Privacy Policy
Contents
01
Introduction
Welcome to Scrub ("Scrub," "we," "our," or "us"). We are committed to protecting the personal information of the people who use our platform. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and what rights you have over it.
By accessing or using Scrub's services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the platform.
02
Who We Are
Scrub App Inc. is a B2B SaaS company incorporated in the State of Delaware, USA (File No. 10011256). We operate the Scrub platform and are the data controller for personal data collected through our services.
Privacy contact: privacy@scrubapp.com
03
Data We Collect
We collect the following categories of personal data:
Account & Identity Information
- Full name
- Work email address
- Company name, size, and your role within the company
Usage & Analytics Data
- Pages visited, features used, and interactions within the platform
- Device type, browser type, IP address, and approximate location
- Session timestamps and duration
Payment Information
- Billing details are processed by Stripe, our third-party payment processor. Scrub does not store full payment card numbers. We retain transaction records (amount, date, subscription tier) for accounting purposes.
Communications
- Messages sent to our support team
- Email correspondence related to your account
We do not collect sensitive personal data (e.g., health data, government IDs, biometric data), and our platform is not directed at children under the age of 18.
04
How We Use Your Data
We use your personal data to:
- Provide and operate the platform — account creation, authentication, and core product features
- Process payments — billing, invoicing, and subscription management via Stripe
- Improve the product — analyzing usage patterns to identify bugs and prioritize features
- Communicate with you — onboarding emails, product updates, support responses, and important notices
- Ensure security and reliability — detecting errors, monitoring for abuse, and maintaining platform stability
- Meet legal obligations — compliance with applicable laws and regulations
05
Legal Basis for Processing (GDPR / UK GDPR)
If you are located in the EU, EEA, or United Kingdom, we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and platform access | Performance of a contract (Art. 6(1)(b)) |
| Payment processing | Performance of a contract (Art. 6(1)(b)) |
| Product analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Security monitoring and error tracking | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications (where opted in) | Consent (Art. 6(1)(a)) |
| Legal and compliance obligations | Legal obligation (Art. 6(1)(c)) |
You may withdraw consent at any time where consent is the basis for processing, without affecting the lawfulness of prior processing.
06
How We Share Your Data
We do not sell your personal data. We share data only with the following categories of third parties, under appropriate data protection agreements:
| Service Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA (Privacy Shield / SCCs) |
| Sentry | Error tracking and crash reporting | USA (SCCs) |
| Metabase | Internal product analytics | Dependent on hosting configuration |
07
International Data Transfers
Scrub operates internationally. If you are located in the EU, EEA, or UK, your personal data may be transferred to and processed in countries outside your region. Where this occurs, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreements (IDTAs) for transfers from the UK
- Transfers to countries with an EU or UK adequacy decision
08
Data Retention
We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:
- Account data — retained for the duration of your subscription, plus up to 3 years after closure
- Usage and analytics data — retained for up to 24 months, then aggregated or deleted
- Payment records — retained for 7 years to comply with tax and accounting obligations
- Support communications — retained for 3 years after the last interaction
You may request deletion of your data at any time (see Section 9).
09
Your Privacy Rights
Depending on where you are located, you have the following rights regarding your personal data:
For EU / EEA users (GDPR)
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your data (right to be forgotten)
- Restriction — request that we limit how we use your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent
You also have the right to lodge a complaint with your local data protection authority.
For UK users (UK GDPR)
The same rights apply as under GDPR. You may contact the Information Commissioner's Office (ICO) at ico.org.uk.
For California users (CCPA / CPRA)
- Know — categories of personal information we collect
- Delete — request deletion of personal information
- Correct — request correction of inaccurate personal information
- Opt out — we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination — we will not discriminate against you for exercising your rights
To exercise any rights, contact privacy@scrubapp.com. We respond within 30 days.
10
Cookies
Scrub uses a small number of cookies that are strictly necessary to operate the platform. We do not use cookies for advertising or behavioral tracking.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
sessionid | Maintains your authenticated session | Essential | 14 days |
csrftoken | Protects against cross-site request forgery | Essential (security) | 1 year |
Because we only use strictly necessary cookies, we do not display a cookie consent banner. Questions? privacy@scrubapp.com
11
Children's Privacy
Scrub's platform is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. Contact us at privacy@scrubapp.com if you believe we have collected data from a minor.
12
Security
We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These include encryption in transit (TLS), access controls, and error monitoring via Sentry.
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by law.
13
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and notify you by email or in-app notice if the changes are material.
14
Contact Us
Scrub App Inc.
Email: privacy@scrubapp.com
Address: 611 South DuPont Highway, Suite 102, Dover, DE 19901, USA
For EU/EEA and UK users, you may also contact your local data protection authority if you are not satisfied with our response.
© 2026 Scrub. All rights reserved.
