Privacy Notice

Effective Date: x x, xxxx
Last Updated: x x, xxxx

PRIVACY NOTICE

This Privacy Notice (also referred to as the “Privacy Policy”) explains how SCALIBIT collects, uses, and protects personal data in connection with its websites, client portal, customer account systems, billing systems, support services, products, events, and experiences that reference this Privacy Notice.

This Privacy Notice does not apply to any content, data, applications, software, or information processed, stored, or hosted by Customers within infrastructure services provided by SCALIBIT (including dedicated servers / bare metal, virtual machines, or cloud environments). Such Customer-controlled data is governed exclusively by the applicable agreements between SCALIBIT and the Customer, including SCALIBIT’s Data Processing Agreement (DPA).

SCALIBIT is not a data controller or data processor with respect to Customer Content. SCALIBIT does not access, inspect, monitor, or otherwise process Customer Content and acts solely as an infrastructure service provider.

This Privacy Notice also does not apply to any third-party products, services, websites, or content that are governed by their own privacy notices or policies.

Infrastructure-Only Service Model

SCALIBIT operates solely as a neutral provider of leased and unmanaged infrastructure services, including dedicated servers, virtual machines, cloud compute resources, and GPU-based computing systems. SCALIBIT does not design, deploy, manage, operate, control, or supervise Customer applications, databases, operating systems, software stacks, or hosted content.

SCALIBIT does not determine the purposes or means of any processing of personal data performed within Customer-managed systems or environments.

Data Protection Roles and Responsibilities

For all personal data processed within servers, virtual machines, containers, storage systems, or cloud environments leased, used, and managed by the Customer, the Customer acts as the sole and independent Data Controller and, where applicable, also as the Data Processor for its own processing activities.

SCALIBIT is not a Data Controller and not a Data Processor for any personal data stored, processed, transmitted, or generated within Customer infrastructure services. SCALIBIT does not access, monitor, analyze, modify, or routinely handle Customer content or operational data.

Any technical access, if ever provided, occurs only:

• at the explicit request of the Customer,

• where the Customer voluntarily provides server access credentials (e.g., SSH username, SSH key, password, SSH port number, or RDP username and password),

• for narrowly scoped technical support purposes,

• for a limited and temporary duration,

• at the operating-system or infrastructure configuration level only, and

• without reviewing, processing, or extracting Customer content, databases, application data, or personal data.

Such exceptional access does not create any ongoing administrative authority, agency relationship, joint-controller status, or service-operator responsibility on the part of SCALIBIT.

SCALIBIT acts as a Data Controller only for limited customer account-level information stored within its own administrative systems, including: client portal records, billing and payment data, client portal login credentials (username, password, and multi-factor authentication data), contact details, compliance records, and support ticket metadata.

For these limited administrative datasets, SCALIBIT acts as a “business” under the California Consumer Privacy Act (CCPA/CPRA) and as a controller under the GDPR and UK GDPR, as applicable.

1. ABOUT THIS PRIVACY NOTICE

This Privacy Notice (“Notice”), together with our Cookie Policy and other legal notices published at www.scalibit.com, describes how SCALIBIT and its affiliates (“SCALIBIT”, “we”, “us”) collect, use, store, and disclose personal data in connection with the Services and the Client Portal (our online customer account and service management interface), as defined in our Terms of Service (collectively, the “Terms”).

1.1 Services Covered by This Notice

SCALIBIT operates solely as a neutral provider of leased and unmanaged infrastructure services and does not provide managed services, application management, or content hosting services.

Our infrastructure services include:

• Virtual Machines (VPS, VDS)
• Cloud Services (Cloud Servers, Dedicated Cloud Servers)
• Cloud Compute Services (Standard Performance, High Performance, High Frequency)
• Optimized Cloud Compute Services (General Purpose, CPU Optimized, Memory Optimized, Storage Optimized)
• Dedicated Servers (Dedicated or Bare Metal)
• GPU Servers (including GPU Cloud Instances, Dedicated GPU Servers, Multi-GPU AI Training Clusters, High-Compute HPC Nodes, and AI-oriented bare-metal deployments)

(collectively, the “Services”).

1.2 Global Infrastructure Locations

Our global server locations include:

• Americas:
  Ashburn, Atlanta, Buffalo, Chicago, Dallas, Los Angeles, Miami, New York, Phoenix, San Jose, Seattle, St. Louis (USA);
  Montreal, Toronto (Canada);
  Mexico City (Mexico); São Paulo (Brazil); Buenos Aires (Argentina); Santiago (Chile); Bogotá (Colombia); Lima (Peru).

• Europe:
  Frankfurt, Amsterdam, London, Strasbourg, Arezzo, Barcelona, Copenhagen, Dublin, Warsaw, Zurich, Vienna, Helsinki, Stockholm, Prague, Lisbon.

• Asia-Pacific & Middle East:
  Singapore, Tokyo, Hong Kong, Taipei, Seoul, Bangkok, Kuala Lumpur, Jakarta, Manila, Dubai, Sydney, Auckland.

• Africa:
  Cape Town, Johannesburg, Nairobi, Lagos, Casablanca.

*Some locations may be in planning or early deployment stages and may not yet be active.

Servers are physically hosted in third-party upstream data center facilities operated by independent providers. SCALIBIT does not own, manage, or operate these facilities.

1.3 Important Scope Limitations

• This Notice does not apply to personal data contained in Customer-hosted content, applications, databases, or systems operated within the Services.

• This Notice does not apply to third-party websites, services, or platforms not operated by SCALIBIT.

• Use of the Services is subject to acceptance of our Terms of Service.

• SCALIBIT does not have routine access to, visibility into, or control over Customer-managed systems or hosted content, except for limited and temporary access explicitly requested by the Customer for technical support purposes.

• SCALIBIT does not perform behavioral profiling, automated decision-making, content inspection, or traffic analysis within Customer environments.

• SCALIBIT processes personal data primarily for account administration (including client portal access management), billing, compliance, fraud prevention, and support operations.

SCALIBIT complies with applicable data protection laws, including the California Consumer Privacy Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR), the UK GDPR, and relevant U.S. state privacy laws.

BY USING OUR SERVICES OR ACCESSING OUR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY NOTICE. IF YOU DO NOT AGREE, PLEASE DO NOT USE OUR SERVICES OR PROVIDE PERSONAL DATA TO SCALIBIT.

2. HOW WE COLLECT INFORMATION

We collect personal information through various channels to provide our Services securely and efficiently. This collection occurs through the following primary methods:

• 2.1 Direct Interactions: Information you provide directly to us when you register for an account through the Client Portal, purchase Services, submit a technical support ticket, or communicate with us via email, phone, or official contact forms.

• 2.2 Automated Technologies: Information collected automatically as you navigate through our Website or use our client-facing platforms (such as the Client Portal), including usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

• 2.3 Third-Party Sources and Social Media: We may receive information about you from third-party business partners, such as payment processors, fraud prevention services, and identity verification providers. We may also collect information from social media platforms if you choose to interact with us through such channels to supplement the information we already possess.

3. DATA SUBJECT CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED

For the purposes of this Privacy Notice, the categories of individuals whose personal data may be processed by SCALIBIT, and the types of personal data processed, are described below.

3.1 Website Visitors

• Definition: Individuals who visit SCALIBIT-operated websites. Websites or applications hosted by Customers are not considered part of SCALIBIT’s websites.

• Types of Personal Data:

• Contact Information: Name, email address, and similar contact details voluntarily provided (e.g., newsletter subscriptions, contact forms, demo requests, or downloads).

• Log Data: IP address, browser type, operating system, referral and exit URLs, date/time stamps, and basic clickstream data.

• Website Analytics Data: Pages visited, session duration, approximate location, device type, and similar usage statistics collected through cookies and comparable technologies.

3.2 Customers (Account Holders)

• Definition: Individuals or legal entity representatives who enter into a service agreement with SCALIBIT.

• Types of Personal Data:

• Account & Billing Information: Name, company name, authorized representative, address, email address, phone number, language preference, IP address, payment and billing details, tax or business identifiers where legally required.

• Client Portal Login Credentials: Username and authentication data (including cryptographically hashed passwords and multi-factor authentication information) generated and managed by the Customer and stored in encrypted or hashed form within SCALIBIT’s authentication systems solely for account access verification purposes. SCALIBIT does not have access to plaintext passwords.

• Support & Communication Data: Support tickets, emails, chat records, call metadata, and limited identity verification information (only when strictly required for account recovery or fraud prevention).

• Website Usage Data: Log and analytics data generated when Customers access SCALIBIT-operated websites or the Client Portal.

3.3 Authorized Users (Customer Personnel)

• Definition: Individuals authorized by Customers to access and administer Customer accounts or services.

• Types of Personal Data:

• Identification & Contact Data: Name, email address, phone number, role or access level.

• Client Portal Login Credentials: Username and authentication data associated with authorized user accounts, stored in hashed or otherwise protected form for authentication purposes only. Such credentials are created and managed by the Customer or the authorized user and are not accessible in plaintext by SCALIBIT.

• Support Communications: Requests and correspondence related to technical or account support.

3.4 Affiliates / Partners

• Definition: Individuals or entities participating in SCALIBIT’s affiliate or partner programs.

• Types of Personal Data:

• Account & Payment Information: Name, company name, contact details, payout details, tax information where required by law.

