Effective Date: January 28, 2025   
Last Updated: January 28, 2025     

Epiidosis Global Finance LLC-FZ (“we,” “our,” or “us”) is the owner and operator of the website scaleup.epiidosis.com (“ScaleUp” or “Platform”). As a leading provider of digital solutions for fundseekers and investors, we are deeply committed to safeguarding your privacy and maintaining the confidentiality of your personal information. This Privacy Policy serves as a comprehensive guide to inform you about the types of personal data we collect through the Platform, the purposes for which this data is used, and the robust measures we have implemented to ensure its security and integrity.

Our commitment to privacy is rooted in adherence to the highest global standards of data protection. This includes full compliance with internationally recognized regulations such as the General Data Protection Regulation (GDPR) of the European Union, which sets stringent requirements for data handling and user rights. Additionally, we align with the California Consumer Privacy Act (CCPA), which provides comprehensive protections for residents of California, and other relevant privacy frameworks applicable across various jurisdictions where our users are located.

Through this Policy, we aim to ensure transparency and accountability in how we handle your data. Whether you are a fundseeker, investor, expert, or other stakeholder, we recognize the sensitive nature of the information you entrust to us. Our practices are designed not only to meet legal obligations but also to foster trust and confidence in our services. We regularly review and update our privacy practices to reflect evolving legal requirements and industry standards, ensuring that your data remains protected under all circumstances.

1. Scope of the Privacy Policy

This Privacy Policy applies to all users who interact with ScaleUp in any capacity, including but not limited to fundseekers, investors, third-party experts, administrative staff, and introducers (“you” or “your”). Whether you are browsing the Platform, registering for an account, uploading business or financial information, or engaging in professional services offered through ScaleUp, this Privacy Policy governs the manner in which your personal data, transactional data, and behavioral data are collected, processed, stored, and used.

This Policy extends to all facets of the ScaleUp ecosystem, covering the following aspects:

1. Platform Usage: Any data collected when you interact with our website (scaleup.epiidosis.com) or related subdomains, dashboards, or service portals.
2. Mobile Applications: If you access ScaleUp through mobile devices or apps, the data collected via these channels is also subject to this Policy.
3. APIs and Integrations: Data exchanged between ScaleUp and external systems, such as third-party applications, tools, or APIs used for seamless service integration.
4. Communication Channels: Any personal or professional data shared through email correspondence, messaging systems, or customer support inquiries.
5. Related Services: This includes ancillary services like user verification, payment processing, and analytical tools integrated into the ScaleUp ecosystem.

Specifically, this Policy is designed to address the collection and handling of various types of information:

• Personal Data: Information that identifies you as an individual, such as your name, contact details, government-issued IDs, or profile data.
• Financial Data: Any sensitive financial information provided by users, including transaction records, bank account details, or funding documentation.
• Behavioral and Usage Information: Data regarding your activity on the Platform, such as pages visited, actions taken, IP addresses, and session durations.

By accessing or using the ScaleUp Platform or its associated services, you confirm that you have read, understood, and consent to the data collection, usage, and processing practices outlined in this Privacy Policy. The protections and obligations described herein apply irrespective of your geographical location, ensuring adherence to global privacy regulations, including GDPR, CCPA, and local data protection laws in jurisdictions such as the UAE and India.

This Privacy Policy is intended to provide clarity on how ScaleUp safeguards your data and promotes transparency in all user interactions. If you have any questions or concerns about this Policy’s scope, please reach out to our privacy team at privacy@epiidosisglobalfin.com.

 

2. Information We Collect

We collect a wide range of information to provide and enhance our services, facilitate transactions, and ensure a secure and compliant environment. This includes both information that you directly provide and data that is automatically collected during your interaction with the Platform, as well as information obtained from third-party sources.

2.1 Information You Provide Directly

We collect the following information directly from you when you use the Platform:

• Account Information: This includes your full name, email address, phone number, date of birth, and login credentials. These details are essential for creating and maintaining your user account and ensuring secure access to our services.
• Profile Information: Information about your business, professional role, areas of expertise, funding requirements, investment preferences, and any other details that help personalize your experience on the Platform.
• Payment Information: Bank account details, transaction history, payment preferences, or any other financial data required to facilitate secure transactions.
• Correspondence: Any form of communication shared with us, including emails, messages, and uploaded documents, such as inquiries, service requests, or dispute resolutions.

