Scale together.

Privacy Policy

Last updated: May 12, 2026

1. Who this policy covers and who we are


This policy is published by Gap Cloud, the company that develops and operates Scaler, a cloud-based ERP platform.

This policy applies to data collected through the Scaler website at sclr.gap-cloud.com, including the checkout flow and meeting booking form. It does not cover data processed inside the Scaler platform after you become a customer. If you are a Scaler customer and want to understand how your business data is handled within the platform, refer to the Scaler Platform Privacy Policy.

2. The law that governs this policy


Your data is processed in accordance with the Egyptian Personal Data Protection Law — Law No. 151 of 2020 and its Executive Regulations (Ministerial Decree No. 816 of 2025).

We are operating during the law's compliance grace period, which runs until November 1, 2026. Our data practices are designed to align with the law's requirements. We are in the process of obtaining the Processor License from the Personal Data Protection Center (PDPC) required to operate as a data processor under Egyptian law.

3. What data we collect


Data you provide directly

When you complete a checkout:

  • Full name
  • Company name
  • Company email address
  • Industry
  • How you heard about Scaler
  • Affiliate code (only if you select "Affiliate" as your referral source)
  • Payment method selection (card, digital wallet, or bank transfer)
  • If you are an Egyptian company: your Tax Registration Number (TRN), which is verified in real time against the Egyptian Tax Authority
  • If TRN verification fails: a copy of your Commercial Registry document, submitted for manual review
  • If you pay by bank transfer: a proof of payment file (optional)

When you submit a meeting booking request:

  • Full name
  • Job title and role
  • Company name
  • Business email address
  • Company LinkedIn URL (optional)
  • Country
  • Company size
  • Industry
  • Timezone
  • Three preferred meeting date and time slots
  • Any notes you choose to include about your situation or requirements

Data collected automatically

When you visit the website, we collect the following automatically, regardless of whether you submit any form:

  • IP address — used to determine approximate geographic location and to detect security threats
  • Browser type and version, device type, and operating system — used to ensure the website displays correctly
  • Pages visited, time spent on each page, and navigation path — collected via Google Analytics
  • Referral source — how you arrived at the website (e.g., from a search engine, a link, direct entry)
  • Session identifiers and cookies — see section 6 below

We do not collect your name, email address, or any other identifying information through automatic collection alone, unless you have also submitted a form.

4. Why we collect your data


We collect your data for specific purposes only. We do not use it for any purpose beyond what is described here.

DataPurpose
Checkout: name, company, email, industryTo process your order, provision your Scaler account, and communicate with you about your subscription
Checkout: TRN and Commercial Registry documentTo verify your eligibility for the Egyptian company pricing rate
Checkout: payment method and proof of paymentTo complete and confirm your transaction via PayTabs
Meeting booking: all fieldsTo prepare for your meeting, confirm your slot, and route your inquiry to the right team member
Website analyticsTo understand how the website is used and make improvements
IP address and request metadataTo protect the website against bots, malicious traffic, and security threats

We do not use your data for profiling or automated decision-making, with one exception: we verify your Tax Registration Number against the Egyptian Tax Authority database automatically to determine whether the Egyptian company pricing rate applies. If the automated check returns a negative result, you can request manual review by uploading your Commercial Registry document or contacting us directly.

5. Legal basis for processing


DataLegal basis
Checkout data (name, company, email, industry, payment)Performance of a contract — processing is necessary to complete your purchase and deliver the service
TRN and Commercial Registry documentLegitimate interest — verifying company identity to apply the correct pricing rate
Meeting booking dataLegitimate interest — pre-contractual steps at your request
Website analyticsLegitimate interest — understanding and improving our website
Security and fraud detectionLegitimate interest — protecting the website and its users

6. Cookies


The website uses cookies — small text files stored on your device that help the site function and give us information about how it is used.