• Usage & Log Data: Website interaction data and referral statistics.

• Communications: Correspondence related to program participation or support.

3.5 Event & Promotion Participants

• Definition: Individuals participating in events, webinars, surveys, raffles, or marketing campaigns organized or sponsored by SCALIBIT.

• Types of Personal Data:

• Contact Information: Name, email address, phone number, and registration details.

• Media Data: Image or voice recordings where events are recorded (with notice).

• Website & Analytics Data: Standard website interaction data.

3.6 Other Individuals

• Definition: Individuals who contact SCALIBIT or interact with its services outside the categories above (e.g., inquiries, complainants, legal request submitters).

• Types of Personal Data:

• Contact & Communication Data: Name, email, phone number, message content.

• Publicly Available Data: Limited data obtained from public sources when relevant to an inquiry or legal obligation.

SCALIBIT processes personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality as defined under the EU GDPR, UK GDPR, and applicable U.S. privacy laws. All personal data categories listed above are processed solely for the purposes described in Section 5 (“Purposes and Legal Bases for Processing”).

4. TYPES OF INFORMATION WE COLLECT AND HOW WE USE IT

Some of the information we collect in connection with the Services and our client-facing platforms (such as our websites and Client Portal) constitutes “personal data” or “personal information” under applicable laws such as the EU GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA). This generally means information that identifies, relates to, describes, or could reasonably be linked to an individual.

We may collect such information directly from you, automatically through your interaction with our websites or Client Portal, or from limited third-party sources as described below.

4.1 Information You Provide to Us

You may provide personal data to us when creating an account, purchasing Services, submitting support requests, completing forms, or otherwise communicating with us.

• Account & Billing Data: Name, company name, address, email address, phone number, payment and billing details, tax or business identifiers where required by law, and account preferences.

• Communications: Information provided through support tickets, emails, contact forms, or other communications.

• Business & Contractual Data: Information required to enter into or perform contracts, including supplier or partner contact details and compliance documentation.

In certain circumstances, SCALIBIT may request identity verification or supporting documentation (such as government-issued identification, business registration certificates, or tax documentation) to:

• verify account ownership,

• prevent fraud, abuse, or misuse of Services,

• comply with legal or regulatory obligations, or

• validate the legitimacy of transactions or service requests.

Such information is collected only through official SCALIBIT channels (Client Portal or authorized support systems), processed solely for verification and compliance purposes, stored securely, and retained only as required by law or legitimate business needs. It is not used for marketing, profiling, or unrelated purposes.

4.2 Information Collected Automatically

When you access our websites or Client Portal, certain technical information may be collected automatically, including:

• IP address and approximate location,

• browser type and version,

• operating system and device type,

• login timestamps, page views, and session duration,

• referring and exit URLs.

This information is primarily used to operate our services, maintain security, detect abuse, improve performance, and analyze usage trends.

We use cookies and similar technologies for authentication, session management, security, analytics, and service optimization. Detailed information is available in our Cookie Policy.

We may also use third-party analytics providers (such as Google Analytics) to understand how our websites are used and to improve functionality and user experience. These providers process data in accordance with their own privacy policies.

4.3 Advertising & Marketing Technologies

SCALIBIT may use limited marketing and conversion-tracking technologies (such as cookies or pixels) on its own websites to:

• measure the effectiveness of advertising campaigns,

• understand user interest in our services, and

• display relevant service-related information.

These technologies are used only in relation to SCALIBIT-operated websites and do not apply to Customer-managed servers, applications, or hosted environments.

Where required by law, users may opt out of interest-based advertising via industry self-regulatory mechanisms such as:

• Digital Advertising Alliance (DAA)
• Network Advertising Initiative (NAI)

4.4 Information From Other Sources

In limited cases, we may receive information from:

• publicly available business or sanctions registers,

• fraud prevention and risk-assessment providers (e.g., IP reputation or transaction risk services),

• payment processors or compliance partners.

Such information is used solely to verify identity, prevent fraud or abuse, comply with legal obligations, and maintain the security and integrity of our Services.

5. PURPOSES OF PROCESSING AND LEGAL BASES

How We Use Your Personal Data

SCALIBIT processes personal data only where permitted or required by applicable law and only for legitimate, specific, and necessary purposes. We apply the principle of data minimization and collect only the minimum amount of personal data required to achieve the purposes described below.

For the avoidance of doubt, this section applies only to personal data processed within SCALIBIT’s own business systems and client-facing platforms (such as our websites and Client Portal), and does not apply to any personal data processed within Customer-managed servers, virtual machines, or cloud environments.

Depending on your location, the applicable legal framework may include the EU GDPR, UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other relevant U.S. state privacy laws.

5.1 Service Provision and Account Administration

• To create and manage customer accounts and authorized user access (including Client Portal access).

• To provide contracted Services, including infrastructure access and customer support.

• To communicate with you regarding your account, transactions, service status, and support requests.

• To perform billing, payment processing, and contract administration.

Legal basis: Performance of a contract; legal obligation.

5.2 Security, Fraud Prevention, and Abuse Detection

• To protect our websites, systems, networks, and administrative platforms.

• To prevent unauthorized access, account compromise, abuse of services, and cybercrime.

• To investigate suspicious activity, violations of our Terms, or security incidents.

• To verify identity and account ownership where necessary.

Legal basis: Legitimate interests; legal obligation.

5.3 Legal and Regulatory Compliance

• To comply with court orders, subpoenas, and lawful requests from competent authorities.

• To meet accounting, tax, anti-fraud, sanctions, export control, and regulatory requirements.

• To respond to lawful requests from law enforcement authorities where legally required.

Legal basis: Legal obligation.

5.4 Service Improvement and Analytics

• To monitor and analyze usage of SCALIBIT-operated websites and the Client Portal.

• To improve service reliability, performance, usability, and security.

• To conduct internal research and statistical analysis.

Legal basis: Legitimate interests.

5.5 Marketing and Communications

• To send service updates, newsletters, and marketing communications where permitted by law.

• To inform you about new services, features, or relevant offers.

Such communications are sent only where legally permitted or based on your consent. You may opt out at any time using the unsubscribe link included in each message or through your account settings.

Legal basis: Consent; legitimate interests (where applicable).

5.6 Identity Verification and High-Risk Activity Review

In limited circumstances, SCALIBIT may process additional verification information (such as government-issued identification or business documentation) to:

• confirm account ownership,

• prevent fraud or abuse,

• comply with regulatory obligations, or

• validate the legitimacy of transactions or service requests.

Such data is collected only through official channels, processed solely for verification and security purposes, stored securely, and retained only as required by law or legitimate compliance needs.

Legal basis: Legal obligation; legitimate interests.

5.7 Other Purposes

Where personal data is required for purposes not listed above, SCALIBIT will provide appropriate notice and obtain consent where required by applicable law.

5.8 Consent and Withdrawal

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

If you have questions regarding the legal basis for processing your personal data, you may contact us at privacy@scalibit.com.

SCALIBIT may also use aggregated or anonymized data for research, analytics, and service improvement purposes. Such data does not identify individuals and is not subject to this Privacy Notice.

6. OTHER PROCESSING ACTIVITIES

In addition to the purposes described above, SCALIBIT may process personal data where such processing is necessary to:

• comply with a legal obligation to which SCALIBIT is subject,

• respond to lawful and binding requests from courts, regulators, or law enforcement authorities, or

• protect the vital interests of an individual where required by law.

Any disclosure of personal data in such circumstances is limited to the minimum amount of information legally required and is carried out only after verification of the legitimacy and scope of the request, in accordance with applicable data protection laws and this Privacy Notice.

SCALIBIT does not generate server access credentials and does not retain or store such credentials after initial provisioning.

For dedicated servers, initial access credentials (including SSH username, initial root or administrator password, SSH port number, and, where applicable, RDP credentials) are generated during the provisioning process and securely transmitted to the Customer as part of the service delivery details.

Upon delivery, Customers are explicitly instructed to immediately change all initial access credentials. In many operating systems, password rotation is technically enforced upon first login.

For virtual machines and cloud-based services, access credentials are automatically generated by the provisioning system based on information selected or provided by the Customer.

After service delivery and transmission of the initial credentials, full responsibility for the modification, protection, rotation, and secure storage of all server access credentials rests exclusively with the Customer.

SCALIBIT does not retain copies of server access credentials and does not maintain ongoing access to such credentials.

Any access by SCALIBIT to Customer systems occurs solely where:

• explicitly requested by the Customer for technical support or troubleshooting purposes,
• temporary access credentials are voluntarily created and provided by the Customer,
• access is strictly limited in scope and duration to the specific support activity requested, and
• access is restricted to operating-system or infrastructure-level diagnostics and configuration.

Such access does not include the review, processing, copying, or use of Customer files, databases, hosted content, personal data, application-level data, or workloads, and does not create any ongoing administrative rights or continuous access.

Please do not provide personal data relating to any other individual unless such disclosure is necessary for legitimate account administration or contractual purposes (for example, adding an authorized user, billing contact, or technical contact).

Where you provide personal data of another person, you represent that you are authorized to do so and that the individual has been informed of this Privacy Notice.