Examples of Information You Provide:

1. During Registration: The details you provide while signing up, such as your name, email address, and password, which form the basis of your account.
2. Funding or Investment Applications: Data submitted for funding proposals, including business descriptions, financial data, or project outlines.
3. Document Uploads: Business-related documents such as financial projections, investor decks, compliance certifications, or legal agreements.

2.2 Automatically Collected Information

We collect certain information automatically as you interact with our Platform. This data helps us improve our services, personalize your experience, and ensure secure operations.

• Device Information: Details about the device you use to access the Platform, including IP address, device type (e.g., smartphone, tablet, or desktop), browser type, operating system, and system configurations.
• Usage Data: Insights into how you use our services, such as pages visited, time spent on the site, the sequence of clicks (clickstream data), and interactions with specific features.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track user behavior, gather analytics, and enhance functionality. For example, cookies may help us remember your login details or preferences across sessions.

Example Use Cases:

1. Cross-Device Analysis: When you log in from different devices, we may analyze your usage patterns to provide a seamless experience.
2. Behavioral Insights: Usage data allows us to identify which sections of the Platform are most frequently accessed and optimize them accordingly.

2.3 Third-Party Information

In addition to the information you provide directly or that we collect automatically, we may receive data from third-party sources, which helps us enrich and verify user profiles, streamline processes, or enhance security measures.

• Publicly Available Data: Information retrieved from public records, social media profiles, or professional networking platforms to verify credentials or enhance your profile.
• Partner and Affiliate Data: Details shared by our business partners, such as introducers, third-party integrations, or affiliate platforms, to facilitate smoother transactions and collaboration.

2.4 Sensitive Personal Data

In certain circumstances, we may collect sensitive personal data to comply with legal requirements or ensure a secure and compliant environment. Sensitive data will only be collected with explicit consent where legally required.

• Financial Information: Detailed records of investment portfolios, funding requirements, or other sensitive financial data essential for facilitating transactions or conducting due diligence.
• Government-Issued Identification Documents: Such as passports, driver’s licenses, or tax identification numbers, used for identity verification and regulatory compliance.
• Legal and Compliance Documentation: Certifications, non-disclosure agreements (NDAs), regulatory filings, or other compliance-related records required for specific transactions.

Safeguards for Sensitive Data:

1. Sensitive data is handled with the highest security standards, including encryption and restricted access.
2. Collection and processing of such data are limited to what is strictly necessary and comply with all applicable laws and regulations.

By understanding the categories of information we collect, you can better appreciate how your data is used to create a secure, efficient, and user-friendly experience on ScaleUp.

3. Legal Bases for Processing (GDPR Compliance)

We process your personal data in accordance with the principles and legal bases outlined under the General Data Protection Regulation (GDPR). This ensures that the collection, storage, and usage of your data are transparent, fair, and lawful. The legal bases we rely upon are:

3.1 Consent

We process your data when you have explicitly provided consent for specific purposes. Consent is typically obtained during account registration, form submissions, or when opting into marketing communications. For instance:

• Agreeing to the use of cookies for analytics and advertising.
• Submitting personal or business information for funding applications.
• Opting into newsletters or promotional communications about investment opportunities.

You have the right to withdraw your consent at any time by contacting us at privacy@epiidosisglobalfin.com or using the unsubscribe options provided in communications.

3.2 Contractual Necessity

Your personal data is processed when it is necessary to fulfill a contractual obligation or to take steps at your request prior to entering into a contract. For example:

• Facilitating connections between fundseekers and investors.
• Enabling the submission and review of funding proposals.
• Providing access to expert services, platform tools, or administrative support.

Without this data, we may be unable to deliver services as outlined in our terms and conditions.

3.3 Legal Obligations

We are required to process certain data to comply with applicable laws and regulatory requirements. This includes:

• Maintaining accurate financial and transaction records for auditing purposes.
• Conducting due diligence and anti-money laundering (AML) checks as required by law.
• Responding to lawful requests from governmental or regulatory authorities, such as subpoenas or court orders.

