Privacy Policy — ContentScale | Amsterdam
Legal — ContentScale · Amsterdam

Privacy
Policy

How ContentScale collects, uses and protects your data. GDPR · CCPA · EU AI Act compliant.

Last Updated: February 17, 2026 · Version 3.0 · Effective: February 17, 2026
Home / Privacy Policy

Introduction

Welcome to ContentScale (“we,” “our,” or “us”), operated by Ottmar J.G. Francisca, Amsterdam, Netherlands. We are committed to protecting your privacy and being transparent about how we handle your personal information.

✅ Our commitment

We do not sell your personal data. We do not use it for third-party advertising. We collect only what is necessary to deliver our services.

1. What We Collect

Information You Provide

  • Account registration: Name, email, company name
  • Scanner use: Website URLs you submit for analysis
  • Contact forms: Name, email, message content
  • WhatsApp: Your number and conversation content (via WhatsApp Business)
  • Freelancer applications: Name, email, phone, bio, portfolio

Automatically Collected

  • IP address, browser type, operating system
  • Pages visited, time spent, referral source
  • Essential cookies for website functionality

From Public Sources

  • Publicly listed business names, addresses, phone numbers (Google Maps, company websites)
  • Only publicly available business contact information — never private personal data
⚠️ Important

When ContentScale’s Lead Crawler collects business contact data, it only processes information that business owners have intentionally made public. We comply with GDPR ePrivacy Directive and CAN-SPAM.

2. How We Use It

Service Delivery (Legal basis: Contract performance)

  • Generate your 100-point GRAAF ContentScore
  • Display leaderboard rankings (scores 85+, with implied consent)
  • Connect freelancers with clients
  • Operate the Otto AI lead generation service

Communication (Legal basis: Consent / Contract)

  • Send scan results and recommendations
  • Respond to your inquiries
  • Newsletter delivery (opt-in only, max 2/week)

Improvement (Legal basis: Legitimate interest)

  • Analyse usage to improve ContentScore accuracy
  • Monitor platform performance and fix issues

3. Data Retention

ContentScale serves clients globally, with primary focus on the Benelux (Netherlands, Belgium, Luxembourg) and the United States. Retention periods comply with both GDPR (EU/EEA) and applicable US privacy regulations including CCPA (California).

Data Type Retention Period Reason
Account information Until account deletion Service provision
Scan logs (ContentScore scans) 90 days Allow result access & platform analytics
Audit intake submissions 30 days Answering your audit request only
Email addresses (lead crawler) 90 days Campaign delivery — never sold or shared
Email communications (support) 2 years Legal compliance & service continuity
Analytics data 12 months (anonymised) Service improvement
Leaderboard entries Until removal request Public display
VAPI / Otto AI call logs (Gemini Live) 30 days Quality review & EU AI Act Art. 50 compliance

After these periods, data is permanently deleted. You may request earlier deletion at any time by emailing info@contentscale.site.

Benelux clients: GDPR applies in full. Any transfer outside the EEA is governed by Standard Contractual Clauses (SCCs).

US clients: California residents have CCPA rights — right to know, delete, and opt-out of sale. We do not sell personal data.

4. How We Share Your Data

Service Providers

  • SendGrid — email delivery
  • Railway.app — hosting and database
  • Neon — PostgreSQL database
  • Vapi.ai — Otto AI voice calls (EU AI Act compliant)
  • Google Gemini Live — AI voice model powering Otto real-time conversations (no training on your data; Google Cloud data processing agreement applies)
  • Anthropic Claude — AI content analysis for audit tools (via API, no training on your data)

All providers are contractually bound to protect your data and may not use it for their own purposes.

AI Processing — Gemini Live & Claude

ContentScale uses Google Gemini Live as the real-time voice AI powering Otto AI calls, and Anthropic Claude for written content analysis. Neither provider trains on your data. All Otto calls include an upfront AI identity disclosure per EU AI Act Article 50 and FCC 2024 regulations.

EU/EEA clients: Google Gemini processes data under Standard Contractual Clauses (SCCs). Request deletion of call data: info@contentscale.site.

Public Display (with consent)

  • Leaderboard: company name, URL, score (85+ only)
  • Freelancer directory: name, bio, location (explicit opt-in)
We never:
  • Sell your personal data to third parties
  • Share data for advertising purposes
  • Use your data outside what is described here

5. International Data Transfers

Our services may involve data processing in:

  • European Union — primary data storage (Neon EU-Central)
  • United States — Railway hosting, SendGrid, Anthropic, Vapi

For US transfers we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (GDPR Article 46). Your data is always protected to EU standards regardless of where it is processed.

6. Your Privacy Rights

GDPR Rights (EU / EEA / UK)

  • Access — request a copy of your data
  • Deletion — request erasure (“right to be forgotten”)
  • Rectification — correct inaccurate data
  • Restriction — limit how we process your data
  • Portability — receive your data in portable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without penalty

CCPA Rights (California)

  • Right to know what data we hold
  • Right to delete your data
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination for exercising rights
To exercise your rights

Email [email protected] — GDPR requests answered within 30 days, CCPA within 45 days. No fees.

7. Children’s Privacy

Age restrictions

Our services are not intended for children under 16 (EU/EEA) or under 13 (USA, COPPA). We do not knowingly collect data from minors. If you believe a child has submitted data, contact [email protected] and we will delete it within 72 hours.

8. Cookies

Type Purpose Duration Required
Essential Authentication, preferences, security Session / 1 year Yes
Analytics Usage patterns, service improvement 12 months No
Preference Remember your settings 1 year No

We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking. EU/EEA users see a consent banner on first visit. All users can control cookies via browser settings.

9. Security

  • All data encrypted in transit (TLS/SSL) and at rest
  • Database access restricted to need-to-know
  • Continuous security monitoring
  • PostgreSQL on Neon with SSL enforced

In the event of a personal data breach, affected individuals and relevant authorities will be notified within 72 hours as required by GDPR. To report a security issue: [email protected]

10. Email & Marketing

Transactional emails (scan results, account notices) are necessary for service delivery and cannot be opted out of.

Marketing emails require explicit opt-in. Maximum 2 per week. Every email ilations.

No harmful automation

No automated decision with legal or significant effect is made about you. ContentScore is advisory. Human review is available on request. You may challenge or request explanation of any score.

12. Contact Us

Privacy enquiries

Email: privacy@contentscale.site
General: info@contentscale.site
WhatsApp: +31 6 2807 3996
Controller: Ottmar J.G. Francisca · Amsterdam, Netherlands

If you are unsatisfied with our response you have the right to lodge a complaint with your national data protection authority. In the Netherlands: Autoriteit Persoonsgegevens.