Cookie typePurposeProviderDuration
EssentialMaintain your session state during checkout and form completionGap CloudSession
AnalyticsMeasure page views, session duration, traffic sources, and usage patternsGoogle AnalyticsUp to 26 months
SecurityProtect against bots and malicious traffic at the network layerCloudflareSession

You can opt out of Google Analytics tracking at any time using the Google Analytics opt-out browser extension. Opting out does not affect your ability to use the website.

Cloudflare security cookies are set automatically to protect all visitors and cannot be disabled without affecting the security of the site.

A cookie consent banner is displayed when you first visit the website. Analytics cookies are not set until you accept them.

7. Third-party services


We use the following third-party services on the website. Each acts as a data processor under our instruction and is bound by a data processing agreement.

ServicePurposeData they receive
PayTabs Payment processing Payment method selection and transaction details. PayTabs processes card data within its own PCI DSS-compliant environment. We do not store card numbers or full payment credentials on our systems.
Google Analytics Website analytics IP address (anonymized before storage), page views, session data, and browser information
Cloudflare CDN, Web Application Firewall, DDoS protection IP address and request metadata. Cloudflare does not cache personal data — only static assets such as images, CSS, and JavaScript files.

None of these providers are permitted to use your data for their own marketing purposes or to share it with third parties beyond what is necessary to deliver the service to us.

8. Where your data is stored


Your data is hosted on Microsoft Azure infrastructure in the West Europe region (the Netherlands). This means your data is stored outside Egypt.

We maintain geo-redundant backup copies in a secondary Azure region within the European Union for disaster recovery purposes.

Safeguard for cross-border transfers: Microsoft Azure's Data Processing Addendum includes Standard Contractual Clauses (SCCs) that provide a legal framework for the transfer and protection of personal data across borders. We rely on these clauses as the safeguard mechanism for transferring your data to EU-based servers.

We are applying for the cross-border data transfer license required under Egyptian PDPL and will update this policy when that license is granted.

9. How long we keep your data


DataRetention period
Checkout and subscription recordsFor the duration of your subscription, and for 7 years after it ends, in compliance with Egyptian financial record-keeping requirements
TRN and Commercial Registry documents7 years from the date of submission
Meeting booking records (where no subscription follows)12 months from the date of submission
Website analytics data26 months
Website access and security logs12 months

After the applicable retention period, your data is deleted or irreversibly anonymized. You may request earlier deletion at any time — see section 10.

10. Your rights


Under the Egyptian Personal Data Protection Law (Law No. 151 of 2020), you have the following rights:

Access
You can request a copy of the personal data we hold about you.

Rectification
You can ask us to correct any inaccurate or incomplete data.

Erasure
You can ask us to delete your personal data once the purpose for which it was collected no longer applies.

Withdraw consent
Where we rely on your consent to process data, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing that took place before withdrawal.

Restrict processing
You can ask us to limit how we use your data in certain circumstances, such as while you dispute its accuracy.

Lodge a complaint
If you believe your rights under Law No. 151 of 2020 have been violated, you have the right to file a complaint with the Personal Data Protection Center (PDPC), the Egyptian supervisory authority for data protection.

To exercise any of these rights, contact us at sclr@gap-cloud.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

11. Data breach notification


In the event of a data breach that affects your personal data, we will:

  • Notify the PDPC within 72 hours of becoming aware of the breach, as required by Law No. 151 of 2020
  • Notify affected individuals within 3 working days of that notification

If a breach affects national security, we will notify the relevant authorities immediately.

12. Changes to this policy


We will update this policy if our data practices change or if the law requires it. The "Last updated" date at the top of this page will reflect the most recent revision.

If we make a material change to how we use your data, and you have an active account or subscription with us, we will notify you by email before the change takes effect.

13. Contact and data protection


For any questions about this policy, to exercise your rights, or to report a concern:

Email: sclr@gap-cloud.com

Company: Gap Cloud

Address: 33 Mokhtar El-Gendy, Almazah, Heliopolis, Cairo Governorate 4461145

This contact handles all data protection requests from individuals whose data we process through the website.

A formally registered Data Protection Officer (DPO) will be designated and registered with the PDPC before the compliance grace period ends on November 1, 2026. This policy will be updated when that appointment is made.