Processing under this basis ensures compliance with obligations in jurisdictions where we operate.

3.4 Legitimate Interests

We process your personal data when it is necessary to achieve legitimate business interests, provided these do not override your fundamental rights and freedoms. Examples include:

• Verifying the identity and eligibility of fundseekers and investors to ensure platform integrity.
• Conducting fraud prevention and security monitoring to protect user accounts and data.
• Enhancing platform features and functionality based on user feedback and behavioral analytics.
• Sending notifications about critical updates or service changes.

Our legitimate interests also encompass:

1. Improving user experience through the analysis of aggregated usage data.
2. Conducting internal research to identify trends, investment opportunities, and market needs.
3. Supporting operational efficiency through data-backed decision-making processes.

We take a balanced approach to ensure that our legitimate interests align with your privacy expectations. If you have concerns about processing based on legitimate interests, you can contact us to learn more or exercise your right to object.

4. How We Use Your Information

We use your personal data responsibly and transparently to enhance your experience, ensure security, and comply with legal obligations. This section details how we process your data across different contexts:

4.1 Provide and Improve Services

We utilize the data you provide and data collected through your interactions with the Platform to:

• Facilitate Connections: Enable seamless interactions between fundseekers and investors by matching profiles, preferences, and project requirements, ensuring alignment with investment goals and interests.
• Application Processing: Streamline the submission and evaluation of funding applications by automating document verification, creditworthiness assessments, and eligibility checks.
• Tailor User Experiences: Deliver personalized features and recommendations by analyzing your preferences, usage patterns, and business objectives to make the Platform intuitive and effective for your specific needs.
• Optimize Platform Functionality: Improve our Platform’s performance by troubleshooting issues, upgrading infrastructure, and testing new functionalities to provide you with a smoother experience.

4.2 Communication

Your data helps us to keep you informed and address your queries effectively:

• Customer Support: Respond to your inquiries, address technical issues, and resolve disputes swiftly via multiple channels, including email, chat, or phone.
• Notifications and Alerts: Notify you about significant updates, changes in policies, or critical information relevant to your transactions and activities on the Platform.
• Promotions and Offers: Share information about exclusive offers, events, webinars, or newly available services that align with your interests.
• Feedback Mechanisms: Request and analyze feedback to continuously refine and enhance the services offered by ScaleUp.

4.3 Compliance and Security

We take your safety and regulatory compliance seriously by:

• Due Diligence: Conducting rigorous verification processes, including identity verification, background checks, and validation of funding proposals to maintain trust and authenticity on the Platform.
• Fraud Prevention: Monitoring activities to detect, investigate, and mitigate fraudulent or unauthorized behavior, ensuring a secure environment for all users.
• Policy Enforcement: Applying and enforcing our terms of service, user agreements, and other applicable policies to promote a safe and compliant ecosystem.
• Legal Obligations: Complying with applicable legal, regulatory, and financial reporting requirements, including those related to anti-money laundering (AML), know-your-customer (KYC), and tax reporting standards.

4.4 Marketing and Analytics

Your information is used to better understand our user base and provide more relevant content:

• Personalized Marketing: Deliver advertisements, newsletters, or promotional content tailored to your preferences, behaviors, and interaction history with the Platform.
• Behavioral Insights: Analyze user activity to identify popular services, understand trends, and forecast user needs, enabling us to adapt and expand our offerings.
• Service Enhancements: Use aggregated and anonymized data to improve Platform features, optimize navigation, and develop new tools or services that meet user demands.
• User Engagement: Identify engagement patterns to inform our communication strategies, ensuring users remain informed and involved.

Examples of Usage:

1. Aggregating user interactions to pinpoint which funding services or sectors attract the most interest, helping us allocate resources effectively.
2. Sending newsletters detailing current market trends, best practices for fundseekers, and potential opportunities for investors to explore.

By utilizing your information as outlined above, we aim to provide a secure, efficient, and customized experience while upholding the highest standards of data privacy and compliance.