7. COMMUNITY FORUMS AND INTERNAL MESSAGING

If SCALIBIT provides community forums, discussion boards, user profiles, or similar interactive features, any personal data that you choose to publish or mark as public within such areas will be publicly accessible and may be viewed, collected, and used by other users or third parties.

SCALIBIT does not control how third parties may use information that you voluntarily make public and cannot guarantee the privacy or confidentiality of such data once it is disclosed in public forums or profile sections.

Any internal messaging, ticket comments, or community discussion features provided for Users are intended for operational or support-related communication only and should not be relied upon for the transmission of highly sensitive or confidential information.

You should avoid sharing sensitive personal data (such as government identification numbers, financial details, account or server access credentials (including Client Portal login credentials or server access credentials), or health information) through community forums or messaging features.

By using such features, you acknowledge and accept that any personal data you voluntarily disclose may become publicly available and is shared at your own risk.

8. HOW WE DISCLOSE YOUR INFORMATION

Sharing of Personal Data

SCALIBIT may disclose limited categories of personal data to third parties only where necessary to operate its business, provide its Services and operate its administrative platforms, comply with legal obligations, or protect the security and integrity of its systems. All disclosures are subject to appropriate contractual and legal safeguards.

Personal data may be shared in the following circumstances:

• Service Providers and Professional Advisors.
  We may share personal data with trusted third-party service providers who perform functions on our behalf, such as: infrastructure and hosting providers for our administrative systems, payment processors, fraud-prevention services, customer support platforms, analytics providers, accountants, auditors, and legal advisors.

  These parties are contractually required to process personal data only for the purposes specified by SCALIBIT, to protect it appropriately, and not to use it for their own independent purposes.

• Payment Processing Partners.

  • PayPal. Personal data may be shared with PayPal for payment processing purposes. PayPal acts as an independent data controller and processes personal data in accordance with its own privacy policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

  • Stripe. Personal data may be shared with Stripe for payment processing purposes. Stripe acts as an independent data controller and processes personal data in accordance with its own privacy policy: https://stripe.com/privacy

• Security and Abuse-Prevention Services.
  We may share limited technical and usage data with security service providers (such as bot-protection or fraud-detection services) to protect our websites and administrative systems against abuse, automated attacks, and malicious activity.

  For example, we use Google reCAPTCHA, which is subject to Google’s Privacy Policy and Terms of Service.

• Artificial Intelligence Tools (Administrative Use Only).
  SCALIBIT may use AI-based tools internally for limited administrative purposes such as customer support assistance, search functionality, content drafting, or service quality analysis.

  No Customer-hosted content, server data, databases, or application data are provided to AI providers. AI providers are not permitted to use such data for model training or independent purposes. Any AI integrations operate solely on SCALIBIT-controlled administrative systems and datasets (such as support tickets or website content), and not on Customer infrastructure environments.

  Users are strongly advised not to submit sensitive personal data through any optional AI-assisted features.

• Corporate Affiliates.
  We may share limited personal data within the SCALIBIT corporate group where necessary for internal administration, compliance, accounting, security, or service coordination purposes.

• Legal and Regulatory Disclosure.
  We may disclose personal data where we reasonably believe such disclosure is required to:

  • comply with applicable law, regulation, court order, or binding legal process;

  • enforce our Terms of Service or other contractual agreements;

  • investigate, prevent, or respond to fraud, abuse, or cybersecurity incidents; or

  • protect the rights, safety, and property of SCALIBIT, our Customers, or others.

Any such disclosure is limited to the minimum data legally required and follows verification of the request.

SCALIBIT does not sell personal data and does not disclose any data or application content hosted by Customers within servers, virtual machines, or cloud environments leased, used, and managed by the Customer to third parties as part of its infrastructure services.

In addition, SCALIBIT does not access, inspect, monitor, analyze, or otherwise process any data hosted by Customers within such customer-leased, customer-used, and customer-managed infrastructure environments.

SCALIBIT does not access or manage such systems except where:

• explicitly requested or authorized by the Customer (including where temporary server access credentials are voluntarily provided by the Customer, such as SSH or RDP credentials),
• strictly limited to temporary infrastructure-level or network-related maintenance or troubleshooting purposes, and
• necessary to ensure physical infrastructure stability or network availability.

Any such access does not include the review, processing, copying, or use of Customer files, databases, application data, personal data, or hosted content.

8.1 Disclosure to Authorities and Legal Requests

SCALIBIT may disclose limited categories of personal data (such as customer account data, billing records, service identifiers, or assigned IP address information) to competent authorities, courts, or legally authorized public bodies where such disclosure is required by applicable law or a valid and enforceable legal request.

All such disclosures are handled strictly within the scope of the law, only after verification of the legitimacy, jurisdiction, and proportionality of the request, and are limited to the minimum data necessary to fulfill the legal obligation.

Unless prohibited by law or court order, SCALIBIT will make reasonable efforts to notify the affected Customer prior to disclosure where their account or data is directly impacted.

SCALIBIT maintains internal audit records of legally required disclosures for accountability and compliance purposes.

As an infrastructure provider, SCALIBIT does not have routine or unrestricted access to Customer-hosted content, databases, or application data and does not voluntarily disclose such data to any third party, including public authorities.

Any disclosure, where legally required, is strictly limited to valid and binding legal process and is handled in accordance with applicable law, data protection regulations, and SCALIBIT’s Law Enforcement & Legal Requests Policy.

Requests relating to servers, virtual machines, cloud environments, and other infrastructure systems leased, used, and managed by Customers are handled in accordance with applicable law, SCALIBIT’s internal Legal Requests procedures, our Law Enforcement & Legal Requests Policy (Information Requests), and our Data Processing Agreement.

8.2 Additional Disclosure Scenarios

• Legal Compliance and Protection of Rights. To comply with laws, regulations, subpoenas, court orders, or other binding legal processes, or to enforce our Terms, investigate violations, or protect the rights, property, or safety of SCALIBIT, our customers, or others.

• Prevention of Harm and Abuse. To prevent or investigate suspected fraud, cybercrime, abuse of services, or threats to network security or public safety.

• Corporate Transactions. In connection with a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of the transaction, subject to appropriate confidentiality and data protection safeguards.

• With Your Instructions or Consent. Where you explicitly request or consent to the disclosure of your personal data to a third party.

• Customer Feedback Platforms. Where applicable, limited identifiers (such as name, email address, or ticket reference) may be shared with third-party review or feedback platforms for the purpose of collecting service feedback, subject to their own privacy policies.

SCALIBIT does not sell personal data and does not disclose any Customer data or content stored, processed, or controlled within servers, virtual machines, or cloud environments leased, used, and managed by Customers.

9. COMMUNICATIONS FROM SCALIBIT

SCALIBIT may contact you through email, the Client Portal, or other official communication channels for the purposes described below.

• Welcome Emails and General Correspondence.
  We send a welcome email to the address associated with your account when you register on the SCALIBIT website or place your first order through our website, in order to verify ownership of the email address and confirm successful account creation.

  Established users may occasionally receive information about services, updates, or newsletters. You may opt out of non-essential marketing communications at any time using the unsubscribe link provided in such messages or through your account settings.

• Service and Operational Communications.
  We send mandatory service-related notifications that include important information about: account activity, service status, scheduled maintenance, policy updates, billing issues, security alerts, abuse reports, IP restrictions, quota warnings, or infrastructure incidents.

  These communications are essential for the operation of your account and the performance of our contractual obligations and therefore cannot be opted out of.

• Billing and Payment Notices.
  SCALIBIT may send invoices, renewal reminders, payment confirmations, account balance updates, and other transaction-related communications via email or the Client Portal as part of normal billing operations. These communications constitute mandatory service messages and are not subject to opt-out.

• Abuse, Security, and Compliance Notifications.
  We may contact Customers regarding suspected violations of our Terms, abuse reports, cybersecurity incidents, spam complaints, or regulatory compliance matters.

  These messages are mandatory system notifications intended to protect service integrity, network stability, and legal compliance and cannot be unsubscribed from.

• Support and Ticket Responses.
  When you contact our support, abuse, or compliance teams, we will respond using your registered email address or via the Client Portal. These communications are limited to resolving your request and are not used for marketing.

• Surveys and Feedback.
  We may occasionally invite you to participate in voluntary surveys or feedback programs to help improve our services. Participation is optional and typically limited to non-sensitive service experience data.

• Contests and Promotions.
  Where applicable, SCALIBIT may organize promotional campaigns or giveaways. Participation is voluntary and any personal data requested (such as name or shipping address) is used solely for campaign administration and prize delivery.

10. MARKETING COMMUNICATIONS

Where permitted by applicable law and subject to your consent where required, SCALIBIT may contact you via email or other electronic communication channels to inform you about our products, services, feature updates, promotions, or events that may be of interest to you.

You may opt out of receiving marketing communications at any time by clicking the “unsubscribe” link included in our emails, adjusting your communication preferences within the Client Portal, or by contacting us via our Contact Form.

Opting out of marketing communications will not affect the delivery of service-related, transactional, or legally required messages, including but not limited to: billing notices, service updates, security alerts, abuse notifications, account verification messages, or policy changes.

If you are an existing Customer or account holder, we may occasionally send you non-intrusive informational messages regarding important changes, new features, or improvements directly related to the Services currently provided to you. You may manage your marketing preferences at any time using the opt-out mechanisms provided in such messages.

