ScoutIQScoutIQ
← Back to ScoutIQ

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Palladium Energy ("we", "us", or "our") operates ScoutIQ.dev ("the Service"). This Privacy Policy describes what information we collect, why we collect it, how we use and protect it, and your rights regarding that information. By using the Service, you agree to the practices described in this policy.

This policy applies to all users of ScoutIQ.dev, including users located in the European Economic Area ("EEA"), the United Kingdom, and California. Where applicable, we identify your specific rights under the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"/"CPRA").

2. Information We Collect

We collect the minimum information necessary to operate the Service:

  • Account information: Name, email address, and company affiliation provided at registration. Your email domain is used to verify you belong to an authorized organization.
  • Authentication data: Session tokens stored as essential cookies required for the Service to function. These cookies expire at the end of your session or after 7 days of inactivity.
  • Audit log data: Records of actions performed within the Service (e.g., project views, file downloads, deal stage changes) associated with your account, retained for security monitoring and compliance purposes.
  • Usage and performance data: Anonymous page view metrics and Core Web Vitals collected via Vercel Analytics, and product usage events collected via PostHog (see Section 3 for details).

We do not collect payment information, precise geolocation, or any sensitive personal data. We do not knowingly collect data from individuals under the age of 13 (or 16 in the EEA). If we discover we have inadvertently collected data from a minor, we will delete it promptly.

3. Cookies & Analytics

The Service uses the following cookies and analytics tools:

  • Essential session cookies — Required for authentication and maintaining your login state. Without these, the Service cannot function. These are not advertising cookies.
  • Vercel Analytics — Collects anonymous, aggregated page view counts and Core Web Vitals. No personal identifiers, IP addresses, or cross-site tracking data are collected. Data is processed under Vercel's Privacy Policy.
  • PostHog — Collects product usage events to help us understand how features are used and improve the Service. For authenticated users, we associate usage data with your account (email, role, company) to provide better support. PostHog data is processed under their Privacy Policy. You may opt out of PostHog tracking by emailing info@pd46energy.com.

Cookie Table

NameProviderPurposeExpiry
sb-*SupabaseAuthentication session7 days / session
ph_*PostHogProduct analytics1 year
_vercel_*VercelAnonymous performance metricsSession

We do not use advertising trackers, third-party remarketing pixels, or share personal data with advertising networks or data brokers.

Do Not Track: We honor browser Do Not Track ("DNT") signals for non-essential analytics where technically feasible. Essential session cookies are not affected by DNT signals as they are required for the Service to function.

4. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and manage your account access
  • Display project data and pipeline intelligence relevant to your organization
  • Enforce multi-tenant data isolation (ensure you only see your organization's data)
  • Maintain audit logs for security monitoring, compliance, and support purposes
  • Understand how the Service is used and improve features and performance
  • Communicate service updates, security alerts, or changes to this policy

5. Legal Basis for Processing (GDPR)

If you are located in the EEA or UK, we process your personal data under the following legal bases:

  • Contract — Processing your account information, session data, and organization-scoped project data is necessary to perform our agreement with you and provide the Service.
  • Legitimate interests — We process audit log data and product usage analytics to maintain security, detect abuse, improve the Service, and provide customer support. These interests are not overridden by your data protection rights.
  • Legal obligation — We may process data when required by applicable law or regulation (e.g., responding to lawful governmental requests).
  • Consent — Where we rely on consent (e.g., optional analytics), you may withdraw consent at any time without affecting the lawfulness of prior processing.

6. International Data Transfers

We are based in the United States. If you access the Service from the EEA, UK, or other regions with data protection laws, your information may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers of EEA/UK personal data to the United States, we rely on the following safeguards:

  • Supabase — Processes data under Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Vercel — Processes data under SCCs and participates in applicable data transfer frameworks.
  • PostHog — Offers EU-hosted infrastructure; data is processed under SCCs.

You may request a copy of the applicable transfer safeguards by contacting us at info@pd46energy.com.

7. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data may be shared with:

  • Infrastructure providers: Supabase (database and authentication) and Vercel (hosting, CDN) process data under strict data processing agreements.
  • Analytics providers: PostHog and Vercel Analytics as described in Section 3.
  • Legal requirements: When required to comply with applicable law, regulation, legal process, or valid governmental request.
  • Business transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is subject to a different privacy policy.

8. Data Security

We implement industry-standard safeguards including encrypted data transmission (TLS/HTTPS), secure authentication via Supabase Auth, role-based access controls, and multi-tenant data isolation. Access to project data is restricted to authorized users within your organization.

No transmission method is 100% secure. In the event of a data breach affecting your personal data, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law (including GDPR Article 33).

9. Data Retention

Account information is retained while your account is active. Audit logs are retained for up to 24 months for compliance purposes. Upon account deletion or anonymization request, personal identifiers are removed or replaced with anonymized values across all records.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

All users:

  • Access a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your personal data
  • Receive your data in a portable, machine-readable format

EEA / UK users (GDPR):

  • Right to object — Object to processing based on legitimate interests (including profiling)
  • Right to restrict processing — Request we limit how we use your data in certain circumstances
  • Withdraw consent — Where processing is based on consent, withdraw it at any time
  • Lodge a complaint — File a complaint with your local data protection supervisory authority (e.g., your national DPA or the ICO in the UK)
  • Automated decision-making — We do not make solely automated decisions that produce legal or similarly significant effects on you

California users (CCPA / CPRA):

  • Know the categories of personal information collected about you
  • Know the categories of third parties with whom we share your information
  • Opt out of the "sale" or "sharing" of your personal information — We do not sell or share personal information for cross-context behavioral advertising
  • Limit the use of sensitive personal information — We do not collect sensitive personal information as defined by CPRA
  • Non-discrimination — We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact your account administrator or email us at info@pd46energy.com. We will respond within 30 days (or 45 days for CCPA requests) and may verify your identity before processing a request.

11. Governing Law

This Privacy Policy is governed by the laws of the State of Florida, United States, without regard to its conflict of law provisions. Where applicable, we also comply with GDPR, UK GDPR, and CCPA/CPRA. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts located in Duval County, Florida.

12. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify registered users via email at least 14 days before the change takes effect. Continued use of the Service after that date constitutes acceptance of the revised policy.

13. Contact

For privacy-related questions or data requests, contact Palladium Energy at info@pd46energy.com.

Palladium Energy · Jacksonville, FL, United States

Terms & Conditions·scoutiq.dev