5. Sharing and Disclosure of Information

We take the confidentiality of your personal data seriously. However, there are specific circumstances under which your information may be shared or disclosed. The following details outline the scenarios in which this occurs and the measures we take to protect your privacy:

5.1 Service Providers

We engage trusted third-party service providers to perform various functions necessary for the operation and improvement of our Platform. These providers may include, but are not limited to:

• Hosting Providers: To store and maintain the technical infrastructure of ScaleUp, ensuring high availability and robust security measures.
• Payment Processors: To facilitate secure financial transactions and comply with financial regulations.
• Customer Support Services: To assist users with queries, resolve technical issues, and improve user satisfaction.
• Email and Communication Platforms: To send transactional emails, notifications, and updates.

Each service provider is contractually obligated to:

1. Use your information solely for the purposes specified in their agreement with us.
2. Maintain strict data security and confidentiality standards.
3. Comply with applicable data protection laws, including GDPR and CCPA.

5.2 Business Partners

We may share your information with relevant business partners to facilitate transactions or collaborations. These partners may include:

• Investors and Introducers: If you are a fundseeker, your project details may be shared with potential investors or introducers who are directly involved in evaluating your funding request.
• Fundseekers: If you are an investor, we may share your preferences and interests with fundseekers whose projects align with your investment goals.
• External Experts: In cases where specialized advice or input is required, such as legal or financial assessments, we may share relevant information with vetted professionals.

We ensure that these partners adhere to confidentiality agreements and data protection obligations. Information shared is limited to what is necessary to achieve the intended purpose.

5.3 Legal and Regulatory Authorities

In compliance with applicable laws and regulations, we may disclose your information to legal and regulatory authorities. Circumstances under which this may occur include:

• Subpoenas or Court Orders: To respond to valid legal requests or enforceable government orders.
• Regulatory Compliance: To fulfill obligations under financial regulations, anti-money laundering (AML) laws, or know-your-customer (KYC) requirements.
• Fraud Prevention: To investigate, prevent, or address illegal activities, fraud, or violations of our terms of service.

Whenever legally permissible, we will notify you of such disclosures to provide transparency.

5.4 Mergers or Acquisitions

In the event of a merger, acquisition, restructuring, or sale of our business, your personal data may be transferred as part of the transaction. This ensures the continuity of services and compliance with contractual obligations. Prior to any such transfer, we will:

1. Notify affected users of the impending transfer.
2. Ensure that the acquiring entity agrees to honor the commitments outlined in this Privacy Policy.

Additional Safeguards

To further protect your personal data, we implement the following safeguards:

• Data Minimization: Only the minimum amount of personal data necessary for the purpose is shared.
• A

nonymization: Where possible, data is anonymized or aggregated to reduce the risk of identifying individuals.

• Contractual Protections: All third parties and partners must sign binding agreements that outline their obligations regarding the use, security, and confidentiality of your data.

We are committed to maintaining transparency and ensuring that your data is only shared under circumstances that protect your rights and interests.

6. Data Retention

We are committed to retaining your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. Our data retention policy has been designed to ensure compliance with global standards, including GDPR, CCPA, and industry best practices.

6.1 Categories of Data and Retention Periods

• Account Information: Your account information, including your name, contact details, and login credentials, is retained for the duration of your use of our services. Once your account is deleted, we securely erase this data within 30 days, unless retention is required for legal or regulatory purposes.
• Transaction Data: Any transactional data related to financial activities, funding applications, or investments is retained for a minimum of seven (7) years. This retention period aligns with auditing and financial reporting obligations under applicable laws.
• Legal Compliance Data: Personal data that is necessary for compliance with legal obligations, such as tax filings, anti-money laundering (AML) checks, or regulatory reporting, is retained for the duration required by the relevant jurisdiction. For example, AML data may be retained for up to ten (10) years.

6.2 Purpose-Based Retention

• Service Improvement: Non-identifiable usage data may be retained indefinitely for research, statistical analysis, and service improvement purposes.
• Dispute Resolution: In cases of disputes, we may retain relevant personal data until the matter is resolved or the applicable statute of limitations has expired.

6.3 Annual Review and Secure Disposal

We conduct annual reviews of our data retention schedules to ensure compliance with current legal and business requirements. Any data that is no longer necessary is securely deleted or anonymized. Secure deletion methods include:

1. Permanent erasure of digital files using industry-standard data destruction tools.
2. Physical destruction of paper records through shredding.

