Privacy Policy

1. Who we are

jig is a product offered by Skaleminds Ltd ("we", "us", or "our"). We design, build, and maintain custom internal software for businesses on a subscription basis. Our registered office is [Address to be added].

This policy explains how we handle personal data collected through our website (withjig.com), our discovery and onboarding processes, and our ongoing client relationships. It does not cover personal data processed within client-commissioned tools — that is addressed separately in each client's Data Processing Agreement.

2. What we collect

We collect personal data only when it is necessary to provide our service or respond to an inquiry. This includes:

• Contact information — name, email address, company name, and job title when you complete our discovery booking form or contact us directly
• Communications — emails, meeting notes, and other correspondence in the course of scoping or delivering work
• Usage data — anonymous analytics about how visitors interact with our website (pages viewed, time on site, referral source)
• Billing information — handled directly by our payment processor; we do not store card details

We do not collect sensitive personal data and we do not purchase data from third-party brokers.

3. How we use it

We use personal data collected through the website and sales process for the following purposes:

• Responding to discovery requests and scheduling calls
• Scoping, delivering, and iterating on client software projects
• Sending service-related communications (e.g. invoices, deployment notices, support responses)
• Improving our website and understanding how prospects find us
• Complying with legal obligations

We do not use personal data for automated decision-making and we do not sell or rent data to any third party for marketing purposes.

4. Client data & the software we build

When we build internal tools for clients, those tools may process personal data belonging to the client's own users and customers. In this context:

• The client is the data controller — they determine what is collected and why
• Skaleminds acts as the data processor — we access data only to the extent necessary to build, maintain, and support the agreed tool
• Each client engagement includes a Data Processing Agreement that governs our obligations in this role
• Client data is logically isolated by default — it is never shared with other clients or used by Skaleminds for any purpose outside the agreed scope

Clients retain full ownership of their data at all times and can request a complete export at any point during or after the engagement.

5. Sharing & disclosure

We share personal data only in the following circumstances:

• Service providers — we use a small number of trusted third-party tools to operate our business (e.g. scheduling software, payment processing, cloud hosting). Each is bound by appropriate data protection agreements
• Legal requirements — we will disclose personal data if required to do so by law or in response to a valid legal request from a competent authority
• Business transfers — in the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction; we will notify affected individuals in advance

We do not share personal data with advertisers, data brokers, or any third party for commercial purposes.

6. Data retention

We retain personal data only for as long as necessary for the purpose it was collected. In practice:

• Discovery inquiry data is retained for 12 months if no engagement follows, then deleted
• Active client records are retained for the duration of the engagement plus 7 years, in line with standard accounting and legal obligations
• Website analytics data is retained in aggregate form for up to 24 months

You may request deletion of your personal data at any time (subject to legal retention obligations) by contacting us at the address below.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate or incomplete data is updated
• Deletion — request that we delete your personal data, subject to legal obligations
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request that we restrict processing in certain circumstances

To exercise any of these rights, please contact us using the details in section 11. We will respond within 30 days.

8. Cookies

Our website uses a minimal set of cookies. We do not use advertising or tracking cookies. The cookies we set are:

• Strictly necessary cookies — required for the website to function (e.g. session management). These cannot be disabled
• Analytics cookies — we use privacy-friendly, cookieless analytics where possible. Where cookies are used for analytics, they are anonymised and do not identify individual users

You can control cookies through your browser settings at any time. Disabling analytics cookies will not affect your ability to use our website.

9. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, access, or disclosure. Our infrastructure is hosted on managed cloud services with encryption in transit and at rest, access controls, and regular security reviews.

No method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify active clients by email. We encourage you to review this policy periodically.

11. Contact us

For any questions about this policy, to exercise your rights, or to raise a data-related concern, please contact us:

If you are located in the European Economic Area and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority.