Privacy Policy
Last updated: May 12, 2026
1. Who this policy covers and who we are
This policy is published by Gap Cloud, the company that develops and operates Scaler, a cloud-based ERP platform.
This policy applies to data collected through the Scaler website at sclr.gap-cloud.com, including the checkout flow and meeting booking form. It does not cover data processed inside the Scaler platform after you become a customer. If you are a Scaler customer and want to understand how your business data is handled within the platform, refer to the Scaler Platform Privacy Policy.
2. The law that governs this policy
Your data is processed in accordance with the Egyptian Personal Data Protection Law — Law No. 151 of 2020 and its Executive Regulations (Ministerial Decree No. 816 of 2025).
We are operating during the law's compliance grace period, which runs until November 1, 2026. Our data practices are designed to align with the law's requirements. We are in the process of obtaining the Processor License from the Personal Data Protection Center (PDPC) required to operate as a data processor under Egyptian law.
3. What data we collect
Data you provide directly
When you complete a checkout:
- Full name
- Company name
- Company email address
- Industry
- How you heard about Scaler
- Affiliate code (only if you select "Affiliate" as your referral source)
- Payment method selection (card, digital wallet, or bank transfer)
- If you are an Egyptian company: your Tax Registration Number (TRN), which is verified in real time against the Egyptian Tax Authority
- If TRN verification fails: a copy of your Commercial Registry document, submitted for manual review
- If you pay by bank transfer: a proof of payment file (optional)
When you submit a meeting booking request:
- Full name
- Job title and role
- Company name
- Business email address
- Company LinkedIn URL (optional)
- Country
- Company size
- Industry
- Timezone
- Three preferred meeting date and time slots
- Any notes you choose to include about your situation or requirements
Data collected automatically
When you visit the website, we collect the following automatically, regardless of whether you submit any form:
- IP address — used to determine approximate geographic location and to detect security threats
- Browser type and version, device type, and operating system — used to ensure the website displays correctly
- Pages visited, time spent on each page, and navigation path — collected via Google Analytics
- Referral source — how you arrived at the website (e.g., from a search engine, a link, direct entry)
- Session identifiers and cookies — see section 6 below
We do not collect your name, email address, or any other identifying information through automatic collection alone, unless you have also submitted a form.
4. Why we collect your data
We collect your data for specific purposes only. We do not use it for any purpose beyond what is described here.
| Data | Purpose |
|---|---|
| Checkout: name, company, email, industry | To process your order, provision your Scaler account, and communicate with you about your subscription |
| Checkout: TRN and Commercial Registry document | To verify your eligibility for the Egyptian company pricing rate |
| Checkout: payment method and proof of payment | To complete and confirm your transaction via PayTabs |
| Meeting booking: all fields | To prepare for your meeting, confirm your slot, and route your inquiry to the right team member |
| Website analytics | To understand how the website is used and make improvements |
| IP address and request metadata | To protect the website against bots, malicious traffic, and security threats |
We do not use your data for profiling or automated decision-making, with one exception: we verify your Tax Registration Number against the Egyptian Tax Authority database automatically to determine whether the Egyptian company pricing rate applies. If the automated check returns a negative result, you can request manual review by uploading your Commercial Registry document or contacting us directly.
5. Legal basis for processing
| Data | Legal basis |
|---|---|
| Checkout data (name, company, email, industry, payment) | Performance of a contract — processing is necessary to complete your purchase and deliver the service |
| TRN and Commercial Registry document | Legitimate interest — verifying company identity to apply the correct pricing rate |
| Meeting booking data | Legitimate interest — pre-contractual steps at your request |
| Website analytics | Legitimate interest — understanding and improving our website |
| Security and fraud detection | Legitimate interest — protecting the website and its users |
6. Cookies
The website uses cookies — small text files stored on your device that help the site function and give us information about how it is used.
| Cookie type | Purpose | Provider | Duration |
|---|---|---|---|
| Essential | Maintain your session state during checkout and form completion | Gap Cloud | Session |
| Analytics | Measure page views, session duration, traffic sources, and usage patterns | Google Analytics | Up to 26 months |
| Security | Protect against bots and malicious traffic at the network layer | Cloudflare | Session |
You can opt out of Google Analytics tracking at any time using the Google Analytics opt-out browser extension. Opting out does not affect your ability to use the website.
Cloudflare security cookies are set automatically to protect all visitors and cannot be disabled without affecting the security of the site.
A cookie consent banner is displayed when you first visit the website. Analytics cookies are not set until you accept them.
7. Third-party services
We use the following third-party services on the website. Each acts as a data processor under our instruction and is bound by a data processing agreement.
| Service | Purpose | Data they receive |
|---|---|---|
| PayTabs | Payment processing | Payment method selection and transaction details. PayTabs processes card data within its own PCI DSS-compliant environment. We do not store card numbers or full payment credentials on our systems. |
| Google Analytics | Website analytics | IP address (anonymized before storage), page views, session data, and browser information |
| Cloudflare | CDN, Web Application Firewall, DDoS protection | IP address and request metadata. Cloudflare does not cache personal data — only static assets such as images, CSS, and JavaScript files. |
None of these providers are permitted to use your data for their own marketing purposes or to share it with third parties beyond what is necessary to deliver the service to us.
8. Where your data is stored
Your data is hosted on Microsoft Azure infrastructure in the West Europe region (the Netherlands). This means your data is stored outside Egypt.
We maintain geo-redundant backup copies in a secondary Azure region within the European Union for disaster recovery purposes.
Safeguard for cross-border transfers: Microsoft Azure's Data Processing Addendum includes Standard Contractual Clauses (SCCs) that provide a legal framework for the transfer and protection of personal data across borders. We rely on these clauses as the safeguard mechanism for transferring your data to EU-based servers.
We are applying for the cross-border data transfer license required under Egyptian PDPL and will update this policy when that license is granted.
9. How long we keep your data
| Data | Retention period |
|---|---|
| Checkout and subscription records | For the duration of your subscription, and for 7 years after it ends, in compliance with Egyptian financial record-keeping requirements |
| TRN and Commercial Registry documents | 7 years from the date of submission |
| Meeting booking records (where no subscription follows) | 12 months from the date of submission |
| Website analytics data | 26 months |
| Website access and security logs | 12 months |
After the applicable retention period, your data is deleted or irreversibly anonymized. You may request earlier deletion at any time — see section 10.
10. Your rights
Under the Egyptian Personal Data Protection Law (Law No. 151 of 2020), you have the following rights:
Access
You can request a copy of the personal data we hold about you.
Rectification
You can ask us to correct any inaccurate or incomplete data.
Erasure
You can ask us to delete your personal data once the purpose for which it was collected no longer applies.
Withdraw consent
Where we rely on your consent to process data, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing that took place before withdrawal.
Restrict processing
You can ask us to limit how we use your data in certain circumstances, such as while you dispute its accuracy.
Lodge a complaint
If you believe your rights under Law No. 151 of 2020 have been violated, you have the right to file a complaint with the Personal Data Protection Center (PDPC), the Egyptian supervisory authority for data protection.
To exercise any of these rights, contact us at sclr@gap-cloud.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.
11. Data breach notification
In the event of a data breach that affects your personal data, we will:
- Notify the PDPC within 72 hours of becoming aware of the breach, as required by Law No. 151 of 2020
- Notify affected individuals within 3 working days of that notification
If a breach affects national security, we will notify the relevant authorities immediately.
12. Changes to this policy
We will update this policy if our data practices change or if the law requires it. The "Last updated" date at the top of this page will reflect the most recent revision.
If we make a material change to how we use your data, and you have an active account or subscription with us, we will notify you by email before the change takes effect.
13. Contact and data protection
For any questions about this policy, to exercise your rights, or to report a concern:
Email: sclr@gap-cloud.com
Company: Gap Cloud
Address: 33 Mokhtar El-Gendy, Almazah, Heliopolis, Cairo Governorate 4461145
This contact handles all data protection requests from individuals whose data we process through the website.
A formally registered Data Protection Officer (DPO) will be designated and registered with the PDPC before the compliance grace period ends on November 1, 2026. This policy will be updated when that appointment is made.