6.4 Retention Extensions

In exceptional cases, such as ongoing investigations, audits, or legal proceedings, we may retain data beyond the standard retention periods. Such extensions are assessed on a case-by-case basis and are documented with clear justifications.

7. Your Rights

At ScaleUp, we respect and prioritize your rights concerning your personal data. Depending on your location and the applicable privacy laws, you may exercise a range of rights that grant you greater control over how your data is collected, used, and processed. Below is an elaboration of these rights:

7.1 Your Rights Under GDPR

The General Data Protection Regulation (GDPR) applies to individuals located in the European Economic Area (EEA). Under GDPR, you are entitled to the following rights:

• Right to Access: You have the right to obtain confirmation as to whether your personal data is being processed and, if so, access a copy of the data along with relevant details such as the purposes of processing, categories of data processed, and the recipients or categories of recipients to whom the data has been disclosed.
• Right to Rectification: If your personal data is inaccurate or incomplete, you can request correction or supplementation. We will ensure prompt updates to rectify errors or omissions in your data.
• Right to Erasure (“Right to Be Forgotten”): Under certain conditions, such as when your data is no longer necessary for the purposes for which it was collected, or you withdraw your consent, you can request the deletion of your personal data. However, this right is subject to exceptions, such as compliance with legal obligations.
• Right to Restrict Processing: In specific situations, such as when you contest the accuracy of your data or object to its processing, you may request a restriction on processing. This means your data will be stored but not actively processed until the restriction is lifted.
• Right to Data Portability: You can request the transfer of your personal data in a structured, commonly used, and machine-readable format to another data controller, where technically feasible. This applies to data processed based on consent or a contractual necessity.
• Right to Object: You have the right to object to the processing of your personal data for purposes such as direct marketing or processing based on legitimate interests. If you exercise this right, we will stop processing your data unless we demonstrate compelling legitimate grounds for processing.
• Right to Lodge a Complaint: If you believe that your rights under GDPR have been violated, you have the right to lodge a complaint with a supervisory authority in the EEA. For more information, visit the website of your local data protection authority.

7.2 Your Rights Under CCPA

The California Consumer Privacy Act (CCPA) applies to residents of California, granting specific rights related to personal data. These include:

• Right to Know: You have the right to request details about the categories and specific pieces of personal data we collect, the sources of this data, the purposes for its collection, and whether we sell or disclose it to third parties. This includes identifying the categories of third parties with whom your data is shared.
• Right to Delete: Subject to certain exceptions, you can request the deletion of your personal data. Exceptions may include retaining data for legal compliance, detecting security incidents, or completing transactions initiated by you.
• Right to Opt-Out: You have the right to opt-out of the sale of your personal data. If we engage in selling personal data, we will provide a clear mechanism for you to exercise this right.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. This means you will not face denial of services, changes in pricing, or a lower quality of service for exercising these rights under CCPA.

How to Exercise Your Rights

To exercise any of these rights, you can contact us at privacy@epiidosisglobalfin.com. When submitting a request, please provide sufficient information to verify your identity and the specific nature of your request. For GDPR-related requests, we may require additional documentation to authenticate your identity.

Additional Information for Jurisdiction-Specific Rights

Further details regarding rights applicable in other jurisdictions, such as the UAE, India, and other regions, can be found in the relevant sections of this Privacy Policy or upon request. For more information or assistance, feel free to reach out to our privacy team.

8. Data Security

We take data security seriously and employ a multi-layered approach to safeguard your personal information. Our security measures are designed to protect your data from unauthorized access, disclosure, alteration, and destruction, ensuring compliance with industry standards and global regulations. Key elements of our security framework include:

8.1 Encryption of Data

• In Transit: We use advanced encryption protocols, such as HTTPS (Hypertext Transfer Protocol Secure) and TLS (Transport Layer Security), to ensure that sensitive data transmitted between your device and our servers remains protected from interception and unauthorized access.
• At Rest: Sensitive information stored on our servers is encrypted using strong cryptographic algorithms. This ensures that even in the unlikely event of unauthorized access, the data remains unreadable without the corresponding decryption keys.

