Privacy Policy

Last updated: March 5, 2026·Version 1.2.1

1. Introduction

Scalar Establishment, CR No. 7052673469, ("we", "us", "our") operates the Scalar Finance platform (the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Service. By accessing or using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, you must not use the Service. This policy is incorporated into and forms part of our Terms & Conditions. We are committed to processing personal data in accordance with the Saudi Personal Data Protection Law (PDPL) and other applicable data protection regulations. Scalar Establishment is the controller of personal data processed under this Privacy Policy.

2. Information We Collect

We collect the following categories of information: (a) Account Information: name, email address, password (hashed), and profile details you provide during registration; (b) Financial Data: transactions, accounts, budgets, categories, tags, recurring payments, investment holdings, dividend records, and other financial records you enter into the platform; (c) Payment Information: billing details and subscription information processed through our third-party payment providers (we do not directly store full payment card details); (d) Technical Data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, session duration, and usage patterns collected automatically when you use the Service; (e) Integration Data: if you connect third-party accounts (banks, exchanges, brokers), we may receive account balances, transaction histories, holdings data, and account identifiers through those integrations; (f) Market Data Queries: information about stock symbols, market data, and financial instruments you search for or track within the Service; (g) Communication Data: any information you provide when contacting our support team or submitting feedback.

3. Legal Basis for Processing

We process your personal data on the following legal bases: (a) Contractual Necessity: processing required to provide the Service and fulfill our contractual obligations to you under the Terms & Conditions; (b) Consent: where you have given explicit consent for specific processing activities, such as connecting third-party integrations; (c) Legitimate Interest: processing necessary for our legitimate business interests, including improving the Service, preventing fraud, and ensuring security, provided such interests are not overridden by your rights; (d) Legal Obligation: processing required to comply with applicable laws, regulations, court orders, or governmental requests. You may withdraw consent at any time, but this will not affect the lawfulness of processing carried out before withdrawal.

4. How We Use Your Information

We use your information for the following purposes: (a) to provide, maintain, and operate the Service; (b) to process your transactions, manage your accounts, and fulfill subscription services; (c) to send important service-related communications, including security alerts, billing notifications, and account updates; (d) to improve, personalize, and optimize your experience with the Service; (e) to detect, investigate, and prevent fraudulent activity, unauthorized access, and other security incidents; (f) to analyze usage patterns and trends for internal analytics and product development; (g) to comply with legal obligations, enforce our Terms, and protect our rights; (h) to respond to your support requests and feedback; (i) to maintain audit logs for security and compliance purposes. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Sharing & Disclosure

We may share your personal data in the following limited circumstances: (a) Service Providers: with trusted third-party service providers who assist us in operating the Service, including cloud hosting providers, payment processors, market data providers, and analytics tools, subject to contractual obligations to protect your data; (b) Third-Party Integrations: when you explicitly connect external services (banks, exchanges, brokers) through the platform, data necessary for the integration will be shared with those providers; (c) Legal Requirements: when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others; (d) Business Transfers: in connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, your data may be transferred as part of the transaction; (e) With Your Consent: in any other circumstance where you have provided explicit consent. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law.

6. Data Storage & Security

Your data is stored on secure servers with industry-standard protections. We implement the following security measures: (a) encryption of data at rest and in transit using TLS/SSL protocols; (b) encryption of sensitive credentials (such as third-party integration tokens) using strong encryption; (c) role-based access controls limiting data access to authorized personnel; (d) regular security reviews and vulnerability assessments; (e) secure development practices and code review processes; (f) monitoring and logging of system access. Despite these measures, we acknowledge that no security system is impenetrable, and we cannot provide an absolute guarantee of security.

