Privacy Policy

Effective Date: 06/22/2026
Last Updated: 06/22/2026

This Privacy Policy describes how Scalable.co, LLC (“Company,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you access or use our websites (including https://scalable.co, https://getscalable.com, https://getscalablelive.com, https://accidentalmba.com, https://offtheorgchart.com), member portals, programs, products, events, and other services (collectively, the “Services”).

This Privacy Policy applies to all users of the Services regardless of location, including residents of the United States, Canada, the United Kingdom, the European Economic Area, Australia, New Zealand, and other jurisdictions.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

1. Who We Are (Data Controller)

The data controller responsible for your personal information is:

Scalable.co, LLC 4330 Gaines Ranch Loop, Suite 120 Austin, TX 78735, USA
Email: support@scalable.co Phone: 512-600-4363

For privacy-related questions or to exercise your rights, please contact us using the information above or as described in Section 11.

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Identifiers: Name, email address, phone number, mailing address, and similar contact information.
  • Business Information: Company name, job title, role, industry, revenue range, and other professional information you share through forms, applications, or sales conversations.
  • Account Information: Username, account preferences, and profile information you provide when creating an account.
  • Payment Information: Billing address and payment method details. Payment card numbers and similar sensitive payment data are collected and processed directly by our payment processors (see Section 4) and are not stored by Company.
  • Application Information: Information you provide when applying to one of our programs, including business details, goals, and qualifications.
    Communications: The contents of messages, emails, support tickets, community posts, and other communications you send to us or through the Services.
  • Event Participation: Registration information for events, workshops, and other gatherings.

By submitting your information through our forms, you consent to Company’s use of that information for the purposes described in this Privacy Policy, including marketing communications. You may opt out of marketing communications at any time as described in Section 7.

2.2 Information Collected Automatically

  • Device and Usage Data: IP address, browser type, operating system, device identifiers, referring/exit pages, pages viewed, time spent on pages, click data, and other usage information.
  • Approximate Location: General geographic location derived from your IP address (we do not collect precise GPS-level location).
  • Cookies and Similar Technologies: Information collected through cookies, pixels, tags, and similar technologies as described in Section 5.

2.3 Information from Third Parties

  • Social Media: If you interact with our content on social platforms (Facebook, Instagram, X, LinkedIn, YouTube, TikTok), we may receive information about you from those platforms in accordance with their privacy practices.
  • Advertising Partners: We may receive information about your interaction with our advertisements from our advertising partners (Google, Meta, LinkedIn, and similar).
  • Referrals: If another user refers you to our Services, we may receive your contact information from that user.
  • Public Sources: We may collect publicly-available information about you or your business (such as from LinkedIn or your company website) during the sales and qualification process.

3. How We Use Your Information

We use personal information for the following purposes:

PurposeExamplesLawful Basis (GDPR/UK GDPR)
Provide the ServicesDelivering programs, processing transactions, granting access to content, conducting eventsContract performance
Communicate with youSending transactional emails, responding to inquiries, providing customer supportContract performance / Legitimate interests
MarketingSending newsletters, promotional emails, advertising our Services, retargeting visitorsConsent (where required) / Legitimate interests
PersonalizationTailoring content and recommendations based on your interestsLegitimate interests / Consent (where required)
Analytics and improvementUnderstanding how the Services are used, improving features, A/B testingLegitimate interests
Sales and qualificationEvaluating applications, assessing fit for programs, conducting discovery conversationsContract performance / Legitimate interests
Legal and complianceComplying with laws, responding to lawful requests, enforcing our agreements, fraud preventionLegal obligation / Legitimate interests
Business operationsInternal record-keeping, accounting, security, billingLegitimate interests / Legal obligation

4. How We Share Your Information

We share personal information with the following categories of third parties for the purposes described in Section 3:

4.1 Service Providers (Data Processors)

We engage the following service providers to process personal information on our behalf, subject to contractual data protection terms:

ProviderPurposeCategories of Data Shared
HubSpotCRM, marketing automation, lead capture, emailContact information, communications, engagement data
StripePayment processingPayment information
PayPalPayment processingPayment information
SpiffyCheckout and payment processingPayment information, contact information
SynderPayment data synchronizationPayment and accounting data
QuickBooks Online (Intuit)Accounting and financial recordsPayment and billing data
Google (Analytics, Ads, Tag Manager, YouTube)Website analytics, advertising, retargeting, video hosting, conversion trackingDevice and usage data, advertising identifiers, contact information synced as custom audiences, lifecycle stage data passed as conversion events
Meta Platforms (Facebook, Instagram, WhatsApp)Advertising, retargeting, conversion tracking, community messagingDevice and usage data, contact information synced as custom audiences, lifecycle stage data passed as conversion events
LinkedInAdvertising and analyticsDevice and usage data, professional information
CircleMember community platformAccount information, community posts and interactions
ZoomVideo meetings and webinarsName, email, meeting participation data
TypeformForms and applicationsContact information, application content
ManyChatConversational marketing automationName, email, phone, messaging interaction data
BeeHiivEmail newslettersName, email, engagement data
VWO (Visual Website Optimizer)A/B and split testingDevice and usage data, session behavior, click and scroll patterns, page interaction data
PandaDocContract executionContact information, contract content
X (formerly Twitter)Website visitor tracking and analytics via pixelDevice and usage data, page visit behavior, and browsing activity
TikTok (ByteDance)Website visitor tracking and analytics via pixelDevice and usage data, page visit behavior, and browsing activity
VimeoVideo hosting and embedded video playbackDevice and usage data, viewing behavior, and cookie identifiers collected via embedded video players
ScoreAppInteractive quiz and assessment hostingContact information submitted via quiz completions (name, email, phone), quiz responses
VidalyticsVideo hosting, playback, and video performance analyticsDevice and usage data, video viewing behavior, and contact information

This list is current as of the Effective Date and may change as we update our service providers. Material changes will be reflected in updates to this Privacy Policy.

4.2 Business Transfers

If Company is involved in a merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar transaction, personal information may be transferred or disclosed in connection with the transaction, subject to standard confidentiality protections.

4.3 Legal Disclosures

We may disclose personal information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, legal process, or government requests;
  • Enforce our agreements, policies, and terms;
  • Protect the security or integrity of the Services;
  • Protect Company, our users, or the public from harm or illegal activities;
  • Respond to claims that content violates the rights of third parties.

4.4 With Your Consent

We may share personal information for other purposes with your consent or at your direction.

4.5 What We Do Not Do

We do not sell personal information for monetary consideration. However, certain advertising-related disclosures (such as sharing data with Meta or Google for ad targeting) may be considered “sale” or “sharing” under California law. See Section 11 for your opt-out rights.

5. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, tags, web beacons, and similar technologies (collectively, “Cookies”) to operate the Services, analyze usage, deliver advertising, and personalize your experience.

5.1 Categories of Cookies We Use

  • Strictly Necessary Cookies: Required for the Services to function (login, security, basic functionality). Cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Services (Google Analytics, similar). Used to improve features and content.
  • Advertising Cookies: Used for retargeting, ad measurement, and personalization (Meta Pixel, Google Ads, LinkedIn Insight Tag, similar).
  • Personalization Cookies: Remember your preferences and customize content.

5.2 Specific Cookies and Consent Platform

The principal Cookies we use include those set by HubSpot, Google Analytics, Google Ads, Google Tag Manager, Meta (Facebook Pixel), LinkedIn Insight Tag, YouTube, and Stripe (for payment functionality).

Company uses Cookiebot as our cookie consent management platform. Cookiebot provides specific cookie disclosures, consent capture, and opt-out mechanisms tailored to the user’s jurisdiction. The consent banner and management tool may behave differently depending on your location, reflecting the requirements of applicable local privacy laws.

5.3 Managing Your Cookie Preferences

You can manage your Cookie preferences:

Note that disabling Strictly Necessary Cookies may prevent the Services from functioning properly.