8.2 Secure Storage Solutions

• Access Controls: Data stored on our servers is protected with stringent access control mechanisms. Only authorized personnel with specific roles and responsibilities can access sensitive information, and such access is monitored and logged.
• Server Security: Our infrastructure includes state-of-the-art firewalls, intrusion detection systems, and endpoint protection to secure data from potential cyber threats.
• Redundancy and Backups: We implement regular data backups with redundancy measures to ensure the availability and integrity of information in case of hardware failures or other unforeseen incidents.

8.3 Regular Security Audits

• Vulnerability Assessments: We conduct routine vulnerability assessments to identify and remediate security risks in our systems. These assessments are carried out by qualified internal teams and third-party security experts.
• Penetration Testing: Periodic penetration tests are conducted to simulate potential cyberattacks and evaluate the robustness of our security defenses.
• Compliance Audits: We align our security practices with international standards such as ISO 27001, ensuring that our security measures are both effective and compliant with regulatory requirements.

8.4 User Responsibility

While we implement robust security measures to protect your data, the security of your account also depends on the precautions you take. We strongly recommend:

• Using strong, unique passwords for your ScaleUp account and changing them periodically.
• Enabling two-factor authentication (2FA) wherever possible to add an additional layer of security.
• Avoiding sharing sensitive account credentials or personal information through unsecured channels.
• Remaining vigilant against phishing attempts or suspicious communications claiming to be from ScaleUp.

8.5 Incident Response Plan

In the event of a security breach or data incident, we have a well-documented incident response plan to:

• Immediately identify and contain the threat.
• Notify affected users and relevant regulatory authorities, as required by law.
• Conduct a thorough post-incident analysis to prevent future occurrences and improve our security posture.

8.6 Continuous Improvement

We are committed to staying ahead of emerging security threats by:

• Regularly updating our systems and software to address known vulnerabilities.
• Training our staff on the latest cybersecurity practices and compliance requirements.
• Investing in cutting-edge security technologies to enhance our defense mechanisms.

Disclaimer on Absolute Security

Despite our best efforts and the measures described above, no method of data transmission or storage can be guaranteed to be completely secure. As a user, you also play a vital role in safeguarding your personal information. By following best practices and exercising caution, you can significantly reduce the risk of unauthorized access to your account and data.

9. International Data Transfers

Your personal data may be transferred to, accessed from, and processed in countries outside your country of residence. These transfers may involve jurisdictions that may not provide the same level of data protection as your home country. To ensure that your data remains protected, we implement the following safeguards:

1. Standard Contractual Clauses (SCCs): We rely on SCCs approved by relevant regulatory authorities to govern the transfer of data to third countries. These legally binding clauses ensure that any recipient of your data outside the European Economic Area (EEA) or other applicable regions upholds strict data protection standards equivalent to those established under GDPR.
2. Adequacy Decisions: In cases where data is transferred to countries recognized by regulatory authorities (such as the European Commission) as providing an adequate level of data protection, we rely on such adequacy decisions to facilitate compliant and secure data transfer.
3. Binding Corporate Rules (BCRs): Where applicable, data may be transferred within our corporate group under BCRs, ensuring a consistent and secure approach to handling personal data across all subsidiaries.
4. Technical and Organizational Measures: We apply encryption, pseudonymization, and other state-of-the-art security technologies to protect your data during international transfers. These measures aim to prevent unauthorized access, alteration, or misuse of data while in transit.
5. Contractual Commitments with Third Parties: When engaging third-party service providers or processors located in different jurisdictions, we ensure they adhere to similar data protection standards through explicit contractual agreements.
6. Monitoring and Auditing: Regular audits are conducted to evaluate and confirm compliance with international transfer agreements, ensuring ongoing security and regulatory adherence.

Key Considerations

• Cross-border data transfers are conducted only to facilitate services such as hosting, payment processing, and operational efficiency.
• Whenever data is transferred outside of your jurisdiction, we take proactive measures to notify you (where required by law) and provide you with options to understand the mechanisms used for such transfers.

By using our Platform, you acknowledge and agree to these international data transfer practices. Should you have any concerns about your data being transferred internationally, please contact us at privacy@epiidosisglobalfin.com for further clarification or support.

10. Cookies and Tracking Technologies

We utilize cookies and similar tracking technologies to enhance your user experience, analyze performance, and ensure personalized services. Cookies are small data files stored on your device that help us understand how you interact with our Platform and provide tailored experiences. Below is a detailed breakdown of the types of cookies we use:

10.1 Types of Cookies We Use

1. Essential Cookies:

• These cookies are necessary for the core functionality of our Platform. They enable features such as secure login, page navigation, and access to restricted content.
• Examples include session cookies that allow you to remain logged in during your visit.

2. Analytical/Performance Cookies:

• These cookies collect information about how you use our Platform, including pages visited, time spent, and navigation patterns. This data helps us improve the website’s performance and optimize user experiences.
• We use analytics tools such as Google Analytics, which may place cookies on your device. Data collected is anonymized where possible.

3. Advertising/Targeting Cookies:

• Advertising cookies help us deliver personalized ads based on your browsing behavior and interests. These cookies also limit the number of times you see an advertisement and measure the effectiveness of campaigns.
• Third-party advertisers, such as Google Ads or social media platforms, may place these cookies on your device to provide targeted advertising across different websites.

4. Functional Cookies:

• Functional cookies enable additional features, such as remembering your preferences (e.g., language settings or region) and personalizing content based on your previous interactions.

5. Social Media Cookies:

• These cookies enable integrations with social media platforms, allowing you to share content or interact with our accounts directly from the Platform.

10.2 How We Use Cookies

We use cookies to:

• Enhance navigation and usability by remembering user settings and preferences.
• Collect usage metrics to improve site functionality and content relevance.
• Display advertisements tailored to your interests and measure their performance.
• Facilitate secure and reliable transactions on the Platform.

10.3 Managing Your Cookie Preferences

You have control over how cookies are used. Here are your options:

1. Browser Settings:

• Most browsers allow you to manage cookies through their settings. You can choose to block or delete cookies entirely or limit their use.
• Instructions for managing cookies can usually be found under the “Help” section of your browser or on the browser’s official website.

2. Cookie Management Tool:

• We provide a Cookie Management Tool on our Platform that allows you to opt in or out of specific types of cookies. This tool is accessible via the “Cookie Preferences” link in the website footer.

3. Opt-Out Mechanisms:

• For targeted advertising, you can opt out of cookies through the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI).
• Some analytics providers, like Google Analytics, also offer opt-out options via browser add-ons.

10.4 Consequences of Disabling Cookies

Please note that disabling certain types of cookies may impact your user experience. For example, essential cookies are required for secure and efficient website operation. Without them, some features or functionalities of the Platform may become unavailable.

10.5 Additional Tracking Technologies

We may also use other tracking mechanisms, such as:

• Web Beacons: Small image files embedded in our emails or pages to track engagement.
• Local Storage: Storage solutions on your browser or device for specific features.

11. Third-Party Links

Our Platform may contain links to third-party websites, services, or applications that are not operated or controlled by us. These links are provided solely for your convenience and information. Please be aware that once you leave our Platform and access a third-party website, you are subject to the privacy policies and terms of use of that website. We have no control over and are not responsible for the content, privacy practices, or security measures employed by these third-party sites.

We strongly encourage you to review the privacy policies of any third-party websites you visit, especially before providing personal information or engaging in transactions. These policies will govern the handling of your data and may differ significantly from our practices. Examples of third-party websites that may be linked include payment processors, social media platforms, and partner organizations.

Additionally, some third-party websites may use cookies or other tracking technologies to collect information about your online activities. We are not responsible for the use of such technologies by third-party entities. If you have concerns about how your data is used by a linked website, we recommend contacting the third party directly for more information.

While we make reasonable efforts to ensure that links on our Platform lead to reputable and secure websites, we cannot guarantee the safety, accuracy, or reliability of the content or services offered by third-party websites. Use of these links and the associated websites is at your own discretion and risk.

12. Children’s Privacy

ScaleUp is a platform designed for professional and business use, and as such, it is not intended for children under the age of 18. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will take immediate steps to delete the information from our systems.