11. DATA PROCESSING AND INTERNATIONAL TRANSFERS

SCALIBIT processes personal data in accordance with this Privacy Notice and applicable data protection laws, including the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable U.S. state privacy laws and international data protection regulations.

Personal data is processed only where a lawful basis exists, including the performance of a contract, compliance with legal obligations, legitimate interests, or your consent where required by law.

Due to the global nature of our infrastructure and the physical location of third-party data centers and network facilities used to deliver the Services, your personal data may be transferred to, stored in, or processed in countries and regions outside your country of residence, including but not limited to the United States, the European Union / EEA, the United Kingdom, and Asia-Pacific locations.

Where personal data is transferred internationally, SCALIBIT implements appropriate legal and technical safeguards to ensure an adequate level of protection, including where applicable:

• European Commission Standard Contractual Clauses (SCCs);
• UK International Data Transfer Addendum or UK International Data Transfer Agreement (IDTA);
• Applicable adequacy decisions issued by competent authorities;
• Contractual data protection obligations imposed on third-party service providers;
• Organizational and technical security measures designed to protect personal data.

Some jurisdictions may not provide the same level of data protection as your home country. In such cases, SCALIBIT ensures that appropriate safeguards and legal transfer mechanisms are in place before transferring personal data.

Personal data processed by SCALIBIT is limited to customer account data, billing data, Client Portal authentication data (including username, passwords stored only in securely hashed form, and multi-factor authentication configuration data), communication records, and support-related metadata stored within SCALIBIT’s own administrative systems.

SCALIBIT does not have access to users’ plaintext passwords and does not generate or determine Client Portal passwords, which are created and managed solely by Customers at the time of registration or through their account settings.

SCALIBIT does not control or routinely access any data stored within servers, virtual machines, or cloud environments leased, used, and managed by Customers, except where explicitly requested or authorized by the Customer for narrowly scoped technical support purposes and strictly in accordance with the Data Processing Agreement.

Further details regarding our processing roles and responsibilities are described in our Data Processing Agreement (DPA).

Compliance with Legal and Law Enforcement Requests

SCALIBIT may disclose limited personal data to competent authorities, courts, regulators, or law enforcement agencies where required to do so by applicable law or in response to valid and legally binding requests. All such disclosures are assessed on a case-by-case basis to ensure they are lawful, proportionate, within the scope of the requesting authority’s jurisdiction, and limited to the minimum data necessary to fulfill the legal obligation.

Where legally permitted, SCALIBIT will make reasonable efforts to notify affected Customers prior to disclosure. Additional details regarding such disclosures are provided in Section 8 (“How We Disclose Your Information”) and in our Law Enforcement & Legal Requests Policy (Information Requests) .

12. APPLICABLE DATA PROTECTION LAWS

SCALIBIT complies with applicable data protection and privacy laws in the jurisdictions where it is established, operates, offers services, or where its infrastructure is physically located, including but not limited to:

• United States: California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other applicable U.S. state privacy laws.

• European Union / European Economic Area (EEA): General Data Protection Regulation (GDPR).

• United Kingdom: UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

• Other jurisdictions: Applicable local data protection and privacy laws in countries where SCALIBIT’s services are offered or where its servers and network infrastructure are hosted in third-party data centers or colocation facilities.

SCALIBIT continuously monitors changes in applicable data protection legislation and updates its internal policies, contractual safeguards, and technical and organizational measures accordingly to ensure ongoing compliance.

13. CALIFORNIA PRIVACY RIGHTS

13.1 California Online Privacy Protection Act (CalOPPA)

SCALIBIT complies with the California Online Privacy Protection Act (“CalOPPA”). This section applies solely to information collected through our website and SCALIBIT-operated online services accessible to California residents.

We do not disclose personal information to third parties except as described in this Privacy Notice, including disclosures necessary to provide the Services, comply with legal obligations, protect our rights and infrastructure, or work with authorized service providers under contractual confidentiality and data-protection obligations.

Users may review, update, or correct their account information at any time by logging into the Client Portal at: https://scalibit.com/login.

13.2 California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

California residents are entitled to specific rights regarding their personal data under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

These rights include, subject to applicable law:

• The right to know what personal data is collected, used, shared, or disclosed.

• The right to access a copy of your personal data.

• The right to request correction of inaccurate personal data.

• The right to request deletion of personal data, subject to legal retention obligations.

• The right to opt out of the sale or sharing of personal data.

• The right to limit the use of sensitive personal information, where applicable.

• The right not to be discriminated against for exercising privacy rights.

SCALIBIT does not sell personal data, whether for monetary consideration or any other form of value or benefit. Limited technical identifiers (such as cookies or device identifiers) may be shared for advertising measurement or service analytics purposes in accordance with applicable law.

Requests may be submitted via: https://www.scalibit.com/contact-us/ or by email at privacy@scalibit.com. Requests are subject to reasonable verification of identity.

Additional details are available in our California Privacy Notice.

13.3 Do Not Sell or Share My Personal Information

SCALIBIT does not sell personal information under any circumstances, whether for monetary consideration or any other form of value or benefit, and does not share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

California residents may exercise their rights or submit inquiries at any time by contacting us at privacy@scalibit.com or through the Client Portal.

13.4 Do Not Track Signals

Some web browsers offer a “Do Not Track” (“DNT”) signal that allows users to express their preference regarding tracking across websites.

At this time, SCALIBIT does not respond to or alter its data collection and usage practices based on Do Not Track browser signals, as there is no consistent industry standard for interpreting such signals.

14. US STATE-SPECIFIC PRIVACY RIGHTS

(A) State-Specific Privacy Rights

This section applies to residents of U.S. states with comprehensive consumer privacy laws, including but not limited to California, Virginia, Colorado, Connecticut, Delaware, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, and Texas.

Subject to applicable law, residents of these states may have the right to:

• Request information regarding:

  • the categories of personal data collected;

  • the sources from which personal data is collected;

  • the purposes for which personal data is processed;

  • the categories of third parties with whom personal data is shared; and

  • the specific pieces of personal data processed.

• Request correction or deletion of personal data, subject to lawful retention requirements (e.g., tax, accounting, fraud prevention, or regulatory compliance).

Account holders may access and modify certain information through the Client Portal, subject to applicable security and account verification requirements. Certain information may not be editable directly for security, fraud prevention, or identity verification purposes.

Other requests may be submitted by opening a support ticket through the Client Portal, or by contacting us at privacy@scalibit.com or via our contact page at https://www.scalibit.com/contact-us/ .

Authorized agents may submit requests on your behalf. We will verify requests using the account email address or other reasonable verification methods before processing.

You have the right to opt out of:

• the sale of personal data (as defined by applicable law); and

• the sharing of personal data for targeted advertising purposes.

SCALIBIT does not sell personal data under any circumstances, whether for monetary consideration or any other form of value or benefit. Limited online identifiers (such as cookie identifiers or device identifiers) may be shared via cookies or similar technologies solely for advertising measurement and limited service-related marketing analytics purposes, and only in accordance with applicable law.

• You may manage cookie preferences via our Cookie Policy.

• You may submit opt-out requests via https://www.scalibit.com/contact-us/ or by email at privacy@scalibit.com.

SCALIBIT does not engage in profiling that produces legal or similarly significant effects and does not process sensitive personal data except where strictly necessary for lawful operational, security, or compliance purposes.

We do not discriminate against individuals for exercising their privacy rights.

If a request is denied, you may appeal by contacting us through the same channels. We will respond in accordance with applicable law.

(B) California Residents – Additional Disclosures

• Financial Incentives. SCALIBIT does not offer financial incentives in exchange for personal data.

• Non-Customer Requests. California privacy rights extend to job applicants, employees, contractors, and business partners. Requests may be submitted to: privacy@scalibit.com.

• Do Not Track. SCALIBIT does not currently respond to browser-based “Do Not Track” signals but endeavors to honor Global Privacy Control (GPC) signals where technically feasible.

• Direct Marketing. SCALIBIT does not share customer contact information with third parties for their own direct marketing purposes.

• California Minors. Our Services are not directed at minors. California residents under 18 may request removal of public content they posted.

(C) Nevada Residents

SCALIBIT does not sell personal data as defined under Nevada law (NRS Chapter 603A). Nevada residents may submit related requests at: privacy@scalibit.com.

Additional details are available in our US States Privacy Notice.

15. COMPLIANCE WITH THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

In accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), SCALIBIT implements appropriate technical and organizational measures to safeguard personal data processed within its administrative systems and in connection with its administrative operations and infrastructure service provisioning.

15.1 Storage and Protection of Personal Information

Personal data processed by SCALIBIT may be stored or processed in the United States, the European Union / EEA, the United Kingdom, or other jurisdictions where SCALIBIT utilizes third-party upstream data center or network infrastructure providers.

Where international transfers occur, SCALIBIT relies on appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum or IDTA, and other lawful transfer mechanisms recognized under the GDPR.

SCALIBIT does not knowingly transfer personal data to jurisdictions lacking adequate protection without implementing legally valid safeguards.

Personal data processed by SCALIBIT is hosted within secure third-party data center facilities operated by professional infrastructure providers and protected through layered technical and organizational controls, including:

• a) strict physical access controls, monitored facilities, and continuous security surveillance;

• b) logical access controls, authentication mechanisms, and role-based authorization systems;

• c) confidentiality and data-protection obligations imposed on authorized personnel;

• d) encryption of sensitive data in transit using industry-standard TLS/SSL protocols;

• e) regular review of technical safeguards and operational security practices.