5.4 Global Privacy Control

We use Cookiebot as our cookie consent management platform. In jurisdictions where Cookiebot’s geo-targeted consent rules apply to your visit, Cookiebot honors the Global Privacy Control (GPC) signal: when a GPC signal is detected, Cookiebot applies an opt-out for non-essential cookies in accordance with the configured banner type and displays a “The GPC signal is honored” message on the consent banner for user transparency.

We do not honor the legacy “Do Not Track” browser signal — only the Global Privacy Control signal.

6. Data Retention

We retain personal information for as long as necessary to:

  • Provide the Services to you and fulfill the purposes described in this Privacy Policy;
  • Comply with our legal, accounting, and reporting obligations (for example, financial records are typically retained for at least seven (7) years for tax compliance);
  • Resolve disputes and enforce our agreements;
  • Meet legitimate business needs related to our operations.

When personal information is no longer needed for these purposes, we delete or anonymize it. You may request deletion of your personal information at any time as described in Section 7, subject to our right to retain information where required by law or legitimate business need.

7. Your Privacy Rights

Depending on where you reside, you may have certain rights regarding your personal information. We honor these rights to the extent required by applicable law.

7.1 Universal Rights

Regardless of jurisdiction, you may:

  • Access the personal information we hold about you;
  • Correct inaccurate personal information;
  • Request deletion of your personal information;
  • Opt out of marketing communications (by clicking “unsubscribe” in any marketing email or by contacting us);
  • Submit a complaint to Company or to a privacy supervisory authority.

7.2 Texas Residents (TDPSA)

If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA), including:

  • Right to Confirm and Access: Request confirmation of whether we process your personal data and access to that data.
  • Right to Correct: Request correction of inaccurate personal data.
  • Right to Delete: Request deletion of your personal data.
  • Right to Portability: Obtain a copy of your personal data in a portable format.
  • Right to Opt-Out: Opt out of the processing of your personal data for purposes of targeted advertising, sale, or profiling that produces legal or similarly significant effects.

You may also appeal a denied request by contacting us. If we deny your appeal, you may contact the Texas Attorney General at https://www.texasattorneygeneral.gov.

To exercise your TDPSA rights, contact us at support@scalable.co or use the consent management tool available on the Services. We will respond within forty-five (45) days, with one extension of up to forty-five (45) additional days where reasonably necessary.

7.3 Other US State Residents

Residents of certain other US states may have additional rights under their state privacy laws. To the extent any such law applies to Company, we will honor those rights. Even where a law does not apply to Company as a regulated business, we may voluntarily provide consent and opt-out mechanisms to residents of certain states (including California, Colorado, Connecticut, Utah, and Virginia) through our cookie consent platform.

To exercise any state-level privacy rights, contact us at support@scalable.co or use the consent management tool available on the Services.

7.4 European Economic Area and United Kingdom Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR):

  • Right of Access: Obtain confirmation of whether we process your personal data and access to that data.
  • Right to Rectification: Have inaccurate personal data corrected.
  • Right to Erasure (“Right to be Forgotten”): Have your personal data deleted in certain circumstances.
  • Right to Restrict Processing: Limit how we use your personal data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly-used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
  • Right Not to Be Subject to Automated Decision-Making: Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, except as permitted by law.
  • Right to Lodge a Complaint: With your local data protection supervisory authority. For UK residents, this is the Information Commissioner’s Office (ICO) at https://ico.org.uk. For EU residents, see https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise these rights, contact us at support@scalable.co. We will respond within thirty (30) days. We may need to verify your identity before responding.

7.5 Canadian Residents (PIPEDA and Quebec Law 25)

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, if you are in Quebec, under Quebec’s Law 25, including:

  • The right to access and correct your personal information;
  • The right to withdraw consent to processing;
  • The right to data portability (Quebec residents);
  • The right to be informed of the use of automated decision-making (Quebec residents).

To exercise these rights, contact us at support@scalable.co. You may also lodge a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca) or, for Quebec residents, the Commission d’accès à l’information du Québec (https://www.cai.gouv.qc.ca).