7. No Guarantee of Security

DESPITE OUR EFFORTS TO PROTECT YOUR DATA, NO SECURITY SYSTEM IS IMPENETRABLE. WE CANNOT AND DO NOT GUARANTEE THAT YOUR DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY A BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ORGANIZATIONAL SAFEGUARDS. IN THE EVENT OF A SECURITY BREACH, DATA LOSS, HACKING INCIDENT, RANSOMWARE ATTACK, UNAUTHORIZED ACCESS, SYSTEM COMPROMISE, OR ANY OTHER SECURITY EVENT, WHETHER CAUSED BY EXTERNAL ATTACKS, INTERNAL FAILURES, HUMAN ERROR, OR ANY OTHER CAUSE, SCALAR FINANCE SHALL NOT BE LIABLE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, FOR ANY DAMAGES, LOSSES, OR CONSEQUENCES RESULTING FROM SUCH EVENTS, INCLUDING BUT NOT LIMITED TO FINANCIAL LOSSES, REPUTATIONAL HARM, BUSINESS INTERRUPTION, OR EXPOSURE OF PERSONAL OR FINANCIAL DATA. YOU ACKNOWLEDGE THAT YOU PROVIDE YOUR DATA AT YOUR OWN RISK AND THAT IT IS YOUR RESPONSIBILITY TO MAINTAIN INDEPENDENT BACKUPS OF YOUR CRITICAL DATA.

8. Cross-Border Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction. By using the Service, you consent to such transfers. Where required by applicable law, including the Saudi PDPL, we will implement appropriate safeguards such as contractual clauses, technical protections, or other legally recognized mechanisms to ensure your data receives adequate protection during cross-border transfers. Safeguards may include contractual commitments, access controls, encryption, and data minimization.

9. Third-Party Services

The Service may integrate with or contain links to third-party services, including but not limited to payment processors (e.g., Paddle), bank connection providers (e.g., Plaid), market data providers (e.g., Twelve Data), exchange APIs, broker APIs, and analytics tools. These third-party services operate independently and have their own privacy policies. We are not responsible for the privacy practices, security measures, content, or availability of any third-party services. We strongly encourage you to review the privacy policies of any third-party services you connect to or interact with through Scalar Finance. Your use of third-party services is at your own risk.

10. Cookies & Tracking Technologies

We use cookies, browser local storage, and similar technologies for the following purposes: (a) Session Management: to authenticate your identity and maintain your login session; (b) Preferences: to remember your settings such as language, theme, and display preferences; (c) Security: to detect and prevent fraudulent activity; (d) Functionality: to ensure the Service operates correctly. These cookies are essential for the operation of the Service. We do not use third-party advertising, marketing, or behavioral tracking cookies. We do not use third-party analytics that track you across other services. You can configure your browser to refuse cookies, but doing so may affect your ability to use certain features of the Service.

11. Data Retention

We retain your personal information and financial data for as long as your account is active or as reasonably needed to provide you with the Service. When you delete your account, we will delete or anonymize your personal data within a reasonable timeframe (typically within 30 days), except where we are required or permitted to retain certain data for: (a) compliance with legal, regulatory, or tax obligations; (b) resolution of disputes or enforcement of our agreements; (c) prevention of fraud or security purposes; (d) legitimate business purposes such as maintaining audit logs. Aggregate or de-identified data that cannot reasonably be used to identify you may be retained indefinitely for analytics and improvement purposes.

12. Your Rights

Subject to applicable law, including the Saudi Personal Data Protection Law (PDPL), you may have the following rights regarding your personal data: (a) Right of Access: the right to request confirmation of whether we process your data and obtain a copy of it; (b) Right to Rectification: the right to correct inaccurate or incomplete data; (c) Right to Erasure: the right to request deletion of your personal data, subject to legal retention requirements; (d) Right to Restrict Processing: the right to restrict certain processing activities; (e) Right to Data Portability: the right to receive your data in a structured, commonly used format; (f) Right to Object: the right to object to processing based on legitimate interests; (g) Right to Withdraw Consent: the right to withdraw previously given consent at any time; (h) Right to Lodge a Complaint: the right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) or other competent supervisory authority. To exercise any of these rights, contact us at SF@scalerfinance.ai. We will respond to your request within 30 days or as required by applicable law.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay, and where required by applicable law, we will notify affected individuals. However, notification obligations do not constitute an admission of fault or liability. Notification does not constitute an admission of fault, and liability (if any) will be determined in accordance with applicable law and the Limitation of Liability in our Terms & Conditions.

14. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect, solicit, or process personal information from children or minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete such information from our systems. If you believe that a minor has provided us with personal information, please contact us immediately at SF@scalerfinance.ai.

15. Changes to This Policy

We reserve the right to modify, update, or revise this Privacy Policy at any time. When we make material changes, we will update the "Last updated" date at the top of this page and may provide additional notice through the Service or by email. It is your responsibility to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. If you do not agree with the revised policy, you must stop using the Service immediately.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us at SF@scalerfinance.ai.