Privacy
Policy
How I collect, use and protect your data. GDPR · CCPA · EU AI Act compliant.
Introduction
ContentScale is a one-person business, built and operated solely by Ottmar J.G. Francisca, based in Amsterdam, Netherlands. When you use ContentScale, you’re dealing directly with me — not a team, not a company, just me.
This Privacy Policy explains how I collect, use, and protect your personal data when you use ContentScale’s platform, tools, or services. I am the sole data controller responsible for your data under GDPR.
Throughout this policy I use “I,” “my,” and “me” to be clear about exactly who is responsible for your data — because there is only one person involved.
I do not sell your personal data. I do not use it for third-party advertising. I collect only what is necessary to deliver my services. And as a solo operator, I handle your data personally — there is no anonymous back-office processing your information.
1. What I Collect
Information You Provide
- Account registration: Name, email, company name
- Scanner use: Website URLs you submit for analysis
- Contact forms: Name, email, message content
- WhatsApp: Your number and conversation content (via WhatsApp Business — you’re messaging me directly)
- Freelancer applications: Name, email, phone, bio, portfolio
Automatically Collected
- IP address, browser type, operating system
- Pages visited, time spent, referral source
- Essential cookies for website functionality
From Public Sources
- Publicly listed business names, addresses, phone numbers (Google Maps, company websites)
- Only publicly available business contact information — never private personal data
When ContentScale’s Lead Crawler collects business contact data, it only processes information that business owners have intentionally made public. I comply with the GDPR ePrivacy Directive and CAN-SPAM. I never collect or store private personal data through this tool.
2. How I Use It
Service Delivery (Legal basis: Contract performance)
- Generate your 100-point GRAAF ContentScore
- Display leaderboard rankings (scores 85+, with implied consent)
- Connect freelancers with clients
- Operate the Otto AI lead generation service
Communication (Legal basis: Consent / Contract)
- Send scan results and recommendations
- Respond to your enquiries — personally, from me
- Newsletter delivery (opt-in only, maximum 2 per week)
Improvement (Legal basis: Legitimate interest)
- Analyse usage to improve ContentScore accuracy
- Monitor platform performance and fix issues
3. Data Retention
ContentScale serves clients globally, with primary focus on the Benelux (Netherlands, Belgium, Luxembourg) and the United States. Retention periods comply with both GDPR (EU/EEA) and applicable US privacy regulations including CCPA (California).
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Until account deletion | Service provision |
| Scan logs (ContentScore scans) | 90 days | Allow result access & platform analytics |
| Audit intake submissions | 30 days | Answering your audit request only |
| Email addresses (lead crawler) | 90 days | Campaign delivery — never sold or shared |
| Email communications (support) | 2 years | Legal compliance & service continuity |
| Analytics data | 12 months (anonymised) | Service improvement |
| Leaderboard entries | Until removal request | Public display |
| VAPI / Otto AI call logs (Gemini Live) | 30 days | Quality review & EU AI Act Art. 50 compliance |
After these periods, data is permanently deleted. You may request earlier deletion at any time by emailing info@contentscale.site — I will personally handle your request.
Benelux clients: GDPR applies in full. Any transfer outside the EEA is governed by Standard Contractual Clauses (SCCs).
US clients: California residents have CCPA rights — right to know, delete, and opt-out of sale. I do not sell personal data.
5. International Data Transfers
My services may involve data processing in the following locations:
- European Union — primary data storage (Neon EU-Central)
- United States — Railway hosting, SendGrid, Anthropic, Vapi
For US transfers I rely on Standard Contractual Clauses (SCCs) approved by the European Commission (GDPR Article 46). Your data is always protected to EU standards regardless of where it is processed.
6. Your Privacy Rights
GDPR Rights (EU / EEA / UK)
- Access — request a copy of your data
- Deletion — request erasure (“right to be forgotten”)
- Rectification — correct inaccurate data
- Restriction — limit how I process your data
- Portability — receive your data in a portable format
- Object — object to processing based on legitimate interest
- Withdraw consent — at any time, without penalty
CCPA Rights (California)
- Right to know what data I hold about you
- Right to delete your data
- Right to opt-out of sale (I do not sell data)
- Right to non-discrimination for exercising your rights
Email privacy@contentscale.site — I personally handle all privacy requests. GDPR requests are answered within 30 days, CCPA within 45 days. No fees charged.
7. Children’s Privacy
My services are not intended for children under 16 (EU/EEA) or under 13 (USA, COPPA). I do not knowingly collect data from minors. If you believe a child has submitted data to ContentScale, please contact info@contentscale.site and I will delete it within 72 hours.
9. Security
I take security seriously. The following measures are in place to protect your data:
- All data encrypted in transit (TLS/SSL) and at rest
- Database access restricted to me alone
- Continuous security monitoring
- PostgreSQL on Neon with SSL enforced
In the event of a personal data breach, you and the relevant authorities will be notified within 72 hours as required by GDPR. To report a security issue, email info@contentscale.site.
10. Email & Marketing
Transactional emails (scan results, account notices) are necessary for service delivery and cannot be opted out of while using the platform.
Marketing emails require your explicit opt-in. I send a maximum of 2 per week. Every marketing email includes a clear unsubscribe link. You can opt out at any time.
When you email me or message me on WhatsApp, you are communicating with me directly — Ottmar. There is no support team or automated ticketing system. I read and respond to every message personally.
11. AI & Automated Decisions
ContentScale uses AI in the following ways:
- ContentScore (GRAAF Framework): Automated analysis of your website content, producing an advisory score. This score does not constitute a legally binding decision and carries no legal or significant personal effect.
- Otto AI voice calls: Powered by Google Gemini Live via Vapi.ai. Every call begins with a clear disclosure that the caller is an AI, as required by EU AI Act Article 50 and FCC 2024 regulations.
- Audit analysis: Anthropic Claude processes submitted content for written audit reports.
No automated decision with a legal or significant personal effect is made about you. ContentScore is advisory only. Human review — by me, personally — is available on request. You may challenge or request an explanation of any score at any time.
12. Contact
ContentScale is a sole trader operated by Ottmar J.G. Francisca. I am the data controller for all personal data processed through this platform. There is no data protection officer or legal team — I handle all privacy matters directly and personally.
Privacy enquiries: privacy@contentscale.site
General: info@contentscale.site
WhatsApp: +31 6 2807 3996
Data Controller: Ottmar J.G. Francisca · Amsterdam, Netherlands
If you are unsatisfied with my response you have the right to lodge a complaint with your national data protection authority. In the Netherlands: Autoriteit Persoonsgegevens.