You may update or correct your account information through the Client Portal. Certain information may be retained where required for legal compliance, fraud prevention, dispute resolution, or enforcement of contractual obligations.

15.2 Data Retention and Processing Roles

• SCALIBIT retains personal data only for as long as necessary to fulfill contractual, legal, accounting, security, and regulatory obligations, and in accordance with the storage limitation principle under Article 5(1)(e) GDPR, as further detailed in Section 22 (Retention of Personal Data) of this Privacy Notice.

• SCALIBIT acts as a Data Controller solely for customer account, billing, client portal authentication, communication, and support-related data processed within its own administrative systems.

• With respect to all servers, virtual machines, cloud environments, and hosted systems leased, used, and managed by the Customer, SCALIBIT acts solely as an Infrastructure Provider and does not act as a data controller or data processor for any customer-hosted content, applications, or data.

For any personal data processed within customer-controlled environments, the Customer remains the Data Controller and solely determines the purposes and means of processing. SCALIBIT does not monitor, analyze, or routinely access such data.

SCALIBIT may access customer systems or servers only upon the Customer’s explicit written request, on a temporary basis, and solely for limited technical support and troubleshooting purposes related to operating system configuration, network settings, or infrastructure-level issues (such as incorrect IP configuration or connectivity problems), and strictly in accordance with the applicable Data Processing Agreement.

SCALIBIT does not access, review, or process customer-hosted files, databases, application data, or other content stored on such systems.

SCALIBIT’s role as an infrastructure and hosting provider is consistent with Article 14 of Directive 2000/31/EC (EU E-Commerce Directive) regarding intermediary service providers.

SCALIBIT is not responsible for the content, legality, or data-protection compliance of customer-hosted systems. Customers remain solely responsible for ensuring compliance with the GDPR and other applicable laws for any data processed within their environments.

Additional details regarding our data-protection practices and processing roles are available in our GDPR Privacy Notice and Data Processing Agreement (DPA).

16. YOUR PRIVACY RIGHTS

Under applicable data protection and privacy laws — including but not limited to the California Consumer Privacy Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable national or regional privacy regulations — you may have specific rights regarding your personal information.

These rights may include, subject to applicable law:

• Right of Access: To obtain confirmation as to whether personal data concerning you is being processed and, where applicable, access to such data.

• Right to Rectification: To request correction of inaccurate or incomplete personal data.

• Right to Erasure (“Right to be Forgotten”): To request deletion of personal data, subject to lawful retention obligations.

• Right to Restrict Processing: To request limitation of processing in certain circumstances.

• Right to Object: To object to processing based on legitimate interests, including direct marketing.

• Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller, where technically feasible.

• Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent.

• Right to Non-Discrimination: Not to be discriminated against for exercising privacy rights, where applicable under law.

To exercise any of the rights described above, please contact us at: privacy@scalibit.com.

We may request reasonable verification of your identity before processing your request to protect against unauthorized access or disclosure.

We will respond to valid requests without undue delay and within the time limits required by applicable law (generally within 30 days).

17. INTERNATIONAL NOTICES

This section applies to individuals residing outside the United States, including residents of the European Economic Area (EEA), the European Union (EU), the United Kingdom (UK), and other jurisdictions with comprehensive data protection laws applicable to SCALIBIT.

17.1 (A) Lawful Bases for Processing

Where required by applicable law, SCALIBIT processes personal data only where a valid legal basis exists. Depending on the context, such bases may include:

• Contractual necessity: Processing required to perform a contract with you (including contracts concluded electronically through our website and Client Portal) or to take steps at your request prior to entering into a contract.

• Legal obligation: Processing necessary to comply with applicable laws, court orders, binding legal process, or lawful requests from competent judicial authorities, public prosecutors, or law enforcement agencies acting within their legal authority.

• Legitimate interests: Processing necessary for SCALIBIT’s legitimate business interests, such as securing systems, preventing fraud, managing operations, and improving services, provided such interests do not override your fundamental rights.

• Consent: Processing based on your freely given consent, particularly for marketing communications or where required by law. Consent may be withdrawn at any time.

• Vital interests: Processing necessary to protect the vital interests of you or another person.

Where consent is required by law as the legal basis for processing, it will be obtained explicitly through appropriate mechanisms (such as account settings, consent banners, or contractual acceptance).

17.2 (B) International Transfers of Personal Data

Where personal data is transferred across borders, including to jurisdictions that may not provide the same level of data protection as your home country, SCALIBIT implements appropriate safeguards in accordance with applicable law.

• Where applicable, reliance on adequacy decisions issued by competent authorities.

• Where no adequacy decision exists, implementation of Standard Contractual Clauses (SCCs), UK International Data Transfer Addendum/IDTA, and supplementary technical and organizational safeguards.

Further information regarding our international transfer safeguards may be requested by contacting: privacy@scalibit.com.

17.3 (C) Exercising Your Privacy Rights

Residents of the EEA, EU, UK, Switzerland, Singapore, and other jurisdictions with similar data protection frameworks may have rights including:

• Withdrawal of consent

• Access, rectification, and erasure of personal data

• Data portability

• Restriction of processing

• Objection to processing, including direct marketing

• Lodging a complaint with a supervisory authority

Many of these rights may be exercised directly through your Client Portal account settings. You may also submit requests or inquiries via: https://www.scalibit.com/contact-us/.

18. INTERNATIONAL DATA TRANSFERS

As a global provider of leased and unmanaged infrastructure services, including dedicated servers, virtual machines, cloud compute resources, and GPU-based computing systems, SCALIBIT operates through geographically distributed third-party upstream data center and infrastructure providers in multiple countries. Accordingly, your personal data may be transferred to, stored in, and processed outside your country of residence. All such transfers are carried out in full compliance with applicable data protection and privacy laws.

For the avoidance of doubt, this Section 18 applies exclusively to personal data processed within SCALIBIT’s own business systems (including customer account information, billing records, and support communications).

It does not apply to any personal data or content hosted, stored, or processed on servers, virtual machines, cloud environments, or other infrastructure leased, used, and managed by Customers.

Customers remain solely and fully responsible for compliance with applicable data protection laws and international data transfer requirements with respect to any such customer-hosted data, including maintaining their own privacy notices and implementing appropriate lawful transfer mechanisms.

18.1. Locations of Processing

In the course of providing our Services and operating our technical platform, personal data may be processed in locations where SCALIBIT’s services and/or servers are physically hosted or supported by independent third-party upstream data center and network infrastructure providers. These locations may include, without limitation, the United States, the European Union (EU), the European Economic Area (EEA), Switzerland, the United Kingdom, Canada, Australia, Singapore, and other jurisdictions in which such servers or supporting infrastructure are physically located.

18.2. Transfers from the EU / EEA

Where personal data originating from the EU or EEA is transferred internationally, SCALIBIT ensures that such transfers comply with the General Data Protection Regulation (GDPR) and equivalent data protection frameworks, including the implementation of appropriate safeguards such as the Standard Contractual Clauses (SCCs) adopted by the European Commission or other legally recognized transfer mechanisms.

International transfers are conducted strictly for the purposes of service delivery, infrastructure operation, security, compliance, and customer support, and only to the extent necessary for such purposes.

18.3. Transfers Between the United Kingdom (UK) and the EU/EEA

For transfers of personal data between the UK and the EU/EEA, SCALIBIT relies on the mutual adequacy decisions currently in force:

• Transfers from the UK to the EU/EEA are based on the adequacy regulations adopted by the UK Government recognizing the EU/EEA as providing an adequate level of data protection.

• Transfers from the EU/EEA to the UK are based on the adequacy decision adopted by the European Commission recognizing the UK’s data protection framework as adequate.

These adequacy decisions permit the secure and lawful flow of personal data between the UK and the EU/EEA without additional transfer safeguards.

18.4. Transfers Outside the UK and the EU/EEA

Where personal data is transferred to countries outside the UK and the EU/EEA, SCALIBIT relies on one or more of the following lawful transfer mechanisms:

• (i) Transfers to recipients located in jurisdictions subject to an adequacy decision or adequacy regulation issued by the European Commission or the UK Government; or

• (ii) The execution of the Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK International Data Transfer Agreement (IDTA) or applicable UK Addendum, as required.

In all cases, SCALIBIT implements appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, or misuse. Where required by law, we also conduct Transfer Impact Assessments (TIAs) and risk evaluations to ensure that international transfers provide a level of protection essentially equivalent to that required within the originating jurisdiction.

19. SECURITY MEASURES

SCALIBIT implements industry-standard technical and organizational security measures designed to protect the confidentiality, integrity, and availability of personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are continuously reviewed and enhanced in line with technological developments and recognized security standards such as GDPR Article 32.

Our safeguards include a combination of technical, physical, logical, and procedural controls such as firewalls, intrusion-detection systems, encryption in transit and (where appropriate) at rest, restricted access policies, and continuous monitoring of systems for vulnerabilities or suspicious activity.

