud storage facilities responsible for maintaining the integrity, availability, and resilience of our digital systems and associated content repositories; (ii) logistics, fulfillment, transportation, and carrier partners such as FedEx, DHL, UPS, and other freight operators required to support the physical delivery, routing, return, or international customs clearance of goods or devices sold, consigned, or transferred by SCal Mobile; (iii) financial institutions, merchant service providers, tax calculation engines, fraud prevention platforms, chargeback processors, and creditworthiness assessors involved in payment processing, accounting compliance, or internal revenue reporting; (iv) legal entities and public authorities, including courts, law enforcement agencies, customs offices, trade regulators, and administrative bodies, to the extent such disclosure is mandated by subpoena, civil discovery process, criminal inquiry, regulatory examination, tax audit, sanctions screening, or any other lawful legal instrument; and (v) external legal counsel, forensic advisors, insurance underwriters, certified public accountants, and other professional consultants engaged for the purposes of dispute resolution, claim defense, regulatory response preparation, audit facilitation, corporate governance, or business continuity assessment.
All such disclosures are conducted under the principles of necessity, purpose limitation, and data minimization, and where feasible, governed by enforceable written agreements such as Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs), or binding terms that impose confidentiality, security, and use restrictions aligned with the sensitivity of the data disclosed. No third party is authorized to use Data provided by SCal Mobile for any purpose other than the specific business function for which they were engaged.
5. Retention and Data Lifecycle Management
SCal Mobile retains all categories of Data for durations consistent with applicable legal, regulatory, operational, contractual, and audit-related requirements, and such retention shall be governed by internal data governance frameworks, statutory mandates, and prudent business practice. Data shall be maintained only for the minimum period necessary to fulfill the specific purpose for which it was originally collected, unless a longer retention period is (i) required by applicable federal, state, international, or tax law; (ii) reasonably necessary for the establishment, exercise, or defense of legal claims; (iii) mandated by contractual or trade compliance obligations; (iv) required for fraud prevention, security incident analysis, or operational integrity; or (v) authorized pursuant to legitimate archival, statistical, or scientific research purposes as permitted by law.
Retention periods are determined using a multi-factor risk assessment that considers the data category, sensitivity, potential impact of compromise, legal exposure, and business utility. Records management practices include automated flagging for deletion eligibility, periodic manual review, role-based access expiration, archive encryption, and secure destruction or anonymization protocols. Upon expiration of a defined retention period or fulfillment of its purpose, Data will be deleted, anonymized, or pseudonymized using secure erasure methods consistent with industry standards (e.g., NIST SP 800-88, ISO/IEC 27040), unless legal obligations require further preservation.
SCal Mobile shall not be liable for retention of any data beyond its expiration period unless otherwise specified by law or subject to binding litigation hold. Users may request further detail regarding applicable retention schedules by contacting our privacy compliance officer.
6. International Transfers and Jurisdictional Safeguards
In instances where Data is transmitted, transferred, replicated, processed, or accessed beyond the borders of the originating jurisdiction—whether due to infrastructure design (e.g., cloud storage redundancy), third-party processor engagement, or inter-company operational workflows—SCal Mobile undertakes commercially reasonable efforts to ensure that such cross-border transfers are executed in compliance with applicable international privacy and data transfer regulations.
These mechanisms include, but are not limited to: the use of Standard Contractual Clauses (SCCs) promulgated by the European Commission or equivalent regulatory bodies; the implementation of Binding Corporate Rules (BCRs); reliance on adequacy decisions issued by recognized supervisory authorities; intra-group data processing agreements; encryption in transit and at rest; zero-trust data segmentation protocols; and the execution of Data Processing Agreements (DPAs) that impose materially equivalent safeguards and restrict onward transfer to non-compliant jurisdictions.
Data subjects residing in jurisdictions with extraterritorial data protection regimes (e.g., GDPR, PIPEDA, LGPD, POPIA) retain the right to request detailed information about applicable safeguards, including the categories of data transferred, destination countries, and the legal instruments relied upon by SCal Mobile. Such requests should be submitted in writing to the compliance team via privacy@scalmobile.com, subject to identity verification and applicable response timeframes.
7. Security Practices
SCal Mobile employs a multilayered security framework composed of technical, administrative, and organizational safeguards designed to ensure the confidentiality, integrity, availability, and resiliency of all Data processed, stored, or transmitted under our control. These safeguards are informed by globally recognized security standards and risk management frameworks, including but not limited to ISO/IEC 27001, NIST SP 800-53, CIS Controls, and OWASP best practices.
Security measures include, without limitation: AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit; network segmentation and intrusion prevention systems (IPS); endpoint detection and response (EDR) tooling; role-based access control (RBAC); multifactor authentication (MFA) for privileged users; security logging and monitoring via SIEM platforms; regular vulnerability scanning and third-party penetration testing; and documented incident response plans and escalation protocols.
In addition to technical controls, we enforce administrative policies including access logging, background checks for personnel with elevated privileges, periodic security awareness training, least-privilege access reviews, onboarding/offboarding procedures, and contractual obligations with processors and vendors requiring adherence to data protection and confidentiality standards. SCal Mobile periodically reviews its security posture and adapts protections in light of emerging threats, evolving regulatory expectations, and advances in cybersecurity.
8. Your Rights
Depending on your jurisdiction and applicable legal frameworks—such as but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil’s Lei Geral de Proteção de Dados (LGPD), or other equivalent data protection laws—you may possess statutory rights regarding your personal data. These rights may include, individually or collectively, the right to access and obtain a copy of your personal data; the right to correct or rectify inaccurate, outdated, or incomplete records; the right to request deletion or anonymization of your data under specific conditions; the right to object to or restrict processing; the right to data portability in a structured, machine-readable format; and the right to withdraw previously granted consent without affecting the lawfulness of processing based on such consent prior to its withdrawal.
To exercise any of the aforementioned rights, you may submit a verifiable request to our Privacy Compliance Team via email at privacy@scalmobile.com. Please include sufficient information to identify yourself and the nature of your request, including any relevant transaction or account identifiers. In certain cases, we may require you to verify your identity and confirm your request in writing. We reserve the right to deny or limit requests that are manifestly unfounded, excessive, or inconsistent with legal obligations, security protocols, or data retention policies. All requests will be reviewed and processed in accordance with applicable legal timelines, typically within 30 to 45 calendar days from verification.
In the event of a denial, partial fulfillment, or dispute regarding your request, you may have the right to lodge a complaint with your regional supervisory authority, data protection agency, or applicable regulatory body. SCal Mobile encourages individuals to contact us directly in the first instance so that we may work in good faith to resolve any concerns regarding our data processing practices.
9. Policy Updates
SCal Mobile reserves the right to amend, modify, revise, update, or otherwise alter this Privacy Policy at any time and for any reason, including but not limited to changes in legal obligations, regulatory guidance, data processing practices, operational requirements, industry standards, or technological developments. All such changes shall become effective immediately upon posting to this website unless a later effective date is specified. Material modifications that materially affect Users’ rights or obligations will, where required by applicable law, be accompanied by a notice provided through reasonable means, such as email communication, account notifications, or banner alerts on our website.
Users are solely responsible for reviewing this Policy periodically to ensure awareness of any modifications. Your continued access to or use of SCal Mobile’s website, systems, applications, services, or communications following any update to this Policy shall be deemed to constitute your acknowledgment and acceptance of the revised terms. No provision of this Policy shall be deemed waived except through a duly signed written agreement executed by an authorized representative of SCal Mobile.
Last updated: May, 2025