Privacy Policy
Contents
01
Introduction
Welcome to Scrub ("Scrub," "we," "our," or "us"). We are committed to protecting the personal information of the people who use our platform. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and what rights you have over it.
By accessing or using Scrub's services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the platform.
02
Who We Are
Scrub App Inc. is a B2B SaaS company incorporated in the State of Delaware, USA (File No. 10011256). We operate the Scrub platform and are the data controller for personal data collected through our services.
Privacy contact: privacy@scrubapp.com
03
Data We Collect
We collect the following categories of personal data:
Account & Identity Information
- Full name
- Work email address
- Company name, size, and your role within the company
Usage & Analytics Data
- Pages visited, features used, and interactions within the platform
- Device type, browser type, IP address, and approximate location
- Session timestamps and duration
Payment Information
- Billing details are processed by Stripe, our third-party payment processor. Scrub does not store full payment card numbers. We retain transaction records (amount, date, subscription tier) for accounting purposes.
Communications
- Messages sent to our support team
- Email correspondence related to your account
We do not collect sensitive personal data (e.g., health data, government IDs, biometric data), and our platform is not directed at children under the age of 18.
04
How We Use Your Data
We use your personal data to:
- Provide and operate the platform — account creation, authentication, and core product features
- Process payments — billing, invoicing, and subscription management via Stripe
- Improve the product — analyzing usage patterns to identify bugs and prioritize features
- Communicate with you — onboarding emails, product updates, support responses, and important notices
- Ensure security and reliability — detecting errors, monitoring for abuse, and maintaining platform stability
- Meet legal obligations — compliance with applicable laws and regulations
05
Legal Basis for Processing (GDPR / UK GDPR)
If you are located in the EU, EEA, or United Kingdom, we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and platform access | Performance of a contract (Art. 6(1)(b)) |
| Payment processing | Performance of a contract (Art. 6(1)(b)) |
| Product analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Security monitoring and error tracking | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications (where opted in) | Consent (Art. 6(1)(a)) |
| Legal and compliance obligations | Legal obligation (Art. 6(1)(c)) |
You may withdraw consent at any time where consent is the basis for processing, without affecting the lawfulness of prior processing.
06
How We Share Your Data
We do not sell your personal data. We share data only with the following categories of third parties, under appropriate data protection agreements:
| Service Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA (Privacy Shield / SCCs) |
| Sentry | Error tracking and crash reporting | USA (SCCs) |
| Metabase | Internal product analytics | Dependent on hosting configuration |
07
International Data Transfers
Scrub operates internationally. If you are located in the EU, EEA, or UK, your personal data may be transferred to and processed in countries outside your region. Where this occurs, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreements (IDTAs) for transfers from the UK
- Transfers to countries with an EU or UK adequacy decision
08
Data Retention
We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:
- Account data — retained for the duration of your subscription, plus up to 3 years after closure
- Usage and analytics data — retained for up to 24 months, then aggregated or deleted
- Payment records — retained for 7 years to comply with tax and accounting obligations
- Support communications — retained for 3 years after the last interaction
You may request deletion of your data at any time (see Section 9).
09
Your Privacy Rights
Depending on where you are located, you have the following rights regarding your personal data:
For EU / EEA users (GDPR)
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your data (right to be forgotten)
- Restriction — request that we limit how we use your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent
You also have the right to lodge a complaint with your local data protection authority.
For UK users (UK GDPR)
The same rights apply as under GDPR. You may contact the Information Commissioner's Office (ICO) at ico.org.uk.
For California users (CCPA / CPRA)
- Know — categories of personal information we collect
- Delete — request deletion of personal information
- Correct — request correction of inaccurate personal information
- Opt out — we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination — we will not discriminate against you for exercising your rights
To exercise any rights, contact privacy@scrubapp.com. We respond within 30 days.
10
Cookies
Scrub uses a small number of cookies that are strictly necessary to operate the platform. We do not use cookies for advertising or behavioral tracking.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
sessionid | Maintains your authenticated session | Essential | 14 days |
csrftoken | Protects against cross-site request forgery | Essential (security) | 1 year |
Because we only use strictly necessary cookies, we do not display a cookie consent banner. Questions? privacy@scrubapp.com
11
Children's Privacy
Scrub's platform is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. Contact us at privacy@scrubapp.com if you believe we have collected data from a minor.
12
Security
We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These include encryption in transit (TLS), access controls, and error monitoring via Sentry.
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by law.
13
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and notify you by email or in-app notice if the changes are material.
14
Contact Us
Scrub App Inc.
Email: privacy@scrubapp.com
Address: 611 South DuPont Highway, Suite 102, Dover, DE 19901, USA
For EU/EEA and UK users, you may also contact your local data protection authority if you are not satisfied with our response.
© 2026 Scrub. All rights reserved.