When you enter sensitive information on our websites or Client Portal (such as login credentials or payment details), we use Secure Sockets Layer (SSL/TLS) encryption to protect data during transmission. Critical stored data is protected using industry-accepted cryptographic controls and subject to strict access controls. Access to systems containing personal data is logged, monitored, and reviewed periodically to ensure compliance with internal security policies.

SCALIBIT does not collect, receive, store, process, or transmit any credit card information. All card payments are processed exclusively by independent third-party payment service providers such as PayPal and Stripe, in accordance with their own PCI DSS–compliant systems and security standards. SCALIBIT does not have access to, and does not retain, any full or partial credit card numbers, CVV codes, or other sensitive cardholder data.

To safeguard your account, we apply session management, multi-factor authentication (2FA), login-timeout mechanisms, and strong password policies. Authentication data is encrypted, and we recommend that you sign out of your account after use and keep your device secure.

While SCALIBIT employs reasonable and proportionate security measures to protect your information, no method of electronic transmission or storage is entirely secure. Accordingly, we cannot guarantee absolute security. In the unlikely event of a data-security incident involving your personal data, we will comply with all applicable data-breach notification requirements and provide legally required notices, which may be delivered via email or a prominent notice on our website or Client Portal.

20. SERVER DATA AND CUSTOMER-CONTROLLED ENVIRONMENTS

20.1 Scope of Infrastructure Services

SCALIBIT provides exclusively infrastructure-based services, including:

• Virtual Machines (VPS, VDS)
• Cloud Services (Cloud Servers, Dedicated Cloud Servers)
• Cloud Compute Services (Standard Performance, High Performance, High Frequency)
• Optimized Cloud Compute Services (General Purpose, CPU Optimized, Memory Optimized, Storage Optimized)
• Dedicated Servers / Bare Metal Servers
• GPU Servers (GPU Cloud Instances, Dedicated GPU Servers, Multi-GPU AI Training Clusters, High-Compute HPC Nodes, AI-Oriented Bare Metal Deployments)

SCALIBIT does not provide shared hosting, domain registration, SSL certificate services, managed hosting, application management, or content hosting services.

20.2 Data Ownership and Processing Roles

For all data, files, software, databases, logs, AI models, training data, inference outputs, application data, and any other information stored, processed, or transmitted within dedicated servers, virtual machines, cloud environments, or other infrastructure services leased, used, and managed by the Customer, the Customer acts as the sole Data Controller and determines the purposes and means of processing.

SCALIBIT operates solely as a neutral provider of leased and unmanaged infrastructure services and does not design, deploy, manage, operate, control, supervise, or administer Customer applications, operating systems, databases, software stacks, workloads, or hosted content.

Accordingly, SCALIBIT does not act as a Data Controller or Data Processor with respect to any Customer-hosted data, content, workloads, or personal data processed within Customer-managed infrastructure environments.

Customers remain fully and exclusively responsible for:

• the lawfulness of the data processed,
• determining the purposes and legal bases of processing,
• data classification and sensitivity assessment,
• implementation of appropriate technical and organizational security measures,
• encryption, access controls, and authentication policies,
• data retention and deletion policies,
• compliance with GDPR, CCPA/CPRA, and other applicable privacy and data protection laws, and
• any cross-border or international transfers of personal data occurring within Customer-managed systems, including the selection and implementation of appropriate lawful transfer mechanisms.

20.3 Access to Customer Systems

As part of its normal business operations, SCALIBIT does not access, monitor, scan, inspect, analyze, modify, or otherwise process any Customer data, databases, files, applications, personal data, or content hosted within Customer-managed servers, virtual machines, or cloud environments.

Any access to Customer systems may occur solely where:

• explicitly and voluntarily requested by the Customer for technical support purposes,
• strictly limited to infrastructure-level diagnostics or configuration,
• temporary in duration,
• restricted to operating system, network, or hardware-level troubleshooting,
• performed using server access credentials voluntarily and explicitly provided by the Customer (such as SSH username, SSH keys, passwords, SSH port numbers, or RDP usernames and passwords),
• logged, auditable, and limited to authorized SCALIBIT personnel.

Such access does not include review, processing, storage, analysis, or handling of Customer content, databases, personal data, application data, or AI workloads, and does not create any agency relationship, joint controllership, data processing relationship, or ongoing administrative authority.

20.4 System Access Credentials and Security Responsibilities

For the avoidance of doubt, this section refers exclusively to technical system access credentials used within Customer-managed environments (such as servers, operating systems, applications, and APIs), and does not refer to any government-issued identification documents, biometric identifiers, or personal identity records.

SCALIBIT does not store, manage, control, or have access to:

• server passwords,
• root or administrator credentials,
• private cryptographic keys,
• SSH keys,
• API keys or API tokens,
• database credentials, or
• any other internal system authentication material used within Customer-managed infrastructure.

All such authentication data is generated, maintained, secured, and controlled exclusively by the Customer within their own systems.

Any temporary SCALIBIT access is granted solely upon the Customer’s explicit written request and only where strictly necessary for limited technical support, maintenance, or troubleshooting purposes.

Such access may involve, solely where applicable and voluntarily provided by the Customer:

• Server / Cloud / Virtual Machine access credentials (such as SSH username, SSH key, password, SSH port number, or RDP username and password), where required for operating-system-level or infrastructure-level diagnostics and configuration.

All such access credentials are provided voluntarily by the Customer, remain under the Customer’s full control, and may be revoked or rotated by the Customer at any time.

Any such access is strictly temporary, limited in scope, logged, and restricted to authorized personnel. It never extends to the review, processing, modification, or use of Customer files, databases, hosted content, personal data, application-level data, or customer workloads.

Customers are solely responsible for implementing strong authentication controls, credential rotation, access management, network security, vulnerability management, and backup strategies. Customers are strongly encouraged to enable multi-factor authentication where supported and to use secure protocols such as SSH, SFTP, TLS, and HTTPS.

21. ACCOUNT SECURITY AND CUSTOMER RESPONSIBILITIES

21.1 Responsibility for Authentication Credentials

When you create an Account on SCALIBIT, authentication credentials for access to SCALIBIT systems (including the Client Portal) are created and defined solely by you.

This includes, without limitation:

• Client Portal login credentials (such as username/email address and password),
• multi-factor authentication (MFA / 2FA) settings, which are enabled and managed by you through the Client Portal,
• API credentials (such as API keys and API tokens), where such services are offered in the future, and
• any other account-level or administrative access identifiers.

SCALIBIT does not generate, choose, assign, or determine your passwords, authentication secrets, or multi-factor authentication settings. You are solely responsible for selecting, securing, and managing such credentials.

You agree to maintain the confidentiality, integrity, and security of your Client Portal login credentials (including your password and any multi-factor authentication data) and not to disclose, share, sell, transfer, sublicense, or otherwise make them available to any third party. You further agree to implement reasonable technical and organizational measures to prevent unauthorized access to your Account.

For the avoidance of doubt, except for initial system provisioning where strictly necessary, SCALIBIT does not generate, store, manage, control, or retain ongoing access to any credentials used to access Customer-managed servers, virtual machines, cloud environments, or applications (including SSH keys, server passwords, root or administrator credentials, database credentials, or internal API secrets), which remain under the Customer’s exclusive control after delivery of the service, as further described in Section 20.4.

In the case of dedicated server services, initial access credentials may be temporarily generated or applied by SCALIBIT solely for the purpose of operating system installation and initial provisioning, and are securely transmitted to the Customer. Customers are instructed to change such credentials immediately upon first login. SCALIBIT does not retain copies of such credentials after service delivery.

The Customer is solely responsible for the creation (where applicable), confidentiality, protection, rotation, and secure storage of all server access credentials (including, without limitation, SSH usernames, SSH keys, passwords, SSH port numbers, and RDP usernames and passwords), and for preventing any unauthorized access, misuse, or disclosure of such credentials after initial provisioning.

SCALIBIT shall not be liable for any damages, data loss, service interruptions, security incidents, or unauthorized activities resulting from the Customer’s failure to adequately protect such credentials, including Client Portal login credentials (username, password, MFA) or server access credentials (such as SSH usernames, SSH keys, passwords, SSH port numbers, or RDP usernames and passwords).

21.2 Compromised Login Credentials and Incident Notification

If you believe that your Client Portal login credentials (username, password, or MFA data), server access credentials, or any other account-related authentication information have been compromised, you must promptly:

• change, rotate, or revoke the affected credentials without undue delay, and
• notify SCALIBIT through the official support channels at https://www.scalibit.com/contact-us/.

SCALIBIT shall not be responsible for any losses, damages, data exposure, service interruptions, or security incidents resulting from:

• the Customer’s failure to adequately safeguard Client Portal login credentials or server access credentials,
• failure to implement reasonable technical and organizational security practices, or
• failure to notify SCALIBIT in a timely manner of a suspected or actual compromise,

except to the extent that such liability cannot be excluded or limited under applicable law.

21.3 Account Activity and Authorized Users

You are responsible for all activities conducted through your Account, including any actions performed by:

• your employees,
• contractors,
• affiliates,
• service providers, or
• any other persons to whom you grant access, whether intentionally or negligently.

You are responsible for ensuring that all authorized users comply with this Privacy Notice, the Terms of Service, the Acceptable Use Policy, and all other applicable SCALIBIT policies.

