Privacy Policy
Terms of Use
Cookie Policy
Acceptable Use Policy
Service Level Agreement
Data Processing Addendum

Privacy Policy

Your privacy is important to us. It is Upscaler Limited's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including  across our website at and web application at and any other sites we own and operate.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of  birth), your devices, payment details, and even information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that  those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

This Privacy Policy was last updated on 26 May 2022.

1. Information we collect and how it is used

When browsing our website, submitting information via our contact form, registering with us for services online, registering interest in advertised job roles through our website, logging into our online services, subscribing to application status updates, and purchasing services from us, we collect personal information about you that may be combined, reviewed, logged, stored, or accessed for the following purposes:

  1. Analysis of the performance of our website by monitoring usage and traffic patterns;
  2. To enable you to customise or personalise your experience of our website;
  3. Responding to requests for more information about our products and services;
  4. Registering an account so that we can provide you with the services you have requested;
  5. Processing subscription payments;
  6. Responding to demo and onboarding session requests;
  7. Facilitating login to the Upscaler application using a registered Upscaler account or third party account such as Google and Microsoft;
  8. Reviewing and responding to applications for advertised positions;
  9. Providing support to our customers by receiving, analysing, and responding to support requests;
  10. Facilitating the correct operation of our services by logging necessary transaction, event, and error data.
  11. Facilitating subscription to status updates for the Upscaler application so that we can provide you with real-time application status notifications.
  12. Communicating with you regarding changes and improvements to the Upscaler application which are relevant to your service subscription.

We may also receive personal data about you from referrals. Referrals may come from other customers or partners that we work with, but we will always confirm your consent with referrers before receiving and processing any personal data about you, and will be processed in accordance with this privacy policy.

1.1 Types of data collected

The specific types of personal data that we collect are:

  1. Contact data consisting of name, email address, and phone number, where provided in contact request forms, demo bookings, onboarding session requests, application status subscriptions, service subscriptions or referrals.
  2. Authentication data such as your name and email address which is used for login to our service. A phone number may also be used to confirm your identity as a second factor of authentication (2FA).
  3. Where Single Sign-On (SSO) integration is used to facilitate user authentication and access to the application, email address, display names, and publicly available account profile pictures may also be collected as part of the account verification process between the SSO service provider and our application.
  4. Analytics data from our website consisting of device type, operating system used, unique device identifiers, device settings or preferences, and geo-location data. We currently anonymise IP address data.
  5. Recruitment data consisting of name, contact details, previous employment information, education and training.
  6. Personal data submitted via support requests which would typically contain contact data consisting of name, email address, and phone number, but may also include screenshots taken on your local devices that may inadvertently include personal data about you.
  7. Log data which may include technical details about devices that you used and actions performed by you either on our website, or while logged into our services. Personally identifiable data is removed from log data wherever possible, but it may be possible to combine log data to personally identify persons using our services.

Where data is submitted to us inadvertently by you we will make every effort to delete or mask this data in our systems, where possible. We do not request, or encourage, the submission of personal data that is not specifically necessary to carry out the activities described in this privacy policy.

2. Our legal basis for processing your personal data

The processing activities we perform are primarily carried out for our legitimate interest as a commercial company that is developing and selling software-as-a-service. We also process personal data in order to fulfil our contractual and service level obligations to you when you purchase these services from us.

When we process personal data in order to market our product, we do so based on your consent. You may provide this consent via voluntary submission of a contact request, demo booking request, or onboarding session request following subscription to the service. You are entitled to withdraw your consent at any time by submitting a request as described in this privacy policy.

When you submit personal data to us by registering your interest in an advertised position, we process this data based on our legitimate interest and your consent by you voluntarily submitting the data to us.

3. Retention of your personal data

We keep your personal information only for as long as we need to, and delete this data when it is no longer required. The retention period is dependent on what your data is being processed for, in accordance with this privacy policy.

For example, if you have provided us with personal information as part of creating an account  with us, we will retain this information for the duration your account exists on our system in order to provide services to you. Where you no longer subscribe to our services, your personal data will be deleted, or anonymised to the extent possible where it may need to be retained for legal and regulatory purposes.

‍4. Security of your personal data

When we collect and process personal data, and for the duration that we retain and store this data, we will protect it within commercially acceptable means to prevent loss and theft, and unauthorised access, disclosure, copying, use or modification. We do this primarily by:

  • Using industry standard encryption technology wherever possible to protect your data from the point of collection to the time that it is deleted;
  • By implementing access control mechanisms;
  • By ensuring data processing agreements are in place with relevant third parties;
  • By training our employees and contractors on the correct handling of your data.

However, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security. For example, you are responsible for the safe keeping and strength of any passwords you create to log into our services, and for ensuring the security of your own information within the bounds of our services. Where your password can be easily guessed, or where you inadvertently divulge it to unauthorised users, we cannot ensure the confidentiality of the data held in your account with us.