7.6 Australian Residents

If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, including the right to access and correct your personal information. To exercise these rights, contact us at support@scalable.co. You may also lodge a complaint with the Office of the Australian Information Commissioner (https://www.oaic.gov.au).

7.7 New Zealand Residents

If you are located in New Zealand, you have rights under the Privacy Act 2020, including the right to access and correct your personal information. To exercise these rights, contact us at support@scalable.co. You may also lodge a complaint with the Office of the Privacy Commissioner (https://www.privacy.org.nz).

7.8 How to Exercise Your Rights

For all jurisdictions, you may exercise your rights by:

  • Emailing us at support@scalable.co;
  • Using the “Do Not Sell or Share My Personal Information” link in our website footer (for applicable rights);
  • Contacting us by mail at Scalable.co, LLC, 4330 Gaines Ranch Loop, Suite 120, Austin, TX 78735, USA.

We will verify your identity before responding to requests where required, and will respond within the timeline required by applicable law. There is no fee for exercising your rights, except where requests are excessive or repetitive, in which case we may charge a reasonable fee or decline the request.

8. Sensitive Personal Information

Some personal information is considered “sensitive” under certain privacy laws. We may collect or process the following categories of sensitive personal information:

  • Communications contents: The contents of emails, messages, support tickets, community posts, and other communications you send to or through the Services.

We do not collect government identifiers, financial account numbers (other than as needed for payment processing through our service providers), precise geolocation, racial or ethnic origin, religious or philosophical beliefs, health information, sex life or sexual orientation, genetic data, or biometric data.

We use sensitive personal information only for the purposes for which you provided it and as otherwise permitted by applicable law. California residents may exercise the “Right to Limit Use of Sensitive Personal Information” as described in Section 7.2.

9. International Data Transfers

Company is based in the United States, and your personal information is processed in the United States. If you are located outside the United States, your personal information may be transferred to, stored in, and processed in the United States or other countries where Company or our service providers operate.

For transfers of personal information from the European Economic Area, United Kingdom, or other jurisdictions with data export restrictions, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner’s Office, or other lawful transfer mechanisms.

10. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. These safeguards include access controls, encryption in transit, secure data storage with reputable providers, and ongoing security review.

No system is completely secure, however, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any account credentials and for promptly notifying us of any suspected unauthorized access to your account.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and applicable regulators as required by law. The specific notification timeline, content, and method depend on the applicable jurisdiction’s requirements.

12. Automated Decision-Making and Profiling

We may use automated tools, including artificial intelligence, to support our marketing, sales qualification, lead scoring, and content personalization. These tools assist with decisions but do not make legally significant decisions about you without human review. You may have rights related to automated decision-making in certain jurisdictions, as described in Section 7.

13. Children’s Privacy

The Services are intended for adults age eighteen (18) and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you are a parent or guardian and believe a person under 18 has provided personal information to us, please contact us at support@scalable.co.

14. Opt-Out of Behavioral Advertising

If you wish to opt out of behavioral advertising, retargeting, or the use of your personal information for targeted advertising purposes, you may:

15. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not operated by Company. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you use.

Certain Company offerings are operated on or distributed through third-party platforms with their own privacy policies, including but not limited to the AccidentalMBA newsletter (operated on Beehiiv) and the Business Lunch podcast (distributed through podcast platforms). Use of those offerings is governed by the applicable third-party privacy policy.

16. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available at https://scalable.co/privacy-policy, and the “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.

For material changes adverse to users, we will provide reasonable notice through:

  • A prominent notice on the Services for at least thirty (30) days before the change takes effect; and
  • Where we have your email address on file, an email notification to that address at least thirty (30) days before the change takes effect.

Non-material changes take effect upon posting. Your continued use of the Services after the effective date of any change constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Scalable.co, LLC 4330 Gaines Ranch Loop, Suite 120 Austin, TX 78735, USA
Email: support@scalable.co Phone: 512-600-4363