21.4 Security Best Practices

SCALIBIT strongly recommends that Customers:

• use strong, unique passwords that are not reused across other services,
• enable multi-factor authentication (2FA/MFA) where available,
• rotate credentials periodically,
• store credentials securely using reputable password management tools,
• restrict access based on the principle of least privilege, and
• maintain internal access logs and role separation where applicable.

21.5 Device and Endpoint Security

You acknowledge that malware, keyloggers, spyware, browser extensions, compromised software packages, or other malicious code present on your devices or internal systems may compromise Client Portal login credentials, server access credentials, or overall account access.

To mitigate such risks, you should:

• use reputable and up-to-date antivirus and endpoint security software,
• avoid accessing your Account from public or shared computers,
• log out after each session,
• avoid storing passwords in browsers on untrusted devices,
• apply operating system and application security updates regularly, and
• monitor for unusual login activity or other suspicious access patterns (including API activity, where applicable).

21.6 Shared Security Responsibility Model

SCALIBIT implements technical and organizational measures to secure its Client Portal, authentication infrastructure, and internal administrative systems.

However, overall account security operates under a shared responsibility model, whereby:

• SCALIBIT is responsible for securing its own administrative platforms, Client Portal infrastructure, and backend systems, and
• Customers are responsible for safeguarding their Client Portal login credentials, server access credentials, internal systems, devices, authorized users, and all Customer-managed servers and environments.

Failure to comply with the responsibilities outlined in this Section may result in unauthorized access, service abuse, or, where necessary to protect the integrity of the infrastructure or other Customers, temporary suspension, limitation, or restriction of access to the affected Account.

22. RETENTION OF PERSONAL DATA

22.1 General Retention Principles

For clarity, retention periods are defined as follows, unless a longer period is required by applicable law:

• Account, billing, and contractual records: up to 7–10 years after account closure, in accordance with tax, accounting, and statutory limitation obligations.

• Support and communication records: up to 3 years after ticket closure, unless required longer for dispute resolution or legal defense.

• Marketing data: up to 18 months after last interaction or until consent is withdrawn.

• Security and fraud-prevention logs: up to 24 months, unless extended due to active investigations or legal requirements.

Where applicable, data may be retained longer to comply with statutory retention periods, regulatory obligations, or applicable statutes of limitation, after which it is securely deleted or irreversibly anonymized.

22.2 Account, Billing, and Contractual Records

Personal data associated with Customer Accounts, orders, contracts, payments, billing records, invoices, and financial documentation may be retained for up to ten (10) years following account termination or the completion of the relevant transaction, where required to:

• comply with tax and accounting laws,
• meet regulatory record-keeping obligations,
• defend against legal claims,
• resolve disputes, or
• enforce contractual rights.

Where legally permissible, such data is securely deleted or irreversibly anonymized once the applicable retention period expires.

22.3 Marketing Data

Personal data processed solely for marketing or promotional purposes (where no other lawful basis applies) is generally retained for no longer than eighteen (18) months following your last interaction with SCALIBIT or until you withdraw your consent, whichever occurs first.

You may opt out of marketing communications at any time, after which your data will be removed from active marketing systems in accordance with applicable law.

22.4 Legal Holds and Lawful Requests

Certain personal data may be retained beyond standard retention periods where required to:

• comply with applicable laws or regulations,
• respond to binding legal process, subpoenas, court orders, or governmental requests,
• cooperate with law enforcement or regulatory authorities,
• protect the rights, property, or security of SCALIBIT, its Customers, or third parties.

In such cases, data is retained or disclosed strictly to the extent necessary and for the duration required by applicable legal obligations.

22.5 Customer Server Data

SCALIBIT does not control or determine retention periods for any data stored within dedicated servers, virtual machines, cloud environments, or GPU workloads leased, used, and managed by the Customer.

All data hosted within Infrastructure Services is retained, backed up, exported, deleted, or otherwise managed exclusively by the Customer in accordance with their own internal policies, legal obligations, and operational requirements.

Upon service termination, suspension, or decommissioning, any data remaining on the relevant infrastructure may be permanently deleted without further notice and rendered inaccessible as part of standard technical procedures. Customers are solely responsible for ensuring that any required data is backed up or transferred prior to such events.

23. THIRD-PARTY LINKS AND EXTERNAL SERVICES

23.1 Third-Party Websites and Services

This Privacy Notice applies solely to personal data collected directly by SCALIBIT through its own websites, Client Portal, administrative and billing systems, support channels, and other internal business systems, and in the course of its legitimate business operations.

Our websites, Client Portal, billing systems, support platforms, and related online services may contain links, integrations, APIs, embedded tools, or references to third-party websites, software platforms, cloud providers, payment processors, analytics providers, social media platforms, or other external services that are not owned, operated, or controlled by SCALIBIT.

SCALIBIT does not control and is not responsible for the content, security practices, data processing activities, or privacy policies of such third parties. Any personal data you provide to third-party services is governed solely by their respective privacy notices and contractual terms.

We strongly encourage you to carefully review the privacy policies and terms of service of any third-party website or service before submitting personal data or using their services.

23.2 Third-Party Branding and External References

From time to time, SCALIBIT may be referenced, reviewed, listed, or promoted by independent third parties on external websites, marketplaces, directories, forums, social media platforms, or other online services.

SCALIBIT does not control the content, accuracy, presentation, or context in which its name, logo, trademarks, or services may appear on third-party platforms and does not assume responsibility for any representations made by such third parties, or for any damages, losses, or disputes arising from reliance on such representations or from interactions with such third parties.

If you become aware of any unauthorized, misleading, fraudulent, or inappropriate use of the SCALIBIT name, branding, or services, please notify us promptly via:

https://www.scalibit.com/contact-us/

24. CHILDREN’S PRIVACY

24.1 No Services for Minors

SCALIBIT’s Services are offered exclusively to legal adults. Our Services are not directed to, marketed to, or intended for use by individuals under the age of 18 (or the age of majority in their jurisdiction, if higher).

SCALIBIT does not actively verify the age of users during registration and does not collect date-of-birth information as part of its standard onboarding process. By creating an account or using the Services, each user represents and warrants that they are at least 18 years old (or the applicable legal age in their jurisdiction).

Individuals under the age of 18 are not permitted to create accounts, access, or use the Services, or submit personal information to SCALIBIT. Any use of the Services by a minor constitutes a violation of our Terms of Service.

If SCALIBIT becomes aware that an account is being used by an individual under the applicable legal age, we reserve the right to immediately suspend or terminate the account and associated services, without prior notice, in accordance with our Terms of Service.

SCALIBIT does not independently verify the age of users and relies solely on the representations made by customers during registration and use of the Services. Any misrepresentation of age shall constitute a material breach of the Terms of Service and remains the sole responsibility of the user. SCALIBIT shall not be liable for any consequences arising from false age declarations, including any resulting service suspension, termination, data loss, or legal consequences.

24.2 Legal Compliance and Regulatory Framework

SCALIBIT does not knowingly collect, store, process, or use personal data of any individual under 13 years of age (or the minimum age required by applicable law in the user’s jurisdiction, if higher), in accordance with the United States Children’s Online Privacy Protection Act (COPPA) and Article 8 of the EU General Data Protection Regulation (GDPR).

SCALIBIT does not offer services to children and does not seek or obtain verifiable parental consent under COPPA.

If SCALIBIT becomes aware that it has inadvertently collected or processed personal data relating to an individual below the applicable minimum age threshold, such information will be deleted without undue delay.

24.3 Reporting Child Data Concerns

If you believe that SCALIBIT may have collected personal data from a minor, please notify us immediately so that we can investigate and take appropriate action in accordance with applicable law.

You may contact us at:
privacy@scalibit.com

25. JOB APPLICANTS AND OTHER NON-USERS

25.1 Categories of Data Collected

SCALIBIT may collect and process personal data from job applicants and other individuals who are not users of our Services in connection with employment applications, recruitment activities, vendor onboarding, contractual relationships, or other legitimate business interactions.

Such personal data may include, without limitation: your full name, contact details (email address, telephone number, physical address), professional experience, education history, qualifications, references, and the contents of any résumé (CV), cover letter, portfolio, or other documentation voluntarily submitted to SCALIBIT.

25.2 Purposes of Processing

SCALIBIT processes such information solely for legitimate and lawful business purposes, including:

• Evaluating applications and suitability for employment, consulting, or contractual engagement;

• Conducting interviews and recruitment assessments;

• Performing background checks and reference verification where permitted by applicable law;

• Maintaining communication during and after the recruitment or onboarding process;

• Complying with applicable labor, tax, immigration, and regulatory obligations.

25.3 Third-Party Screening and Retention

Where legally permitted and appropriate, background verification or screening services may be performed by authorized third-party providers acting under contractual confidentiality and data-protection obligations. SCALIBIT is not responsible for the independent data processing practices of such third-party providers.

SCALIBIT may retain applicant information for a reasonable period following the conclusion of the recruitment process in order to consider candidates for future opportunities, unless deletion is requested earlier or retention is otherwise restricted by applicable law.

25.4 Vendors, Contractors, and Business Contacts

Personal data may also be collected from vendors, contractors, consultants, and business partners in connection with contractual relationships, negotiations, compliance checks, and ongoing business communications and relationship management. Such data is processed strictly in accordance with this Privacy Notice and applicable data protection laws.

25.5 Exercising Privacy Rights

Job applicants and other non-users may exercise their applicable privacy rights as described in Section 16 (Your Rights) of this Privacy Notice.

Requests may be submitted by contacting:
privacy@scalibit.com

26. PERSONAL DATA MANAGED BY OUR CLIENTS

26.1 Definition of Client Customer Data

For the purposes of this Privacy Notice, a “Client” refers to any customer of SCALIBIT to whom we provide Services under a contractual agreement (the “Service Agreement”).

Our Clients may use SCALIBIT’s infrastructure services (including dedicated servers, virtual machines, cloud environments, and related computing resources) to store, transmit, process, or otherwise handle data relating to their own customers, users, or end-clients, which may include personal data (“Client Customer Data”).

26.2 Roles and Responsibilities

SCALIBIT does not have any direct relationship with individuals whose personal data may be included in Client Customer Data.

SCALIBIT acts solely as an infrastructure service provider and does not determine the purposes or means of processing of Client Customer Data. SCALIBIT does not act as a data controller, joint controller, or data processor with respect to such data.

Each Client acts as the independent data controller for all Client Customer Data and is solely responsible for determining:

• the purposes of processing;

• the lawful basis for processing;

• compliance with applicable data protection and privacy laws;

• and fulfillment of data subject rights.

• any cross-border or international transfers of Client Customer Data, including determining and implementing appropriate lawful transfer mechanisms where required.

26.3 Access to Client Customer Data

SCALIBIT does not access, monitor, review, use, or disclose any Client Customer Data in the ordinary course of business.

SCALIBIT does not have access to such data by default. Any potential access is limited to the technical environments (such as dedicated servers, virtual machines, or cloud systems) leased, used, and managed by the Client, and not to the data itself.

Where access is exceptionally granted, it occurs solely:

• at the explicit request of the Client for narrowly scoped technical support or troubleshooting purposes (such as operating system configuration or network-related issues);

• where temporary access credentials are voluntarily created and provided by the Client;

• or where required by applicable law, regulation, or valid and binding legal process.

Any such access is strictly temporary, limited to infrastructure-level or operating-system-level operations, fully logged, restricted to authorized personnel, and subject to strict confidentiality and data protection obligations. It does not include the intentional review, processing, copying, or use of application data, databases, hosted content, or end-user information.

26.4 Hosting Provider Status

In accordance with Article 14 of Directive 2000/31/EC (the “E-Commerce Directive”) and, where applicable, the EU Digital Services Act (Regulation (EU) 2022/2065), SCALIBIT acts as a neutral hosting and infrastructure service provider and is not responsible for the content, legality, accuracy, or processing of data hosted or transmitted by its Clients.

With respect to Client Customer Data, SCALIBIT does not act as a data controller or data processor within the meaning of the EU General Data Protection Regulation (GDPR) or under equivalent data protection frameworks in other applicable jurisdictions, including applicable U.S. federal and state privacy laws.

26.5 Client Security Obligations

Clients are solely responsible for implementing appropriate administrative, technical, and organizational security measures to protect Client Customer Data within any servers, virtual machines, cloud environments, or other infrastructure services leased, used, and managed by the Client, including but not limited to:

• data encryption prior to transmission and at rest;

• secure credential management and access controls;

• user authentication policies;

• application-level security controls;

• appropriate backup, retention, and disaster recovery procedures;

• compliance with applicable industry standards and data protection laws;

• responsibility for any cross-border or international transfers of personal data within customer-managed servers, virtual machines, or cloud services, including determining and implementing appropriate lawful transfer mechanisms where required.

26.6 Data Subject Requests

All requests, inquiries, or complaints relating to Client Customer Data — including requests for access, rectification, restriction, or deletion — must be directed to the relevant Client acting as data controller.

If SCALIBIT receives such a request directly, we will promptly forward it to the appropriate Client without undue delay and will not independently respond unless legally required to do so.

26.7 Limitation of Responsibility

SCALIBIT is not responsible for:

• the nature, accuracy, or lawfulness of Client Customer Data;

• how such data is collected, categorized, or processed by Clients;

• or the Clients’ compliance with data protection obligations.

• any damages, losses, penalties, or regulatory actions arising from the Client’s processing of Client Customer Data.

27. LEGAL DISCLOSURE

27.1 Disclosure Required by Law

SCALIBIT, its affiliates, and trusted service partners may disclose personal data where required to do so by applicable law, regulation, legal process, or enforceable governmental request.

This includes, without limitation, lawful requests issued by courts, law enforcement authorities, tax agencies, data protection regulators, or other competent public bodies acting within their legal authority.

27.2 Protection of Rights and Security

We may also disclose information where necessary to:

• protect and defend the rights, property, and safety of SCALIBIT;

• protect our Customers or the general public;

• prevent or investigate fraud, abuse, cybercrime, or security incidents;

• enforce our contractual agreements, policies, and legal rights;

• cooperate with competent authorities in connection with lawful investigations or respond to emergency requests, to the extent permitted by applicable law.

27.3 Review and Data Minimization

All legal and regulatory requests are carefully reviewed by SCALIBIT to assess their validity, jurisdiction, and scope prior to any disclosure.

We apply strict data-minimization principles and disclose only the minimum amount of personal data legally required to satisfy the specific obligation.

27.4 Notification of Affected Parties

Where legally permissible, SCALIBIT will make reasonable efforts to notify the affected Client or individual prior to disclosure so they may seek legal remedies or protective measures.

However, notification may be delayed or prohibited where disclosure is subject to statutory confidentiality obligations, court-ordered gag provisions, or restrictions related to ongoing investigations or national security matters.

27.5 No Commercial Disclosure

All disclosures under this Section are made strictly for legal compliance purposes and in good faith.

SCALIBIT does not sell, rent, trade, or otherwise transfer personal data to any third party for commercial purposes under the guise of legal or regulatory disclosure.

All processing and disclosure activities are carried out in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other relevant U.S. state privacy statutes.

Nothing in this section creates an obligation to disclose data where such disclosure is not legally required.

28. CHANGES TO THIS PRIVACY NOTICE

28.1 Right to Modify This Notice

SCALIBIT reserves the right to revise, update, or modify this Privacy Notice at any time to reflect changes in our business practices, technologies, legal or regulatory requirements, or applicable industry standards.

Any updated version will become effective immediately upon publication on our official website at https://www.scalibit.com, unless a different effective date is explicitly stated.

28.2 Acceptance of Updates

Your continued use of the Services after the publication of an updated Privacy Notice constitutes your acknowledgment and acceptance of the revised terms.

We encourage all users to review this Privacy Notice periodically to remain informed about how personal data is collected, processed, protected, and disclosed.

28.3 Notification of Material Changes

Where required by applicable law, or where changes materially affect your rights or obligations, SCALIBIT will provide additional notice through one or more of the following channels:

• email notification to the registered account email address;

• a prominent notice in the Client Area;

• or other reasonable electronic communication methods.

You are responsible for ensuring that your account contact information remains accurate and up to date to allow proper delivery of such notices.

28.4 Limitation of Liability

SCALIBIT shall not be liable for any failure to deliver notifications resulting from outdated, inaccurate, or incomplete contact information provided by you.

In the event of a material breach or violation of this Privacy Notice or the applicable Service Agreement, SCALIBIT reserves the right to suspend or terminate Services in accordance with its Terms of Service and applicable law.

29. ADDITIONAL DISCLOSURES AND REGIONAL PRIVACY NOTICES

Depending on your place of residence, additional regional or jurisdiction-specific privacy disclosures may apply. These notices supplement this Privacy Notice and provide more detailed information regarding your rights and our obligations under applicable laws.

29.1 United States – State Privacy Notices

Residents of certain U.S. states may have additional rights under applicable state privacy laws (including but not limited to CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, and similar regulations).

Full details are available at:
https://scalibit.com/legal/us-privacy-notice

29.2 California – CCPA / CPRA Privacy Notice

California residents may review the dedicated California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) disclosure at:

https://scalibit.com/legal/ccpa-privacy-notice

29.3 European Union / EEA – GDPR Privacy Notice

Individuals located in the European Union or European Economic Area may review our GDPR-specific privacy disclosures at:

https://scalibit.com/legal/eea-gdpr-privacy-notice

29.4 Cookies and Tracking Technologies

Information regarding our use of cookies, tracking technologies, and related consent mechanisms is available in our Cookies Policy:

https://scalibit.com/legal/cookie-policy

30. CONTACT INFORMATION

If you have any questions, concerns, or complaints regarding this Privacy Notice, or if you wish to exercise your data protection rights, you may contact SCALIBIT using the details below.

30.1 Company Contact Details

SCALIBIT TECHNOLOGY
Website: https://www.scalibit.com
Email: privacy@scalibit.com
Contact Form: https://www.scalibit.com/contact-us/

30.2 Supervisory Authorities and Complaints

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe that your personal data has been processed unlawfully or that your rights under applicable data protection laws have been infringed.

A list of EU supervisory authorities is available at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK residents may contact the Information Commissioner’s Office (ICO):
https://ico.org.uk

30.3 Data Protection Officer (DPO)

SCALIBIT may designate a Data Protection Officer to oversee compliance with applicable data protection laws and to serve as a point of contact for data subjects and supervisory authorities, where required.

Data Protection Officer (if appointed):
Email: dpo@scalibit.com