1. Information We Collect
We collect only what is necessary to deliver our services and operate our business:
- Contact & identity data — name, email, phone, company name when you book an audit, sign an engagement, or correspond with us.
- Business data — GSTIN, bank details, billing address required for invoicing.
- Account data — Amazon Seller Central, Amazon Ads, Flipkart Seller Hub, Meta Business Manager and Google Ads data that clients grant us delegated access to, strictly for the purpose of performing contracted services.
- Website telemetry — anonymized analytics (pages viewed, approximate region, device class) used to improve the site. No cross-site tracking pixels.
2. How We Use Information
Collected data is used solely to:
- Deliver the services contracted — campaign management, listing optimization, account health, P&L reporting.
- Communicate with clients about their accounts, reports, invoices and strategy.
- Meet legal and tax obligations in India (GST filings, audit records).
- Improve our service quality in aggregate — never using identifiable client data for training or cross-account intelligence without explicit written permission.
3. Amazon Ads Data Usage
ScaleRao accesses Amazon Ads data only with explicit client authorization — typically via Login-with-Amazon delegated permissions or by being added as a user on the client's Amazon Advertising account. This access is used solely for campaign management, optimization, and reporting on behalf of the client who granted it.
We do not:
- Use one client's Amazon Ads data to benefit another client.
- Sell, license, or otherwise transfer Amazon Ads data to third parties.
- Retain data longer than necessary for the engagement plus statutory retention requirements.
- Use Amazon Ads data for any purpose outside the scope of the contracted services.
Clients may revoke access at any time through Amazon's account settings. Upon revocation or termination, we cease accessing data immediately and purge cached data within 30 days.
4. Data Protection
We treat client data as a material commercial asset and protect it accordingly:
- Encrypted transport (TLS) for all data in transit.
- At-rest encryption on operational databases and backups.
- Principle-of-least-privilege access controls — only engagement team members touch engagement data.
- Two-factor authentication mandatory on all systems holding client credentials.
- Annual access review and credential rotation.
5. Data Sharing
We do not sell personal data. We share data only in these tightly scoped cases:
- Service providers — hosting, accounting, email delivery — bound by confidentiality obligations and instructed to use data only to perform their specific function.
- Legal compliance — when required by Indian law, a valid court order, or to protect our legal rights.
- Business transfers — in the unlikely event of a merger or acquisition, data may transfer to the successor, subject to the same protections described here.
6. Your Rights
You may request access, correction, portability or deletion of your data by emailing us. We respond within 14 business days. Where legal obligations require us to retain certain records (e.g. invoices for tax purposes), we will retain only those minimum records.
7. Contact Us
Questions, requests, or concerns about this policy:
ScaleRao
Email: sales@scalerao.com
New Delhi, India
GST: 07JRYPS3440A1ZD