EXPERT SCALE™ I N C O R P O R A T E D

Privacy Policy - Expert Scale, Inc.

Effective Date: October 27, 2025 Last Updated: October 29, 2025

1. INTRODUCTION

Expert Scale, Inc. (“Expert Scale,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered digital protégé services that connect experts with clients through voice-enabled AI representations.

We are a Nevada corporation with our principal office at: 732 S 6th St, Ste N, Las Vegas, NV 89101

Privacy Contact: info@expertscale.ai

This Privacy Policy applies to information collected through:

  • Our website (expertscale.ai)
  • Our mobile applications
  • Our AI-guided interview process
  • Your Digital Protégé
  • Customer support interactions
  • Any related services

By using our services, you consent to the data practices described in this policy.

2. INFORMATION WE COLLECT

We collect information in several ways to provide and improve our services.

2.1 Contact Information

  • Full name
  • Email address
  • Phone number
  • Mailing address
  • Professional title and organization
  • LinkedIn profile and social media handles

2.2 Voice Data & Biometric Information

IMPORTANT: Voice Data as Biometric Identifier

Your voice recordings and voice characteristics constitute “biometric identifiers” or “biometric information” under certain state laws, including:

  • Illinois Biometric Information Privacy Act (BIPA)
  • Texas Capture or Use of Biometric Identifier Act (Texas Business & Commerce Code § 503.001)
  • Washington Biometric Privacy Law (RCW 19.375)

What We Collect:

  • Voice recordings from AI-guided interviews
  • Voice characteristics and patterns
  • Speech patterns and linguistic markers
  • Accent and pronunciation data
  • Voice biometric templates for AI synthesis

Purpose of Collection:

Your voice data is collected solely for the purpose of creating and operating your AI-powered Digital Protégé. We do not use your voice data for any other purpose.

Informed Consent:

Before collecting your voice data, we will:

  1. Inform you in writing that your voice data is being collected
  2. Explain the specific purpose for collection
  3. Obtain your explicit written consent
  4. Provide the retention period and deletion procedures

You have the right to refuse consent.

If you refuse, we cannot create a voice-enabled Digital Protégé, but you may explore other service options.

Retention Period:

  • Voice data is retained while your account is active
  • Voice data is retained for 30 days after account termination for technical transition purposes
  • You may request immediate deletion at any time

We will NEVER:

  • Sell, lease, or trade your voice data
  • Use your voice data to train models for other users without explicit consent
  • Share your voice data with third parties except as required by law or as specified in this policy

2.3 Professional Information

For experts creating Digital Protégés:

  • Professional background and credentials
  • Areas of expertise and specialization
  • Methodologies and frameworks
  • Training materials and documentation
  • Published works and intellectual property
  • Client success stories and case studies

2.4 Usage Data

  • IP address and device information
  • Browser type and version
  • Operating system
  • Pages viewed and time spent on pages
  • Clickstream data
  • Session logs and timestamps
  • Referring/exit pages
  • Search queries within the platform

2.5 Analytics Data

  • Digital Protégé performance metrics
  • User engagement analytics
  • Conversation logs and interaction data
  • Feature usage statistics
  • Error logs and debugging information

2.6 Payment Information

  • Billing name and address
  • Payment method details (processed by third-party payment processors)
  • Transaction history
  • Tax information

Note: We use PCI-compliant third-party payment processors (Stripe) and do not directly store full credit card numbers on our servers.

2.7 Communications

  • Support tickets and help requests
  • Email correspondence
  • SMS messages (with consent)
  • Chat transcripts
  • Feedback and survey responses

2.8 Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

  • Remember your preferences
  • Authenticate users
  • Analyze usage patterns
  • Improve service performance
  • Deliver targeted content

Cookie Types:

  • Essential cookies: Required for platform functionality
  • Analytics cookies: Help us understand how users interact with our services
  • Preference cookies: Remember your settings and choices

You can control cookies through your browser settings. However, disabling certain cookies may limit functionality.