Parental and Guardian Responsibility

Parents and legal guardians are encouraged to monitor their children’s online activities to ensure that minors do not access services that are not appropriate for their age. If you believe that your child under the age of 18 has provided personal information on our Platform, please contact us at privacy@epiidosisglobalfin.com so we can promptly take action to remove the data.

Measures to Prevent Unauthorized Access by Minors

We employ reasonable measures, such as requiring age verification during the registration process, to prevent minors from accessing ScaleUp. However, these measures rely on the accuracy of the information provided by users. Users who attempt to misrepresent their age may be subject to account suspension or termination.

Compliance with Children’s Privacy Laws

ScaleUp complies with all relevant children’s privacy regulations, including but not limited to the Children’s Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions. We take these obligations seriously to ensure that minors are protected from unauthorized data collection.

By using ScaleUp, you confirm that you are at least 18 years of age. If you do not meet this requirement, you are strictly prohibited from using our services.

13. Updates to This Privacy Policy

We reserve the right to amend or update this Privacy Policy at our sole discretion and in compliance with applicable laws. Updates may reflect changes to our business practices, legal obligations, or enhancements to our services. All modifications will be effective as of the stated “Last Updated” date and will be posted prominently on this page for transparency.

In cases of significant changes that materially impact your rights or how we process your personal data, we will endeavor to notify you in advance through various means, such as:

1. Sending email notifications to the address associated with your account.
2. Displaying a prominent notice on the homepage or user dashboard.
3. Providing in-app notifications or alerts about the update.

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your personal data. If you continue to use the Platform after updates are published, it constitutes acceptance of the revised terms.

For further inquiries regarding policy updates or to request historical versions of this Privacy Policy, please contact us at privacy@epiidosisglobalfin.com.

14. Contact Us

We value your feedback, questions, and concerns regarding this Privacy Policy and the practices outlined herein. For any inquiries, assistance, or clarifications, please do not hesitate to reach out to us. We aim to respond promptly and provide the necessary guidance to address your concerns. You can contact us through any of the following means:

Company Name: Epiidosis Global Finance LLC-FZ          
Email: privacy@epiidosisglobalfin.com    
We encourage you to email us with detailed questions or concerns to ensure that we can provide you with the most accurate and tailored response.

Support Channels:

1. Phone Support: While we currently do not have a dedicated phone line for privacy-related queries, you can request a callback via email, and one of our specialists will reach out to you.
2. Online Support Forms: Visit the contact section on scaleup.epiidosis.com to access a support form for privacy inquiries. Please provide detailed information regarding your query for a swift resolution.

Response Time: We aim to acknowledge all queries within 48 hours and provide a detailed response within 7 business days, depending on the complexity of the inquiry.

15. Additional Provisions for Specific Jurisdictions

15.1 European Economic Area (EEA)

For users in the EEA, we process your personal data in compliance with the General Data Protection Regulation (GDPR). This includes transparency in data usage, ensuring lawful processing grounds, and safeguarding data transfer to third-party entities outside the EEA through mechanisms such as Standard Contractual Clauses (SCCs). For specific inquiries, you may also contact the relevant data protection authority in your jurisdiction.

15.2 United States

For U.S. users, we comply with the California Consumer Privacy Act (CCPA) and other relevant federal and state-level privacy laws. We ensure that U.S. users have access to their rights, including the right to know, delete, and opt out of the sale of personal data. Additionally, we maintain robust security protocols to safeguard your data against unauthorized access.

15.3 United Arab Emirates

We adhere to the UAE’s Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). This includes the implementation of stringent data security measures, user consent for data processing, and the right to request access, correction, or deletion of personal data. For more information about how we handle data within the UAE, contact our local compliance team via the details provided above.

15.4 India

We align with the Digital Personal Data Protection Act, 2023 (DPDP Act), ensuring the lawful and transparent handling of personal data for Indian users. This includes obtaining user consent prior to data collection, providing mechanisms for data rectification, and adhering to requirements for cross-border data transfers.

15.5 Other Jurisdictions

For users from other jurisdictions, including Singapore, Australia, and Canada, we comply with applicable local privacy laws and regulations. If you have specific concerns about your region’s data protection laws, please reach out to us for jurisdiction-specific privacy details. Additionally, regional privacy policies may be available upon request for clarity on data handling practices.

By using ScaleUp, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.