5. Sharing of personal data with third parties

Your personal data will be shared with third parties that we use to help deliver our services to you, or where required to share it for legal or regulatory purposes. Categories of third parties would include:

  • Cloud-service providers contracted by us to provide required infrastructure and data centre services, which would include services such as data storage, processing, logging and monitoring, email, web-services, networking, data backup, account authentication, feature-flag services, etc.;
  • Web-hosting providers for hosting of our website and collection of contact form data and demo requests;
  • Data analytics providers for analysis of web-traffic data;
  • Contractors employed to carry out specific services on our behalf;
  • CRM services for recording and managing customer accounts;
  • Payment providers to process payment of your subscriptions;
  • Legal and regulatory authorities where required in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights;
  • Communication tool providers used to facilitate customer communications.

Our primary third parties are currently:

  • AWS
  • MongoDB
  • Google Firebase
  • Google Analytics
  • Sentry
  • Webflow
  • Stripe
  • NetHunt CRM
  • Microsoft 365
  • LaunchDarkly
  • Atlassian Statuspage
  • Twilio SendGrid
  • Mailjet

6. International transfers of personal data

The personal data we collect is primarily stored and processed within the EU, and more specifically in Ireland wherever it is possible to restrict the processing of your personal data. Third parties that we contract for services may use processing facilities outside of the EU for redundancy, and for the purposes of providing support services. Where this is the case, and the country does not have equivalent data protection laws to that of the EU, we will ensure:

  1. Any transfers of data are performed in accordance with the requirements of applicable law; and
  2. The data transferred is protected in accordance with this privacy policy.

Typically, we will do this by ensuring Standard Contractual Clauses (SCC) published by the European Commission are in place with relevant third parties as part of our ISO/IEC 27001:2013 aligned supplier due diligence programme prior to any transfers. Where this is not possible, we will ensure that transfers will only take place based on your informed consent.

7. Children's privacy

We do not aim any of our products or services directly at children under the age of 18 and we do not knowingly collect personal information about children under 18.

8. Cookies

We use 'cookies' to collect information about the devices you use and your activity across our site as mentioned in section 1 of this policy. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified, and helps us to analyse the performance of our site.

Please refer to our Cookie Policy for more information.

9. Your data protection rights

Under data protection law, you have certain rights which you are entitled to exercise and which we are required to make you aware of. These include:

9.1 The right to access

You may request that we provide you with copies of any personal data that we hold about you.

9.2 The right to rectification

If you believe that any personal data we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete,  misleading, or out of date.

9.3 The right to erasure

You have the right to request that we erase any personal data we hold about you. However, where we are required to process your data for a legal basis such as compliance with a legal obligation, or where the data must be processed to continue to deliver contracted services to you, it may not be possible to erase your personal data.

9.4 The right to restrict processing

You have the right to request that we restrict the processing of your personal data if (i) you are concerned about the accuracy of your personal data; (ii) you believe your personal data has been unlawfully processed; (iii) you need us to maintain the personal data solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

9.5 The right to object to processing

You have the right to object to processing of your personal data where (i) the processing is carried out based on our legitimate interests, (ii) carried out in the public interest such as for research purposes; or (iii) the processing relates to direct marketing. Where the processing is based on our legitimate interests or in public interest, you must clearly submit your grounds for objection in a request in accordance with this privacy policy.

9.6 The right to data portability

You have the right to request that your personal data be transferred to you, or another data controller of your choice, in a structured and machine-readable form so that the personal data can be reused. An example of this may be if you choose to transfer services to another service provider.

9.7 Consent

As mentioned in section 2 of this policy, you have the right to withdraw consent of the processing of your personal data at any time, subject to certain conditions. To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided below, or opt-out using the opt-out facilities provided in the communication. We may need to request information from you to help us confirm your identity.

9.8 Lodging a complaint with a supervisory authority

You have the right to lodge a complaint regarding our processing of your personal data with a supervisory authority. In Ireland, the supervisory authority is the Data Protection Commission, and you can submit a complaint via webform or post as directed on their website.

10. Contacting us

The personal data that we process about you is controlled by Upscaler Limited, Yellow Walls Road, Malahide, Co. Dublin, Ireland. For any queries or requests regarding your personal data, or if you believe that we may be in breach of relevant data protection law, please contact: Where you prefer to make a request verbally via phone call, please let us know and we will arrange a call back.

Where you submit a data subject access request to us, we will respond without undue delay in writing, unless specifically requested otherwise, within 1 month of receiving your request, in line with current data protection law.

11. Changes to this policy

We may periodically make changes to this privacy policy to reflect updates to our business processes, or legislative or regulatory changes. We will post the changes here on our website, at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or provide you with the facility to opt in to or opt out of, as applicable, any new uses of your personal information.

Learn how Upscaler can help with ISO compliance

Complete the form below and one of our experts will be in touch to arrange a call.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.