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Service Provision

  • Create and operate your AI-powered Digital Protégé
  • Process voice recordings to generate synthetic voice
  • Deliver platform features and functionality
  • Provide customer support
  • Send service-related communications

3.2 Account Management

  • Process registrations and manage accounts
  • Authenticate users
  • Process payments and manage billing
  • Send account notifications and updates

3.3 Service Improvement

  • Analyze usage patterns and trends
  • Conduct research and development
  • Test new features
  • Improve AI models and algorithms
  • Optimize user experience

3.4 Communication

  • Send service updates and announcements
  • Respond to inquiries and support requests
  • Send SMS verification codes (with consent)
  • Deliver marketing communications (with opt-out option)
  • Request feedback and conduct surveys
  • Comply with legal obligations
  • Enforce our Terms of Use
  • Protect our rights and property
  • Prevent fraud and abuse
  • Conduct security monitoring
  • Respond to legal requests and court orders

3.6 Analytics and Personalization

  • Generate usage reports and analytics
  • Personalize content and recommendations
  • Deliver targeted features
  • Measure service effectiveness

IMPORTANT LIMITATIONS:

  • We do NOT use your expert data to train AI models for other experts without explicit consent
  • We do NOT sell your personal information to third parties for marketing purposes
  • We do NOT use your voice data for purposes beyond your specific Digital Protégé

4. DATA SHARING AND DISCLOSURE

We respect your privacy and limit data sharing to the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist in operating our services:

Categories of Service Providers:

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors (Stripe)
  • Analytics providers (Google Analytics, Mixpanel)
  • Communication services (Twilio for SMS, SendGrid for email)
  • Customer support platforms (Intercom, Zendesk)
  • AI and machine learning providers (OpenAI, Anthropic, ElevenLabs for voice synthesis)

Data Protection Requirements:

All service providers are contractually obligated to:

  • Use data only for specified purposes
  • Maintain appropriate security measures
  • Comply with applicable privacy laws
  • Return or delete data upon termination

4.2 Business Transfers

If Expert Scale is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or control.

We may disclose information when required by law or in good faith belief that such action is necessary to:

  • Comply with legal processes, subpoenas, or court orders
  • Enforce our Terms of Use
  • Protect the rights, property, or safety of Expert Scale, our users, or the public
  • Prevent fraud or illegal activity
  • Respond to government or regulatory inquiries

We may share information with third parties when you have provided explicit consent.

4.5 Expert IP Protection

Your expert methodologies, knowledge, and intellectual property are NEVER shared with:

  • Other experts on the platform
  • Competitors
  • Third parties for commercial purposes

Your data is siloed and used exclusively for your Digital Protégé unless you explicitly authorize otherwise.

4.6 Aggregate and De-Identified Data

We may share aggregate, de-identified, or anonymized data that cannot reasonably be used to identify you, for:

  • Research purposes
  • Industry benchmarking
  • Service improvement
  • Marketing materials

5. DATA PROTECTION & SECURITY MEASURES

We implement robust security controls to protect your information:

5.1 Technical Safeguards

  • Encryption in Transit: All data transmitted over networks is encrypted using TLS 1.3
  • Encryption at Rest: Sensitive data (including voice recordings) is encrypted using AES-256
  • Access Controls: Role-based access control (RBAC) limits data access to authorized personnel only
  • Authentication: Multi-factor authentication (MFA) for administrative access
  • Network Security: Firewalls, intrusion detection/prevention systems, and network segmentation

5.2 Administrative Safeguards

  • Employee background checks and security training
  • Confidentiality agreements with all employees and contractors
  • Incident response plan and procedures
  • Regular security audits and penetration testing
  • Data breach notification protocols

5.3 Physical Safeguards

  • Secure data centers with physical access controls
  • Environmental controls and monitoring
  • Redundant power and network connections
  • Disaster recovery and business continuity plans

5.4 SOC 2 Compliance Roadmap

We are committed to achieving SOC 2 Type II compliance. Our roadmap includes:

  • Implementation of comprehensive information security program
  • Regular third-party security audits
  • Continuous monitoring and improvement
  • Customer audit rights upon request

5.5 Voice Data Protection

Voice recordings receive additional protections:

  • Stored in separate, isolated databases
  • Access restricted to minimal personnel with business need
  • Audit logging of all access attempts
  • Secure deletion protocols upon account termination

Despite these measures, no security system is impenetrable. We cannot guarantee absolute security.

6. YOUR PRIVACY RIGHTS

You have the following rights regarding your personal information:

6.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide a copy in a structured, commonly used format.

How to Request: Email info@expertscale.ai with subject “Data Access Request”

6.2 Right to Correction

You have the right to correct inaccurate or incomplete personal information.

How to Correct: Update information through your account settings or email info@expertscale.ai

6.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions.

Exceptions:

  • Information required for legal compliance
  • Information needed to complete transactions
  • Information necessary to detect fraud or security incidents

How to Request: Email info@expertscale.ai with subject “Data Deletion Request”

Timeline: We will delete data within 30 days of verified request

6.4 Right to Restrict Processing

You have the right to restrict how we process your information in certain circumstances.

6.5 Right to Data Portability

You have the right to receive your data in a portable format to transfer to another service provider.

Format: JSON, CSV, or other machine-readable format

6.6 Right to Object

You have the right to object to processing of your information for direct marketing or other purposes based on legitimate interests.

Where processing is based on consent, you have the right to withdraw that consent at any time.

Voice Data Withdrawal: If you withdraw consent for voice data processing, we will delete your voice recordings and your Digital Protégé will no longer be voice-enabled.

6.8 Right to Opt-Out of Marketing

You can opt out of marketing communications at any time by:

  • Clicking “unsubscribe” in emails
  • Replying “STOP” to SMS messages
  • Updating preferences in account settings
  • Emailing info@expertscale.ai

Service-related communications (security alerts, billing) cannot be opted out.

6.9 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate for exercising CCPA rights

6.10 European Union Rights (GDPR)

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

  • Consent (for voice data and marketing)
  • Contract performance (to provide services)
  • Legitimate interests (service improvement, security)
  • Legal compliance

Right to Lodge Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

6.11 Illinois Residents (BIPA)

Illinois residents have specific rights under the Biometric Information Privacy Act:

  • Right to informed consent before biometric data collection
  • Right to know the purpose and duration of collection
  • Right to written policy on retention and destruction
  • Right to sue for violations
  • Prohibition on selling biometric data

BIPA Compliance Statement: We comply with BIPA requirements for Illinois residents.

6.12 Other State Privacy Rights

We comply with privacy laws in other U.S. states where applicable, including Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Indiana, Tennessee, Minnesota, and New Jersey. Residents of these states may have rights to access, correct, delete, and opt-out of certain processing activities.

6.13 Exercising Your Rights

To exercise any of these rights:

  1. Email info@expertscale.ai with your request
  2. Provide sufficient information to verify your identity
  3. Specify the right you wish to exercise

Response Timeline:

  • Initial response within 10 business days
  • Complete fulfillment within 30 days
  • Extensions may be necessary for complex requests

No Fee: We do not charge a fee for processing rights requests unless they are manifestly unfounded or excessive.

7. DATA RETENTION

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy.

7.1 Expert Data

  • While Active: Retained indefinitely while your account is active
  • After Termination: Retained for 90 days to allow account reactivation, then permanently deleted

7.2 Voice Data

  • While Active: Retained while account is active
  • After Termination: Deleted within 30 days or immediately upon request
  • Backup Systems: Removed from backups within 90 days

7.3 Client Conversation Data

  • While Active: Retained for service continuity and analytics
  • Deletion: Can be deleted upon request at any time

7.4 Transaction Records

Retained for 7 years for legal, tax, and accounting compliance

7.5 Usage Logs

Retained for 12 months for security and analytics purposes

7.6 Marketing Data

Retained until you opt-out or 5 years of inactivity

10. SMS COMMUNICATIONS

We may send you SMS messages for:

  • Account verification
  • Security alerts
  • Two-factor authentication
  • Service-related notifications

Consent: By providing your phone number, you consent to receive SMS messages.

Opt-Out: Reply “STOP” to any SMS to opt-out of non-essential communications.

Rates: Standard message and data rates may apply.

TCPA Compliance: Our SMS communications comply with the Telephone Consumer Protection Act (TCPA) and A2P 10DLC requirements for business messaging.

16. CONTACT US

For questions about this Privacy Policy or to exercise your privacy rights:

Expert Scale, Inc. 732 S 6th St, Ste N Las Vegas, NV 89101

General Inquiries: info@expertscale.ai Automated Services: ai@expertscale.ai Website: https://expertscale.ai

Note: All general, support, privacy, and legal inquiries should be directed to info@expertscale.ai, which is monitored by our founding team.

Response Time: We respond to privacy inquiries within 5 business days.

This Privacy Policy complies with applicable privacy laws including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)
  • Illinois Biometric Information Privacy Act (BIPA)
  • Texas, Washington, and other state biometric privacy laws
  • Virginia, Colorado, Connecticut, Utah, Oregon, and other state privacy laws
  • Telephone Consumer Protection Act (TCPA)
  • CAN-SPAM Act
  • HIPAA (where applicable)
  • COPPA, GLBA, FCRA, and other federal privacy laws

Governing Law: This Privacy Policy is governed by the laws of the State of Nevada.

ACKNOWLEDGMENT

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.